Skip to main content

Just when you thought you had the ultimate password to foil hackers, along come new cyberthreats that make you WannaCry.

Meet the new cyberthreats, in many cases driven by artificial intelligence (AI). Fortunately, the new countermeasures are starting to deploy AI as well.

"What we have seen in the last while is that passwords have kind of broken down. Weak passwords – that's what's behind a lot of the recent breaches we have seen," says Deepak Dutt, founder and chief executive officer of Zighra, a Toronto-based cybersecurity company. Zighra uses biometrics, such as fingerprints, to authenticate users of computers and mobile devices.

Story continues below advertisement

Mr. Dutt says that someone's weak password may have even helped to trigger the recent WannaCry ransomware virus that spread worldwide, hobbling Britain's National Health Service, government and office computers in Canada and around the world in May.

Last year, as part of his company's own research, Mr. Dutt visited a site called Have I been pwned?, which allows users to see if their own e-mail has been breached and also indicates how many accounts have been compromised worldwide.

"At that point they had announced 300 million plus breaches, and all these user names and passwords that were available on account of these breaches," he says.

"Fast forward to today, and it's 3.3 billion breaches," he says. (Actually, by the end of May, the site indicated more than 3.7 billion breaches.)

According to a report by the consulting firm Risk Based Security, more than 4.2 billion records were exposed in 2016, 3.2 billion more than had been revealed three years earlier.

Exposure, where anyone can see your information if they look, led to more than 4,000 actual security breaches, which meant that in all those cases, people's e-mail addresses, passwords, social insurance information, bank and credit card information and even health records were out there to view.

Adding even more of a threat, AI has become a powerful new hacking tool.

Story continues below advertisement

Using AI, hackers "are automating the entire process, with millions of attacks happening in a single minute. They take millions and millions of passwords, try different websites, and see what actually gets through," Mr. Dutt explains.

"Once they get through that, they can spawn their attacks. And then they can move into mobile devices," he adds.

Last October, then-U.S. President Barack Obama warned about the dangers of new AI-driven cyberbreaches.

"There could be an algorithm that said, 'Go penetrate the nuclear codes and figure out how to launch some missiles,'" Mr. Obama said in an exclusive interview with Wired magazine editor-in-chief Scott Dadich and MIT Media Lab director Joi Ito.

"If that's its [AI's] only job, if it's self-teaching and it's just a really effective algorithm, then you've got problems."

Perhaps chillingly, Mr. Obama also noted that everyone should "worry about the capacity of either non-state actors or hostile actors to penetrate systems.

Story continues below advertisement

"In that sense it is not conceptually different than a lot of the cybersecurity work we're doing. It just means that we're gonna have to be better, because those who deploy these systems are going to be a lot better now," Mr. Obama said.

Fighting back

Mr. Dutt and others are fighting back with AI. IBM has deployed its supercomputer Watson – the one that crushed Jeopardy – to read tens of thousands of security research reports, to "learn" about new breaches and assist some of the company's select customers.

Simple countermeasures also help, Mr. Dutt says.

"You should use some sort of password management tool. These tools can help you manage your passwords and generate new ones," he advises.

He also recommends using multifactor identification. After you sign in you are sent a second log-in code on another device such as your phone.

Story continues below advertisement

"It's simply an additional layer that lets hackers know not to bother with you," Mr. Dutt says.

People should also now be especially wary of potential phishing and spear-phishing attacks, Mr. Dutt says.

"They're at a different level of sophistication. Previously, phishing e-mails were full of spelling mistakes and not properly formatted. Now, they look really professional," he explains.

Think twice before opening any e-mail if the subject line or the request seems unusual.

"It's hard from a single look to tell whether it's real or an imitation. So don't click unless you're absolutely sure," Mr. Dutt says.

While AI and biometric-based protections like Zighra or another Canadian company called BioConnect can also help beef up cybersecurity, Mr. Dutt also recommends considering contracting with a data recovery company and purchasing cyberinsurance to cover security-related losses.

Story continues below advertisement

While cyberinsurance is relatively new, insurers are all predicting exponential growth in coverage between now and 2020.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter