What does the future hold for cyber security in an era of increasing dominance of artificial intelligence (AI) and quantum computers? What impact will these advanced technologies have on the balance of power between cybercriminals and cyber security professionals? What challenges and opportunities do these technologies present? In the context of these questions, we speak to Michal Przygoda, Sales Engineer at Trend Micro.
Bartosz Martyka, BrandsIT: How will AI and quantum computers affect cyber security? Will the combination of these two technologies increase security, or will both sides – attacker and protector – have the same weapons, so that the situation will not change?
Michal Przygoda, Trend Micro: Quantum computers are a new way of processing data that is bound to have a significant impact on the development of AI capabilities, making them more effective and efficient. As a rapidly developing technology, AI today is beyond the imagination of a few years ago. AI is increasingly being used by both cyber criminals and cyber security companies. It is a constant battle between good and evil, where AI opens up opportunities for both sides.
“AI, as a rapidly evolving technology, is today beyond what was imagined a few years ago.”
It is crucial for organisations to keep abreast of these technologies and not fall behind. Today’s advanced security systems use AI to effectively detect threats and minimise false alarms, allowing for faster response in the event of attacks. When comparing current methods with those of a few years ago, we see significant savings in time and resources.
Both sides of the cyber conflict benefit from AI – both cyber criminals and cyber security companies. Attacks are becoming more automated and optimised thanks to AI. Therefore, it is important not to step back and use the latest technology in our organisations.
Bartosz Martyka, BrandsIT: Will it be the case that AI will dominate humanity? This is such a fatalistic theory, but do you think there will be a single system that will be responsible for global cyber security and no additional applications will be needed?
Michal Przygoda, Trend Micro: Predicting the far-reaching future of AI is difficult, but there is currently no reason to worry about AI dominating humanity. Artificial intelligence today is mainly based on advanced statistical mechanisms and the analysis of huge amounts of data. It seems that it is still far from reaching the level of true intelligence. However, AI is an effective tool that we can use to improve work and processes. I do not expect a single global AI system to emerge in the near future that will eliminate the need for other systems or applications. Nevertheless, AI will certainly become more widely used in various systems and applications, increasing their efficiency and functionality.
“Predicting the far-reaching future of AI is difficult, but at present there is no reason to worry about AI’s dominance over humanity.”
Bartosz Martyka, BrandsIT: Do you think humans will still be needed in the area of cyber security, or will AI completely bail us out in this area?
Michal Przygoda, Trend Micro: Humans will definitely continue to be needed in cyber security. AI can support and, to some extent, replace humans, especially in simpler, monotonous, repetitive tasks that can sometimes seem less appealing. This can lead to a reduction in the number of people needed to perform certain tasks, but currently the demand for cyber security professionals far outweighs the availability of human resources. Therefore, the current use of AI in cyber security should be viewed positively.
Artificial intelligence is effective in analysing and processing large amounts of data, which is crucial in cyber security. However, humans will always be needed to make decisions, shape security policy and interpret complex situations. At this stage, there is no concern that AI will completely replace humans in this field.
Bartosz Martyka, BrandsIT: What impact does geopolitics have on cyber security? Are the attacks that are taking place today more finesse and sophistication, or do they rely on standard, well-trodden paths against which we can predictably protect ourselves?
Michal Przygoda, Trend Micro: Geopolitics plays a significant role in the field of cyber security. The conflict in Ukraine is a case in point, showing that cyberspace has become an arena for military and warfare. Investment and funding for the development of new types of cyber threats is significant, with the aim of creating attacks that go undetected by the adversary.
The emergence of new dangerous code and the exploitation of new vulnerabilities, so-called ‘zero-day exploits’, which are unknown and for which there are no security patches yet, greatly amplifies the risk. New attack techniques can be used repeatedly not only in the context of conflicts, but also in attacks on various targets around the world. The impact of geopolitics on the development of cybercrime is therefore very large and influences the dynamics of this world.
Bartosz Martyka, BrandsIT: How can we protect ourselves?
Michal Przygoda, Trend Micro: Cyber security protection should be undertaken in a comprehensive manner. Firstly, it is crucial to create and enforce an appropriate security policy. Two components are needed to effectively implement this policy and protect our assets. The first is protection through IT security systems, such as firewall devices or solutions installed on end stations. Their task is to detect dangerous code, report threats and correlate different types of information.
The second, equally important, is employee education. We often forget that the human factor is often the weakest link in cyber security. We may invest significant resources in advanced security systems, but if we neglect to train employees to be aware of potential threats and know how to act safely, then despite all the safeguards, the organisation may be vulnerable to attacks. An example would be opening a malicious attachment in a malicious email, which could infect the system despite the presence of security measures.
Therefore, we should work in two directions: implement effective security systems, follow market developments and use the latest technology to counter advanced attacks, while at the same time regularly training employees to raise their awareness of how to handle company data securely.
Bartosz Martyka, BrandsIT: How does Trend Micro deal with the challenges of vulnerabilities in IT systems, especially considering those that are well-known, as well as those that are more hidden, such as zero-day vulnerabilities? Can you also talk more about the ZDI programme and its role in the vulnerability protection process?
