In today’s fast-paced technology world, artificial intelligence (AI) is no longer the stuff of science fiction. The rapid development of AI technology is having a profound impact on the field of information security. The application of AI not only enhances defence efficiency and improves threat detection and response speed, but also brings about entirely new security threats, such as adversarial attacks and privacy issues. In this paper, we will comprehensively explore the pros and cons of AI in information security and analyse how AI-related technologies affect information security practices using the Capital One data breach as a case study.
What is AI? What does my privacy have to do with AI?
Artificial intelligence sounds familiar, but do we really understand what it is? If you ask someone in the street, they might mention Apple’s Siri, Amazon’s cloud service, Tesla’s cars, or Google’s search algorithm. If you ask experts in deep learning, they might give you a technical response about how neural nets are organized into dozens of layers that receive labelled data, are assigned weights and thresholds, and can classify data in ways that cannot yet be fully explained. AI is not something that can be easily defined, but at the same time it is something that is all around us all the time, and the impact of AI may be much deeper than we think, we are surrounded by AI, but at the same time we don’t seem to be able to see that AI is all around us. This sounds a bit scary, but believe me, the truth may be much scarier than it sounds. The development of AI agents relies heavily on the huge amount of data, including personal data and private data. Almost all of the application domains in which deep learning is successful, such as Apple Siri and Google Home, have access to mountains of data. With more data generated in societies and businesses, there is a higher chance to misuse these data.
Data security matters to us all
With the internet, almost all products such as mobile phones, tablets, laptops, or smart appliances are connected to the internet. We often hear about hackers stealing customer lists, financial status, confidential information about new products and publishing false news by hacking into software and hardware systems for malicious competitive or political purposes, stealing account numbers and credit card information through Trojan horses, phishing websites, manipulating personal data, and destroying trade secrets under false pretences. Artificial Intelligence (AI) is transforming the way we live, work, and live together. While these technologies offer many benefits, they also pose several challenges, one of which is data leakage and security risks.
Data leakage
Data leakage is the unauthorised transfer of data to other computers or devices. Data leakage can result in the loss of personal information, trade secrets, state secrets, etc. Data security is the process of protecting data from unauthorised access, modification, disclosure, or destruction. The issue of data security is very important to businesses, governments, and individuals.
The issue of data breaches and security risks is particularly prominent in the areas of big data and artificial intelligence. Big data technology can handle massive amounts of data, but this also means that the data processing process can create more security risks. Artificial intelligence technology can be automated and intelligent, but this also means that a higher level of security is required.
Case-Study Capital one data leakage
On 19 July 2019, Capital One became aware that an external party had gained unauthorized access to the personal information of customers and applicants for Capital One credit card products. The breach affected approximately 100 million people in the United States and approximately 6 million people in Canada. The information accessed primarily included data collected during credit card applications between 2005 and early 2019, such as name, address, zip code, phone number, email address, date of birth and self-reported income.
In addition, the intruders accessed customer status data, including credit scores, credit limits, balances, payment history and contact information, as well as fragments of 23 days of transaction data between 2016 and 2018.
The breach also affected the Social Security numbers of approximately 140,000 US credit card customers and the associated bank accounts of approximately 80,000 secured credit card customers. In Canada, approximately 1 million social security numbers were compromised. Capital One has remediated the breach and is working with federal law enforcement officials, who believe the data has been recovered and there is no evidence of fraudulent use or distribution by the intruders. All affected customers have been notified by email. Capital One is committed to enhancing its cybersecurity efforts and using the lessons learned from this incident to strengthen its defenses to prevent future breaches.
In the case of Capital One, while the specific details do not explicitly mention the use of AI, as a modern financial services company, the use of AI technology for data monitoring and anomaly detection is an industry norm. The data breach highlights the limitations of relying on artificial intelligence for cybersecurity protection.
If an AI system or its associated network application firewall (WAF) is improperly configured, such as with misaligned rules or incomplete monitoring, it may not be able to effectively identify and block unauthorized intrusions.
AI systems can be subject to adversarial attacks that bypass security monitoring by tricking the AI’s cognitive and decision-making processes with carefully designed inputs. AI technology can often provide rapid response and automated handling in security incident response, but this depends on accurate system configuration and real-time updates, Inadequate automated response: In the Capital One incident, the system may have failed to automatically block unauthorized access in the first place, indicating a flaw in the automated response strategy and implementation. AI models that rely on updates, AI systems need to constantly learn and update to deal with emerging threats and sophisticated attack patterns, so there may be issues with updates that are not timely.
How can AI be regulated and improve information security?
As AI technology penetrates all aspects of human life, the risks it poses are becoming more apparent, including data breaches, increased unfair bias and the proliferation of security breaches. Therefore, regulating AI is not only about protecting the security and privacy of personal data, but also about ensuring that the decisions of AI systems are fair and unbiased, and preventing them from being used for malicious purposes.
Transparency and interpretability rules to ensure that the decision-making process of AI systems is traceable and transparent, allowing users to understand the basis of the AI’s decisions.
Technical review and evaluation. Ongoing technical assessments, AI systems should be subject to ongoing reviews and assessments to monitor their performance and ensure compliance with the latest security standards and regulatory requirements. Enhanced security testing, where regular security penetration tests and adversarial attack tests are conducted to verify the security of the AI system. Enhanced privacy measures, data encryption and anonymisation techniques, where advanced encryption techniques and data anonymisation methods are used to secure personal data, especially during transmission and storage. Fine-grained access control, which implements fine-grained access control to ensure that only authorised users can access specific data and AI resources.
