Heather Adkins, director of information privacy and security at Google, made the remarks at a conference in San Francisco on Monday.
Adkins said that “at some point in the history of your company, you’re probably going to get hacked. The question is not whether or not you’re going to get hacked, but are you ready?” Adkins warned. “Are you going to be able to very quickly make decisions about what to do next?”
AI cyber defences won’t help
Artificial intelligence powered cyberdefenses won’t help thwart cyberattacks adding that companies are better off paying a bunch of junior engineers to patch vulnerabilities all day.
“AI is good at spotting anomalous behavior, but it will also spot 99 other things that people need to go in and check” out, only to discover it wasn’t an attack, Adkins said adding that the attack methods haven’t changed much over time.
The problem in applying AI to security is that machine learning requires feedback “to learn what is good and bad … but we’re not sure what good and bad is,” especially when malicious programs mask their true nature, she said.
AI cyberdefenses will produce too many false positives and that AI-powered security software can barely stop 1970’s era attack methods.
Rogue governments using ‘off the shelf’ hacks
Rogue governments are increasingly buying “off the shelf” hacking attacks, making it easier and cheaper for them to launch cyber attacks. While state-sponsored cyber attacks were nothing new, she said, the number of incursions was rising.
“What I see increasing trendwise is the attack platforms are no longer something they need to build themselves, they can buy it off the shelf,” said Ms Adkins. As a result, smaller governments were able to launch cyber attacks inexpensively, without having to assemble their own teams of hackers, she said.
“Does she worry about the NSA?” she was asked. She does and says that it’s good to worry about them and to wonder about what they could do because “if they could do [attack / hack] something, then anybody in the world could do something too.”
“A technique the NSA could use could easily be used by a Mexican drug cartel against our users or by the Russian organized crime [group],” she said. “All of these actors have these tools available to them.”
When asked what advice she would give to businesses to keep their networks safe, Adkins advised “more talent … less technology, pay some junior engineers and have them do nothing but patch,” she said.
Her precaution-filled talk was nothing but a confirmation of what the internet actually has become – a headache. She warned that if you don’t need some data, just don’t keep it.