AI and Cybercrime: The good and bad news

• Cyber-crime discussed at 85th INTERPOL General Assembly
• Microsoft kicked off Microsoft 365
• Microsoft president calls for 'urgent collective action' after major cyberattack

She thinks it is inevitable that the criminal use of AI will result in more sophisticated threats – such as “malware becoming adaptive in the wild, which I don’t think is that far off.” But she is also optimistic that companies and crimefighters, armed with AI, will be able to catch threats faster, and use analytics to predict when something is going to happen.

"When we see malware, we will be able to analyse it much more quickly by using artificial intelligence and machine learning," she said in an interview on the sidelines of the Interpol World 2017 Congress in Singapore recently.

Threat intelligence remains fundamental to keeping networks safe – here in Asia and across the rest of the world. In a keynote address to the Interpol gathering, Johnson said that organisations with good threat intelligence have an advantage because it points to what hackers might do in the future. It also offers indicators of potential compromises. This anticipatory approach means organisations can patch their security before problems emerge.

Interpol World 2017 Congress in Singapore. Photo: Interpol

This is where Microsoft’s  Intelligent Security Graph steps in. It gathers and analyses billions of signals and authentications from across Microsoft’s more than 200 global services – including emails, Bing and Internet Explorer –  constantly watching for signs of trouble and then alerting customers.

New technologies, like security chatbots, and HoloLens, let you interact with the graph to get insight and help on how to deal with a security incident. “You can say: ‘I am seeing this scenario. Who else in my organization is affected?’ Johnson explains, And, it comes back and says: ‘Based our analysis, here is a list of affected persons, how they got infected and their hierarchy in the organization.”

Johnson further sees a time when machine-learning will make cybersecurity “a lot more intelligent”, predictive even. Imagine a security environment that warns of for example: “10 computers in a data centre are going to go down, or a network connection can potentially be compromised.”

Her watchwords are: “Assume Breach”. “You always have to assume that you have been compromised. In Asia, compromises are not detected on average for about 500 days – compared with 100 days in the U.S. Think about someone being in your network for 500 days and the amount of damage they can do.”

Johnson says the world must now accept that cybercrime is here to stay. “It is not going to stop. It is going to get worse. We will have to act faster, but we are not going to ‘stop’ it. It’s like saying we are not going to have another murder or another bank robbery.