No one is safe from cyber-attacks, Google security expert
A cyber security expert who has protected Google’s systems for the last 15 years said Monday no one is safe from cyber-attacks and software powered by artificial intelligence cannot help defend them. Heather Adkins, director of info confidentiality & security and a founding member of Google’s security team, also advised consumers not to put sensitive personal information in their online communications. “I delete all the love letters from my husband,” Adkins told quite a lot of thousand people collected for TechCrunch Disrupt 2017, a technology conference in San Francisco, after telling them “some stuff” like personal info should not be put in emails. Network attacks “can happen to anyone … anywhere,” Adkins said during an onstage interview in which she urged startups to assume they would get hacked eventually and to prepare a response plan.
Adkins’ remarks came numerous days after the credit-monitoring firm Equifax unveiled what may be the largest data breach to date. Adkins clarified that AI-powered safety software is not particularly effective at stopping even 1970s-era attack methods, let alone more recent ones. “The techniques haven’t changed. We’ve known about these kinds of attacks for a long time,” Adkins told the crowd, pointing to a 1972 research paper by James Anderson. While AI is very good for launching cyber-attacks, it’s not essentially any better than non-AI systems for defense — because it produces too many false positives. “AI is good at spotting anomalous behavior, but it will also spot 99 other things that people need to go in and check” out, only to discover it wasn’t an attack, says Adkins. The problem in applying AI to security is that machine learning necessitates feedback “to learn what is good and bad … but we’re not sure what good and bad is,” expressly when hateful programs mask their true nature, she said. When asked what advice she would give to trades to keep their networks safe, Adkins advised “more talent … less tech.” “Pay some junior engineers and have them do nothing but patch,” they said.