Security Central: Chief AI Officers Are Becoming a Necessity, DDoS-for-hire Services Are Still Thriving

This week’s Security Central examines the rise of artificial intelligence (AI) in business and and how executives need to start thinking about it, takes a peek inside our current state of cyberwar and looks at the continued widespread success of denial-of-service attacks despite closure of "Server Stress Testing" section.

The topic of artificial intelligence (AI) is all the rage in the technology community these days, though it may seem like a bit of a reach in terms of the channel. It’s hard to ignore, though, that these emerging technologies are already changing our daily lives, not to mention how business is being conducted and developed. Murmurings amongst experts indicate that in 2017, AI will probably take a more central, mainstream role in the industry, which means customers are likely already starting to take notice of the shift and demand STUFF.

At a recent Fortune Brainstorm Tech dinner in Las Vegas, Baidu chief scientist Andrew Ng said that executives should be thinking about and developing strategies on how to best utilize AI within their companies. An AI strategy is all well and good, he said, but “CEOs should go further.”

"You need a chief AI officer," Ng told Fortune assistant managing editor Adam Lashinsky. “If you have a lot of data and you want to create value from that data one of the things you might consider is building up an AI team.” 

This approach is a bit unheard of these days - hiring an executive or team just to deal with a new, complicated technology just isn’t done anymore. However, Ng thinks AI is going to require us to go back to this model, saying that companies will need folks who can “work cross-functionally and have skills to take shiny [new] tech and contextualize it for your business. You can’t just download it and bolt it on to an organization,” Ng went on to say. Because AI is already impacting--and in many ways, transforming--a large number of industries, there is already a talent war for AI.  

The potential for AI has nowhere to go but up at this point. Its raw, untapped potential for its development in a business context has people scrambling to channel it, to figure out a path. 
But it's not this raw momentum and power that will make the most impact, states Ng. "A lot of the game of AI today is finding the appropriate business context to fit it in," Ng said. "I love technology. It opens up lots of opportunities. But in the end, technology needs to be contextualized and fit into a business use case.”

But there are a lot of companies out there, especially SMBs, that don't have the resources to devote to an in-house AI team. Luckily, they have the channel to fall back on. AI is starting to be integrated into much of the automated business process technology that software companies are churning out today--technology that needs more advanced storage and compute power, different security redundancies and expert oversight. Enter the trusted advisor.

We now take a look at a form of threat that has been making headlines quite a bit lately: distributed denial-of-service attacks. Back in October, HackForums.net shut down its “Server Stress Testing” section due to concerns that hackers were selling DDoS-for-hire services through the site for as little as $10 a month. Unfortunately, it seems as though the shutdown hasn’t caused hackers to so much as bat an eye. In fact, according to an article by CSO, such attacks and illegal activity have barely been thwarted at all by the closing of the major online marketplace.

“The hackers behind these DDoS-for-hire services are probably still attracting clients through Google, either with online advertisements or search engine optimization,” said Allison Nixon, a director at security firm Flashpoint. Part of the problem is that there are still a plethora of paid DDoS attack tools that are available for purchase on underground forums. "There’s always been more than one outlet for them," Nixon said. "So I don’t think there’s going to be any immediate change."

In terms of these DDoS attacks, hackers are pretty cunning. They successfully sell their services by claiming they can test a website’s resiliency, calling them "booters" or "stressors.” To make matters worse, it is often nearly impossible to detect the scam, as these services appear professionally made and include customer support. Once they lure the unsuspecting user into the web, the result is flooding that target with a staggering amount of traffic, ultimately resulting in it being forced offline. Even worse still, this happens to be super-lucrative for the hackers. "We've seen these services used for criminal extortion operations," said Nixon. 

Nixon states that she hopes law enforcement will quickly become even more involved in these types of attacks and effectively crack down on this type of illegal activity. Due to a few of the recent large-scale attacks, it seems they already are. "We may not see a decrease in DDoS attacks, but a lot more law enforcement seems to be paying attention to this," Nixon said.

To end the week, we examine a recent report released by security company Palo Alto Networks (PANW), titled ’Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers.' Whether or not it lives up to its braggadocious claim of difinitivity, the guide, published in collaboration with Forbes, is chock full of  practical, actionable advice  for business leaders, executives and government agencies on how best to protect organizations from cyber-attacks.

The guide contains advice from private and public experts on a plethora of security issues. The goal of the report is to give business leaders a starting point for conversations on IoT security, the legal and regulatory considerations surrounding cybersecurity and how to best prevent breaches.

"Cybersecurity can support the goals of senior executives to keep the company running and profitable," says Sean Duca, vice president and regional chief security officer, Palo Alto Networks. "Executive leadership must set organisational strategy that builds cybersecurity considerations into the business planning process. Toward that goal, technical and non-technical personnel should enter into a common lexicon to discuss how cyber is the vector where good and bad things happen and that there is no such thing as cyber risk, it is just risk to the business."

The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.

Discuss this Article 0

Post new comment
or register to use your The VAR Guy ID
Upcoming Webcasts & Training



Sponsored Introduction Continue on to (or wait seconds) ×