The more time we spend online, the more vulnerable we become to cybercriminals. They are using artificial intelligence to steal data, but individuals and companies can use the technology to thwart their efforts.

(Source: Pexels, Nataliya Vaitkevich)
“Once an idea has taken hold of the brain, it’s almost impossible to eradicate—an idea that is fully formed, fully understood, that sticks right in there somewhere.” –Cobb, “Inception,” Warner Bros., 2010
You have to feel sorry for kids today—okay, not ours, but kids in general. When we were growing up in a small (and we do mean small) town in the Midwest, we walked about a half mile to school, uphill both ways, by ourselves. Later, it was a bike ride that quickly became a small motorcycle and, finally, a car. Didn’t need a license—small community, remember—everyone knew everyone, and “they” knew which of us would get in trouble. It was cool as long as you didn’t really destroy any property and got home by dinner. If parents asked where you’d been all day, they really wanted to know because they didn’t have a clue what you did, where you went, who you were with, and what trouble you got into.
On the other hand, our kids were driven to school and played in the courtyard or backyard. The home cameras track them. Now that they’re older and venture farther, they’re tracked by us tapping into their phones or texting (no one calls anymore), and we know who they’re with, where they are.

The same holds true for adults. Sure, it depends on where you live, but the average American is captured at least 90 times a day by one of the more than 80 million security cameras installed around the country. If there is an accident, scuffle, argument, or worse, smartphone cameras come out to capture all of the embarrassment or incident. Camera first, assistance… later.
At the same time, your tracking device (smartphone) and apps keep track of where you are, where you’ve been, and where you’re going. It captures, analyzes, dissects, and stores data on your activity, communications, and pretty much everything. We’re so fortunate we don’t live in a totalitarian country where people are tracked and monitored 24/7. People in those countries know they and their devices are constantly tracked and monitored as a matter of control. Cameras and data monitoring are also increasing in other countries for individual protection and improving marketing/service activities.
Cameras and device data serve a different purpose—catch the person who jumps the subway/BART fare gate, runs the stop sign, or does something illegal… they’re for your protection. And all that computer/smartphone data helps marketers understand how to serve you better—sell you stuff—and protect you, just in case.

Sure, our daughter likes to brag that she uses nothing but Apple devices—Mac, iPhone, etc.—because the company swears it doesn’t share your data and has even resisted official challenges to open locked devices.
All we know is if they ever wasted time going through any of our devices or cloud data, they’d be bored! The same is probably true of 80% of most folks’ device data—not really valuable or even interesting, but it’s none of anyone else’s business. The other 20% percent of your data is of interest to advertisers and gray (petty thieves)/black hat (serious crooks) folks who want to “borrow” your data to make big bucks.
That’s the data people spend time, money, and effort attempting to protect. But it’s tough. First of all, your software and apps are built on top of old, really old, code that keeps getting patched, enhanced, and enriched; but any cybercrook worth his/her salt knows where the holes are. Fortunately, there’s a new breed of AI security tools that are designed to protect you 24/7.

