David Masson is confident that the use of sophisticated artificial intelligence by hackers is not a matter of if, but a matter of when.
The director of enterprise security for security firm Darktrace, who has been involved in cybersecurity since the Cold War, is adamant that the same algorithms that helped Darktrace develop intelligent defence capabilities that mimic the human immune system will be used by hackers to deliver massive blows to enterprises and public infrastructure.
“Now, we as a company use AI to protect organizations and networks. But what we have to consider is that the bad guys, the threat actors, they too, are going to start using artificial intelligence,” said Masson, who is also the company’s director of enterprise security. “And this has major implications for the cybersecurity industry right around the world and for all of us. But it’s once the threat actors start using AI…they’re going to be able to carry out very complicated and sophisticated attacks at machine speed, and human beings will not be able to counter them themselves. Human beings will need to use AI to fight AI now.”
It’s this thought process that has helped Darktrace elevate itself to new heights in Canada. The company entered the country in 2016, with an office in Toronto, and now has offices in Vancouver and Ottawa as well. It currently stands at an employee base of 30 in Canada, and a client base of 250, having attracted 110 clients in the last year alone.
The cybersecurity firm launched out of the University of Cambridge in 2013, and today has a second headquarters in San Francisco. It has a total of 40 offices and 1200 employees worldwide.
Masson’s extensive experience working for Public Safety Canada, the U.K. Ministry of Defence and Royal Auxiliary Air Force uniquely positioned him to lead Darktrace’s impressive growth in Canada, seeing the company sign two new customers per week. Having spent most of his career working in the national security both in the U.K. and in Canada, Masson describes himself as a risk manager.
“I’ve seen cyber go from analogue to digital…and cyberattacks have been going on for a long, long time, long before the internet ever came along, but the internet is going to make them so much easier. And basically, I spent most of my career being a risk manager. That’s one way to look at managing risk,” he said.
Now in the private sector, Masson manages cyber risk. And when it comes to risk, Masson said it’s important to remember that risk is made up of two issues. One is the cyber threat that individuals and organizations face, and the other is their vulnerability to that threat. In the government, he says, both vulnerability and the threat can be tackled. So, for instance, nations can arrest people and lock them up, take sanctions against those nations who carry out cyberattacks. But in the private sector, he says, that can’t be done. And what really needs to be done in the private sector is concentrate vulnerability to this threat.
“That’s basically what I do now with Darktrace. And with Darktrace we focus on our vulnerability to the threat. Using AI, we’re much better protected than we would otherwise be,” Masson explained.
Ransomware hasn’t reached its peak in Canada
Talking about cyber trends in Canada for 2020, Masson mentioned that the Canadian market hasn’t seen ransomware reach its peak yet. Ransomware has been an issue for many years, and it gets an awful lot of publicity. Curiously, over the last couple of years, he said the number of ransomware attacks has dropped, but their impact has become much more intense.
“The attacks are becoming increasingly sophisticated and will be turbo-charged by AI in the near future,” he said.
Although the number of new ransomware families declined, there was a rapid increase in the overall number of ransomware detections among municipal organizations in 2018 and 2019, according to Trend Micro’s 2019 midyear security roundup. High profile threats, such as LockerGoga ransomware, RobbinHood ransomware and Ryuk ransomware, still remained and continue to cause havoc today.
“I don’t think it’s finished yet. I think we’re going to see a bigger increase in ransomware attacks this year,” Masson said.
Added focus on protecting operational technology (OT) will be critical this year as well.
“The problem with OT networks is that they were never designed with security in mind, they used to be completely air-gapped and separated from the internet. But that is no longer the case. Because they’re now connected to the internet, they’re very, very vulnerable to cyberattack. And I think we’ll see more focus on that in this year,” Masson explained.
To improve stealth attacks, for example, hackers can use AI to create malware capable of mimicking trusted system components. Subsequently, as they blend with the security environment of an organization, they can execute undetectable attacks. For example, San Francisco-based online and mobile marketplace TaskRabbit – now owned by Ikea – was hacked in 2018, affecting 3.75 million contractors and app users, yet the attack could not be traced by investigators. More such sophisticated cyberattacks can be facilitated by AI, explained Masson.
“Sony Pictures was hacked a few years ago. To carry out that kind of attack, you need the resources, budget, and the manpower of a nation-state to do that kind of attack…very complicated, very sophisticated attack. But with AI, it will not be possible for anybody to carry one of those kinds of attacks. It will basically lower the barrier of entry to that kind of attack to criminal gangs and individuals will be able to buy the attack of the dark web and carry them out,” Masson explained. “And what you’ll actually see is highly sophisticated attacks, rather than just happening against one organization will be carried out against 10-20 organizations all at the same time.