Can Your Business Defend Against Sabotage in the AI Era?
In the good old days, attacks on computers – or at least those that got written up in the newspapers – were usually highly visible. You clicked on a link in an email from a seemingly familiar source, and suddenly your monitor screen went dark. Or you found that, unbeknownst to you, all your files had become encrypted, and you didn't know the password. In cases like these, it was not hard to figure out that, very likely, you had been attacked. What remained was cleaning up or mitigating the effects of a software worm, virus, Trojan horse, etc.: scary (definitely!), costly for team productivity, but at least having a clear mission.
Nowadays, life is not so simple. Cyberwarfare or other highly visible attacks on computers – some perpetrated by lone wolves, others by organized groups like terrorists and state actors – still occur, of course, and the most effective attacks can trigger billions of dollars in damage to businesses, worldwide. But there are also many other attacks that are insidious, meaning that you may not know, at least not for a long time (if ever), that you have been attacked at all.
A Different Kind of Threat to Business
Computing lends itself superbly to such low-visibility attacks. What we see in our computers is well described as the tip of an iceberg. In the background of all those elegant graphics and oodles of text and numbers exist layers upon layers of complex, invisible mathematical-logical algorithms, all working together to produce the workaday computer results we all rely on to boost team productivity as well as our own. To give a flavor of what algorithmic complexity can mean in practice, it has been said that as many as 250,000 patents may touch a smartphone. Herbert Simon, a pioneering computer scientist, coined the phrase "the sciences of the artificial." It is an apt description of the tasks involved in creating, maintaining, and updating all sorts of computer algorithms. Precisely because they are artificial creations, rather than the outcome of any "natural" process of physics or biology, those algorithms can be arbitrarily edited (i.e., modified) by anyone with a strategic mindset and relevant technical skills, often elementary. Some of those edits – a kind of algorithmic counterpart to smiting a computer with a sledgehammer – will instantly have blatantly obvious effects: the computer simply stops working. But effects of other modifications are less visible. The computer starts working a little more slowly. Or it delivers an answer that is close to the "correct" answer but not quite right (or, perhaps often worse, is sometimes but not always wildly wrong).
A biological analogy can shed light here. Much human disease is best seen as a process in time, not a one-time event. Human beings are susceptible to many kinds of disease processes that have harmful health effects, some of them very serious, which do not lead an affected human to keel over dead, or to have a limb fall off, or indeed to any particularly noticeable effects (at least any time soon). So, too, with algorithm sabotage. Algorithms are processes that unfold inside a computer, and there are many, many ways in which those processes can go wrong, frequently with unseen effects on the user and that user's business. The more "advanced" (which often means complicated) an algorithm is, commonly the more ways it can go bad. Recent advances in artificial intelligence (AI) are opening a door to unprecedented frontiers of algorithmic complexity. And those new frontiers are leading to new and greater threats of sabotage, possibly by disgruntled insiders, and ensuing business risks.
Even a team of experienced employees can be effectively helpless here. Possibilities proliferate when, reflecting a human proclivity for linear orderings (of people, schools, books, prizes, etc.), the computer is summarizing a lot of complicated information to determine whether or not a "bright line" threshold is met. In the old days at GE, Jack Welch famously demanded that his GE managers make their business either first or second in the world in its industry or face its being sold off. It isn't hard to imagine a close-call situation where a particular unit's performance is neck-and-neck with that of an outside firm, so that a subtle change in a computer algorithm could bump that unit down to third place in the relevant rank order. Or could kick it upstairs to a safe second place.
Further possibilities arise when a computer algorithm incorporates a slightly wrong mathematical formula (say, one that alters computer simulation results so that a jury changes its finding from "negligent" to "not negligent," or vice versa) or when an algorithm harbors a low-visibility mathematical instability (weather prediction models provide examples).
Sabotage need not be complicated just because an algorithm is complicated or exists in a jungle of complex algorithms. Writing an algorithm to make 2+2 = 3, or sometimes 5, could qualify as sabotage. So, too, is adding an "override" module to a search engine that guarantees its inability to retrieve a certain specific item in a database.
What Can Businesses Do?
A first line of defense, one that exploits the uncanny power of human intuition that no extant computer can truly match, is a team that prioritizes workforce well-being at every level of an organization. Sharp professionals on that team are equipped with a healthy strategic mindset – the mindset of success – which makes them both motivated and well-positioned to spot and query coincidences, oddities ("I could have sworn that …"), and other telltale spoors of potential sabotage.
As is true in many other 21st century computing areas, a kind of "arms race" is thus born. It is a battle of wits and imaginations – Sherlock Holmes against Professor Moriarty, if you will – pitting cybersecurity defenders against attackers in an information warfare space.
Do your business and your leaders, many of whom grew up with a much earlier generation of computer and computer network technology when threats were fewer and often blunter, adequately understand the sabotage threat and business risks it entails in the AI era? Is your business prepared to deploy scarce logistics resources (mathematical talent, strategic mindset talent, etc.) to wage and win such battles? Is your business on a path to fostering a culture of innovation, imparting a healthy strategic mindset – the mindset of success – to your cybersecurity team, boosting its productivity? Is your business positioned to create a future-focused team, one that prioritizes well-being management at every level to create a first line of defense against both unforeseen accidental disruptions and sabotage threats? Whether you're a big or mid-sized business – or an executive looking to up your game – our employee training programs will take you and your business to the next level.
Let's discuss how Mentee Insight can help your career and business thrive in these uncertain times.
Best,
Professor Scott Boorman
Subscribe to YouTube Channel: Strategic Realism with KZ
Disclaimer
Mentee Insight does NOT provide legal services. The protection of a client-lawyer relationship does NOT exist with respect to the nonlegal services provided. The information provided on this website does not, and is not intended to, constitute legal advice or tax advice.
info@menteeinsight.com