The new security intelligence is super, but that same super intelligence is also available to the folks who make their living using your data to benefit them. So, you just sort of hope your AI security tools are better than their AI security tapping tools because, hey, you’ve got important stuff to do. At the same time, your computing/communication devices don’t serve much of a purpose if they don’t compute/communicate. After all, your work and leisure life depend on working with people inside and outside your organization, and you’re constantly sharing data with organizations like insurance/healthcare institutions, retailers, banks, airlines/travel destinations, online/instore retailers, utilities, and, lest we forget, your phone company.
They need your data so they can do a better job of serving/supporting you. And you’re pretty sure they have pretty good AI-enabled cybersecurity systems in place—as long as you don’t think about it too much. But just in case, you load up on all of the new AI-enabled security and data protection tools… just in case. Oh yeah, we almost overlooked the most important stuff you use regularly that is absolutely vital to your life—your social media sites. You know, all those places you constantly check, see and be seen in, like Facebook, Instagram, Snapchat, TikTok, WhatsApp, YouTube, WeChat, and, oh yeah, X.
We know you aren’t checking and posting to them very often during the day, but your kids… they’re camped out there an average of 4.8 hours a day according to Statista. Imagine the size of their online data footprint.
Sure, the social media sites have some of the best white hat security folks money can buy; they focus on protecting the data they get from users but are also a great place for cybercriminals to set up camp to use legitimate tools for malicious purposes such as credential theft, reconnaissance, remote access, malware deployment, and data exfiltration.
All that work is not without its rewards. According to Cybersecurity Ventures, cybercrime is projected to cost people and organizations an estimated $6 trillion this year. Next year, it’s estimated to grow to $10.5 trillion.
Good and bad folks look for the latest techniques help them stay abreast of the latest advances in cybersecurity. It’s such a big business, it has its own set of conventions—Las Vegas, Riyadh, London, etc.—as well as a steady stream of events around the globe on how organizations (large/small, white/black hats) can keep pace with the latest advances. In addition to companies selling security products/services, companies attend to learn how they can get the latest stuff available to protect themselves as well as send folks to sit in on industry/company presentations to make certain they’re ready for tomorrow.
Oh, yes, don’t forget the steady stream of training activities to make certain guys/gals know where the weaknesses are in online activities and what the new AI stuff will do and learn. Yeah, they’re all there—white hats (good guys), black hats (bad guys), gray hats (highest bidder) to learn the latest weak points in operating systems and applications, latest software advances, and how they can teach/train AI to do all the hard work for them.
The number and size of cybercrimes is growing rapidly and becoming increasingly expensive and disruptive. Investment in and explicit use of AI-enabled cyber protection tools and procedures needs to be everyone’s business. We know, the number, size, and dollar value of the hacks and breaches look like the bad guys (and gals) are doing a better job than the security teams, but they have help, lots of help. Okay, maybe not you, but there are people inside and outside the organization who visit places on the Web they shouldn’t, respond to queries that sound too good to be true, or folks who simply know how to get things done better, faster than what’s been tested/proven. Then they are free to spend their time doing important stuff like watching neat/fun/funny videos, spreading hurtful/personal information about others, or keeping abreast of, and perpetuating, fake news and dumb ideas.
According to Ponemon Institute, 55% of the cyber incidents aren’t because the black hat was so brilliant and creative in their criminal practice, but because of an individual’s negligence, mistakes, or naivete. Of course, that gives the cybercriminals the in they have been looking for. Access to the individual’s system/device allows them to use the user’s credentials—and their AI hacking, whacking, tracking tools—to move freely throughout the organization’s network as well as third-party vendor systems and networks.
According to the latest Identity Theft Resource Center, the leading ways black hatters penetrate organizations are:
• 20.5% phishing/smishing/BEC (business email compromise)
• 15.4% ransomware (37% ultimately paid an average of $5.13 million)
• 28.9% malware
• 24.6% zero-day attacks
• 11.2% credential stuffing
• 8.5% non-secured cloud environment (back door, sideload, webshell)
• The rest were “others” or no response
The challenge is that currently, one AI technology has about 50% market share, making it easier for cybercriminals to develop tools and attack paths that target and address the specific AI technology’s strengths and weaknesses. Meld those capabilities with the known “assistance” they can get with normal keyboard user errors, carelessness, and negligence, and it’s little wonder the number and size of data breaches continue to rise.
So, it would seem that the most effective AI-enabled cybersecurity tools are those that are proactive rather than reactive. In other words, cybersecurity solutions that establish clear guidelines and procedures for day-to-day business activities and operations, and then monitor and protect users from themselves. Additional cybersecurity tools can then monitor internal/external communication to block attacks before they occur.
We’re not IT/AI/security guys, but we do know there are more hackers/smackers out there who only have one job to do, and that’s to infiltrate individual systems and networks. They want to steal data or lock organizational data so it can’t be used until they are “reimbursed” for their work—whether it happens with your personal computing/communication devices, home network, or office systems.
It’s a lot like Cobb said in Inception, “An idea is like a virus, resilient, highly contagious. The smallest seed of an idea can grow. It can grow to define or destroy you.”
The technologies—including those that tout their AI features—aren’t perfect, but testing, acquiring, and installing those that work best with and for you will give you added assurance that you can focus on developing more creative work and protect it from cyberthieves. Your cybersecurity processes and tools don’t have to be perfect. If your AI-enabled cybersecurity solutions block them a few times, the cyberthief will probably move on to test the next person on their list because there’s always someone who will leave the front or back door open.
Remember, the whole idea of the bad guys and their tools is to prove comedian Ron White was right: “You can’t fix stupid.”
It’s becoming a necessity because kids live in a totally different world than the one you and I grew up in.

LIKE WHAT YOU’RE READING? INTRODUCE US TO YOUR FRIENDS AND COLLEAGUES.