Michal Przygoda, Trend Micro: At Trend Micro, we focus intensively on software vulnerability issues. Among other things, we run the Zero Day Initiative (ZDI) programme, which plays a key role in our vulnerability identification and response process. This programme, broadly speaking, involves buying information about new vulnerabilities from the market. If someone finds a new vulnerability and wants to behave ethically, they can report it directly to the manufacturer or they can report it to ZDI -a. At ZDI, the procedure for reporting vulnerabilities is very simple. We verify that it is indeed a new vulnerability. We then report information about the vulnerability to the manufacturer in question. Of course, the person who reported the vulnerability is paid for the time and knowledge he or she had to acquire to obtain the vulnerability. We also use this information to protect our customers. It is worth noting and analysing the attacks of recent years, especially those that caused the most damage, most of which exploited existing vulnerabilities. It is therefore important that operating systems and other services are updated regularly, although we understand that in larger companies this can be a complex and time-consuming process.
We can divide vulnerabilities into two categories: zero-day vulnerabilities, which no one knows about and which are less frequently exploited, and well-known vulnerabilities, which are much more dangerous to average organisations. In the case of well-known vulnerabilities, information about them is readily available on the Internet, which increases the risk of attacks.
Our solution is so-called virtual patching, which protects servers from attacks exploiting known vulnerabilities until a physical patch is applied. This provides protection in the period between the detection of the vulnerability and when an official patch can be applied.
“Our solution is what we call virtual patching, which protects servers from attacks that exploit known vulnerabilities until a physical patch is applied.”
In addition, Trend Micro Research, a team of more than 1,200 people, continuously analyses the darknet and cyberspace, identifying new types of attacks and dangerous code. Through the Zero Day Initiative, we collect information on new vulnerabilities, rewarding the discoverers while informing vendors of discovered vulnerabilities. This information is invaluable in creating virtual patches that protect our customers’ systems.
Bartosz Martyka, BrandsIT: What are the most common challenges faced by business in implementing AI and automation in cybersecurity?
Michal Przygoda, Trend Micro: Today, AI in organisations is most often used as an extension of the capabilities of existing applications, docked for specific tasks . The AI module in these applications is aimed at increasing their efficiency, accuracy and speed. However, when it comes to automation, we are seeing a significant impact, especially in the area of software development. Companies are increasingly adopting DevOps methodologies, characterised by rapid and frequent software updates. This approach is associated with a dynamic change in the way software is developed, where off-the-shelf components, including open source components, are used.
However, the use of off-the-shelf components carries security risks, especially when it comes to external libraries that may contain malicious code. The challenge lies in verifying the security of these components, as the compromise of one library can affect the security of many companies, including those in the supply chain.
Another aspect related to the dynamic production of successive software versions, is the verification of vulnerabilities. We need to regularly check newly deployed software for new vulnerabilities. This requires the use of new tools and methods that are flexible and can be non-intrusively integrated into the DevOps process, often via APIs.
Bartosz Martyka, BrandsIT: How does Trend Micro use AI and automation in its products and services?
Michal Przygoda, Trend Micro: We make heavy use of AI and automation technologies in Trend Micro’s solutions. Our flagship product is the Trend Vision One Platform, at the heart of which is the XDR system. This system collects telemetry data from various infrastructure elements, including end stations, servers and mail protection systems, as well as network probes. Analysing and correlating this vast amount of data is a key task in which AI and machine learning techniques play an invaluable role. With these technologies, we are able to extract valuable information from the sea of data, identifying specific threat events and eliminating false alarms.
In addition, AI is also used to support customers using our platform. For example, through chat they can ask AI questions about the interpretation of specific security events. Once an attack or security incident is detected by the platform, AI can provide detailed information and help interpret the cause-and-effect chain of events.
Bartosz Martyka, BrandsIT: What advice could you give IT managers on how to prepare for the upcoming challenges in cyber security?
Michal Przygoda, Trend Micro: In the context of cloud environments, ensuring proper configuration and awareness of responsibility sharing is key. More and more attacks in cloud environments are related to their incorrect configuration. So the first step is to make sure the cloud infrastructure is properly secured and configured.
“In the context of cloud environments, it is crucial to ensure the right configuration and to be aware of the division of responsibilities.”
Next, with the introduction of the NIS 2 Directive, it is important for organisations covered by this regulation to focus on continuous risk analysis. NIS 2 requires companies to conduct such analysis, which can be challenging. In this context, it is worth considering the use of the Trend Vision One platform, which offers continuous risk analysis in addition to the collection of telemetry data and correlation of information to detect attacks. This analysis is available both for the entire organisation and for individual users or workstations. This makes Trend Vision One easy to implement and manage risk analysis, which is a great challenge, especially in smaller and medium-sized organisations where human resources may be limited.
Bartosz Martyka, BrandsIT: Thank you for the interview.
Michał Przygoda – Sales Engineer at Trend Micro – has been involved in the IT industry for over 15 years. As a sales support engineer, he is responsible for supporting customers and partners during the whole process of implementation of security technologies offered by Trend Micro – from analysis and needs definition to system implementation and maintenance.
He gained his professional experience during numerous ICT security projects implemented for the largest institutions and companies in Poland. Prior to joining Trend Micro in May 2017, he was employed by companies such as McAfee and Comp S.A.
