itb-au logo
Story image

Machine learning is a tool and the bad guys are using it

20 Feb 2019

On Friday, Chillisoft’s inaugural CybersecCon was held in Auckland to a crowd of MSPs and cybersecurity professionals from across New Zealand, but the overarching message of the conference was global - we need data analysis and the machine learning that enables it for any good cybersecurity strategy.

The event’s keynote speaker was KPMG NZ CIO Cowen Pettigrew who outlined the need for a new, concentric approach to securing an organisation.

“Outside in, and inside out. Everything has an IP address. Trust is not a given so you need to form a data-driven, concentric view,” he begins.

A concentric view, we learn, is one that not only considers the data that is coming into an organisation but also that which is leaving - for every layer of protection against infiltration, you need the equivalent protections against exfiltration.

Pettigrew recognises that there are significant barriers when it comes to trying to implement a data-driven strategy, which is where the technology of the day comes in.

“You’ll never have enough staff or the necessary skills on tap so form a data concentric model and invest in machine learning technology… Our model is designed to provide a centralised data warehouse that supports the ability for machine learning and AI-based tools, alongside our human data scientists, to interrogate and visualise the data at speed, as needed. Now, having built the architecture, our 2019 roadmap is to embed our enterprise application suites and make some choices.”

This is not an easy task to perform, even with the resources of KPMG, Pettigrew and his team have taken around 12 months to get to where they are now, and going forward it is only going to get more difficult as they begin to integrate a complex array of applications.

“Create data integration functionality within local API's to develop a single pane of glass and avoid what I call islands of integration on disconnected applications,” he advises. 

“All over the place, I'm seeing all kinds of problems with an inability for applications to talk. Also, real-time information sharing means we can leverage the strength of the global cybersecurity knowledge.”

To build on Pettigrew’s advocation for machine learning, ESET’s Slovakia-based CTO Juraj Malcho addressed the crowd after winging all the way to New Zealand.

Malcho spoke about the mass perception of AI and machine learning, and how people are being conditioned to fear it before they even know what it is.

“Typically, people like destruction and problems,” Malcho points out.

“They listen to or read the news and are looking for war or conflict. I don't know why we're programmed this way but it's so easy to exploit this behaviour. So, what is artificial intelligence to these people? They think it’s mysterious, it's intangible, and it's evil. But really it’s mathematics. It's not something that came out of outer space, it was invented by humans. It doesn’t even feed itself inputs.”

Malcho’s presentation was not about trying to panic anyone and not about trying to sell any solutions, but about helping cybersecurity experts realise that the other guys can innovate too and so we need to get over the panic around AI.

Today, a phishing scam will be targeted at someone, by someone - but tomorrow, a machine might use our online or breached data to do that work at scale, automatically.

“If you have automation, you can make it a problem for everyone, that’s the difference, that’s the problem I see with AI/ML today. Yes, one person might go after a CEO or CFO, and so on, but it's expensive and it takes time. But what if a machine does it for you? And you can add everyone, every Grandma, every person on this planet? Then almost everyone will be under a sophisticated or semi-sophisticated attack.”

Keeping ourselves, our organisations, and our friends and family safe is becoming increasingly difficult.

What Pettigrew and Malcho are saying is that we need to remember that those people looking to take our data or money do not share the concerns we have when it comes to using new tech.

Story image
Australia’s environment deserves real-time monitoring
Australia’s regulators are indirectly polluting the environment due to the adoption of a new regulatory framework. It’s not the framework that’s the issue, but the fact that an upgrade to monitoring technology doesn’t accompany it.More
Story image
Webinar: TLC for Kids on their usage of Nintex Drawloop DocGen
The charity is using the software to free up resources and enable its team to focus on its mission — which, simply put, is to put smiles back on sick kids’ faces. It does this through its TLC Ambulance, Rapid TLC, and distraction box programs, and its services are used over a million times each year across Australia.More
Story image
COVID-19 crisis accentuating the need to bridge digital divide
The crisis has accentuated our dependence on digital technologies and exposed the reality of the digital divides between and within countries.More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
Video: 10 Minute IT Jams - Who is OutSystems?
In this IT Jam, we speak with OutSystems vice president for A/NZ Paul Arthur, who discusses the company's role in the A/NZ region, how things have changed for the company and the industry amid pandemic, and what he sees in the future of visual development and digital transformation.More
Link image
You’re invited: The secrets to workplace happiness in the post-pandemic world
It has been a rough year for workplace wellbeing, with disruption and health concerns worrying every employee. Join Poly’s A/NZ Kickstart 2021 on 10 December from 11am AEDT, where special guest Dr Justin Coulson will share secrets to workplace happiness in the post-pandemic world. Register now.More