AI can help improve information security by enhancing threat detection and response, using machine learning models to improve the speed and accuracy of detecting malware, phishing attacks and other cyber threats.AI can analyse large amounts of data in real time, quickly identifying anomalous behaviour, shortening response times, and reducing potential losses. Use AI for behavioural analysis to identify and stop insider threats and external intrusions. Using AI tools to enhance security monitoring systems enables 24/7 real-time monitoring of the network to detect and respond to security incidents in a timely manner.
AI systems can learn from past data and continuously optimise monitoring policies to better predict and prevent future threats.
Through these approaches, AI can not only augment existing information security architectures, but also lead to new solutions to address increasingly complex security challenges. Regulating this dynamically evolving technology to ensure its proper and effective use will be an important task in the future of information security. Effective regulation, coupled with advanced AI security applications, will work together to build a more secure digital world.
Protect our data
Keeping personal information safe requires not only technical measures, but also changes in everyday behaviour to reduce the risk. Although we are aware of these issues and potential risks, there is very little that we as individuals can do to prevent the loss of personal information, but here are some of the things that we as individuals can do to prevent the loss of personal information.
1. Protect personal information by not posting sensitive personal information such as home address, ID number or date of birth on social media or other online platforms. Do not readily disclose personal information to emails or callers from unknown sources. If you contact a company by phone or email, make sure it is through official channels.
2. Use security software: Install reputable anti-virus software and make sure it is always on and regularly updated to prevent malware infections.
3. Practice safe internet habits and use public Wi-Fi with caution: Avoid banking or entering sensitive information on public Wi-Fi. Use a VPN (Virtual Private Network) to encrypt your internet connection and protect your data from being stolen.
4. Be aware of how your personal information is used and check your privacy settings. Regularly check the privacy settings of your social media and other online services to make sure you are not inadvertently sharing too much information.
5. (Very important! But I guess people don’t do it, although I don’t either) Read the privacy policy: before signing up for a new service or downloading a new app, read the privacy policy to understand how your information will be used and protected.
8. Improve your personal protection by reading and learning about the latest information security threats and protection strategies.
By implementing these strategies, you can significantly reduce the risk of your personal information being compromised. In this era of rapid information technology development, protecting personal privacy and data security should become common sense and daily practice for everyone.
Conclusion
Finally, we explore the use of artificial intelligence (AI) in information security and its double-edged sword effect. By analysing the Capital One data breach in 2019, we demonstrate the potential of AI technologies to improve defence efficiency and speed up threat detection and response, while also highlighting new types of security threats that may arise from reliance on AI, such as adversarial attacks and privacy invasion issues.AI is not just about the application of technology, but also about the complex issues of ethics, privacy and legal regulation. Therefore, the approach to regulating AI should not be a post-hoc measure but requires a forward-looking integration of multi-dimensional strategies such as transparency, interpretability and technology review. Regular security testing, enhanced data encryption and the implementation of fine-grained access control can effectively improve the security of AI systems and reduce the incidence of data breaches. In addition, we emphasise the responsibility of individuals in securing data. In the era of AI and big data, individuals need to reduce the risk of personal data breaches by strengthening their cybersecurity habits, such as using security software, avoiding sensitive operations on public Wi-Fi, and regularly checking privacy settings. As AI technology continues to advance and gain popularity, we need to develop smarter, safer, and more ethical AI application solutions to address the various information security challenges that may arise in the future. This is the only way to ensure that AI technology, while enhancing human well-being, does not become a source of threats to individual and collective security. On this basis, appropriate technological regulation and individual behavioural adjustments will be an indispensable double guarantee in the field of information security in the future.
Reference Page
CRAWFORD, K. (2021). The Atlas of AI: Power, Politics, and the Planetary Costs of Artificial Intelligence. Yale University Press. https://doi.org/10.2307/j.ctv1ghv45t
Flew, T. (2021). Regulating platforms . Polity Press.
Siau, K., & Wang, W. (2020). Artificial Intelligence (AI) Ethics: Ethics of AI and Ethical AI. Journal of Database Management, 31(2), 74–87. https://doi.org/10.4018/JDM.2020040105
Cath, C. (2018). Governing artificial intelligence: ethical, legal and technical opportunities and challenges. Philosophical Transactions of the Royal Society of London. Series A: Mathematical, Physical, and Engineering Sciences, 376(2133), 20180080-. https://doi.org/10.1098/rsta.2018.0080
Hannabuss, S. (2010). Understanding Privacy20103Daniel J. Solove. Understanding Privacy . Cambridge, MA and London: Harvard University Press 2008. x+257 pp., ISBN: ISBN 978‐0‐674‐02772‐5 (hbk) £29.95 US $45.00 Euro 31.50. Library Review (Glasgow), 59(7), 562–563. https://doi.org/10.1108/00242531011065163
2019 capital one cyber incident | What happened | Capital one. (n.d.). Capital One. https://www.capitalone.com/digital/facts2019/
Photos
Balkawade, A. (2023, May 29). AI and cyber security: A futuristic collaboration in the making. ITSecurityWire. https://itsecuritywire.com/featured/ai-and-cyber-security-a-futuristic-collaboration-in-the-making/
Logos-World. (2024, April 4). Capital one logo, symbol, meaning, history, PNG, brand. Logos-world – the most famous brands and company logos in the world. https://logos-world.net/capital-one-logo/#google_vignette
Capital One. (n.d.). 2019 capital one cyber incident | What happened | Capital one. https://www.capitalone.com/digital/facts2019/
Networks Unlimited. (2018, July 19). The 5 proven strategies to strengthen data security. https://www.networksunlimited.com/strengthen-data-security/
Be the first to comment