Experts warn of potential risks from AI

Organizations urged to focus more on data protection and security controls

You turn on your Taobao app and a list of shopping items comes up.

A lipstick of your preferred color. A dress that matches your newly-purchased top. The next book to read based on your browsing history.

While people enjoy the perks of smart recommendations powered by artificial intelligence, those mind-reading algorithms, if not properly handled, could be manipulated with malware and create new cybersecurity threats.

Diana Kelley, the cybersecurity field chief technology officer at Microsoft Corp, said hackers will increasingly use AI to make malware more destructive. This will emerge as among the top five trends for the global cybersecurity landscape in 2020.

"The rise of AI capabilities provides new opportunities for attackers to create malware that hides from detection while hunting down targets," she said. "It's already in use but often goes un-detected."

According to the 2019 Poneman Institute report, the global average cost of a data breach is $3.92 million. Unfortunately, it normally takes organizations an average of 206 days to identify a data breach, and another 73 days to contain it.

Technology advancement has always been a double-edged sword. AI and cloud computing are revolutionizing the customer experience but they pose new threats to cybersecurity.

Around 55 percent of millennial consumers aged 23 to 38 surveyed by consultancy IDC said they like some websites and mobile apps to be personalized to fit their interests.

As a result, 40 percent of the data collected by companies throughout the customer journey will be used to create a better product and a bespoke experience.

As the internet of things and cloud greatly expand the number of devices and the amount of data they gather, the area of attack by hackers widens just as sharply as well.

"It gives us more signals we could also take in and consume for security purposes too," Kelley said. "And because of the cloud, we can see attacks around the globe, and respond around the globe very quickly."

She said an overarching approach for companies creating customization while protecting customer privacy is to collect only what is needed and be transparent.

"Companies should be clear and transparent with your customers about what you are collecting, how you are using and protecting that data, and ensure that you got consent from them so they have the knowledge that their data are being collected," she explained.

Cathy Huang, associate research director of Services and Security at IDC, agreed. She said: "If your company doesn't have a strong policy, that's going to be a potential problem."

Organizations must build a program that incorporates defense in depth and implements fundamental security controls, Kelley said.

"We must consider how operations will continue after a catastrophic cyberattack and build systems that can both withstand the attack and be instantaneously resilient," she stated.

Microsoft invests over $1 billion annually on cybersecurity research and development. Kelley called for nurturing cybersecurity talents to include people in different trades like law and communications.