Artificial Intelligence (AI) and Machine Learning (ML) have been changing the landscape of the cybersecurity industry for some time now.
For many, they believe that AI will be the saviour of cybersecurity. As cybercriminals become more and more sophisticated in the way they attack businesses, many people believe that humans alone cannot keep up with the sheer volume of cyberattacks, not to mention the sophisticated ways in which cybercriminals are accessing networks.
One of the biggest challenges faced by businesses is the growth in connectivity. The rapid rise of cloud-based applications, the growing number of Internet of Things (IoT) connected devices and the challenges of allowing more and more people to work seamlessly from home is creating an IT infrastructure that is no longer possible to manage using only humans.
AI and ML have therefore become critical technologies in information security, as they are able to quickly analyse millions of events and identify many kinds of threats.
This ability to analyse millions of events and compare what they see to expected behaviour means threats such as zero-day vulnerabilities and phishing attacks can be identified quickly, and appropriate actions are taken.
The benefit of both AI and ML is that both technologies continually learn and improve based on the results they are analysing, drawing from past experiences, and helping to predict cyber threats before they happen.
Whilst some believe that AI will eventually replace the need for humans within the cybersecurity sector, many believe that whilst AI and ML are important tools, they are not the panacea when it comes to cybersecurity and human input will always play a crucial role.
In this post, we look at some of the advantages and disadvantages of AI in cybersecurity and discuss what the future is likely to look like.
How can AI help to improve your cybersecurity?
AI is going to have a crucial role to play in improving cybersecurity for businesses large and small. AI is already being used by many businesses around the world to bolster their cybersecurity efforts, however, we can expect the introduction of AI and ML to become more mainstream in both commercial and personal cybersecurity software solutions.
AI is already helping businesses to identify and neutralise cybersecurity threats, helping businesses to keep on top of an ever-evolving cybersecurity space.
AI learns by consuming billions of pieces of data from both structured and unstructured sources. That data is processed quickly using machine learning and deep learning techniques and AI then improves its knowledge, helping the software to understand cyber security threats and risks.
Because AI has the power to analyse billions of data files, the learning curve is steep. AI software can use the insights gathered across billions of data pieces and use reasoning to identify any relationships between threats such as malicious files, suspicious IP addresses and unusual activity on a network.
The data can be analysed in minutes and the results can then be reviewed and actioned by cybersecurity professionals who can make an informed decision quickly.
It is this relationship between the AI software and the cybersecurity professionals that are really helping to maximise the impact of AI in cybersecurity. Whilst there may come a time when AI can perform the work of a cybersecurity professional, that seems a long way off. Cybersecurity analysts are currently able to make more informed decisions much faster because of AI, helping them to perform better in their roles.
It should also be noted that whilst AI is being used by cybersecurity specialists to combat cybercrime, those same cybercriminals are also turning to AI to help speed up their attacks, making them more difficult to detect and spread further.
According to a report by Accenture, Adversarial AI “causes machine learning models to misinterpret inputs into the system and behave in a way that’s favorable to the attacker.”
This helps to create a lot of false positives for AI-driven cybersecurity systems, adding to the work of cybersecurity analysts to weed out the actual attacks from those that are been driven by AI.
In an article published on Medium written by a student-led organisation at Berkely University in California, they discuss how adversarial AI could be used on technology like the Apple iPhone X that uses Face ID as an unlocking feature. That feature relies on neural nets to recognise faces and is therefore susceptible to adversarial attacks, “People could construct adversarial images to bypass the Face ID security features.”
Leveraging machine learning and AI, cyber criminals are creating malware strains that are more intelligent and adaptable, making them much more difficult to detect.
In 2019, The Wall Street Journal reported that “Criminals used artificial intelligence-based software to impersonate a chief executive’s voice and demand a fraudulent transfer of €220,000 ($243,000) in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking.”
In a separate WSJ article, they also report the use of AI-powered malware that has been designed to conceal itself until it reaches a specific victim, “DeepLocker is capable of hiding any malicious payload into [benign] software, and AI becomes the decision maker to determine when to unlock the malicious behavior,” said Marc Stoecklin, manager of the Cognitive Cybersecurity Intelligence research group at IBM.
Trustwave reported in 2020 that attacks on cloud services had more than doubled and now account for the third-highest number of targeted attacks and that ransomware continues to grow, overtaking payment card data breaches for the first time.
Advantages of AI in cybersecurity
Whilst cybercriminals are also utilising AI to launch more sophisticated attacks, it still has a crucial role to play in cybersecurity and, because of the increased use of AI by cybercriminals, one could say that AI in cybersecurity is becoming imperative if you want to keep up with the threat landscape and the sophistication of attacks taking place around the world.
AI and machine learning, when used in combination, can help organisations to keep up with the ever-changing landscape, helping to automate threat detection, provide valuable insights to cybersecurity professionals and respond more effectively than conventional software-driven or manual cybersecurity techniques.
Here are some of the key advantages of AI in cybersecurity:
Detecting new threats
One of the key attributes of using AI and ML in cybersecurity is the ability to quickly detect new threats. Traditional cybersecurity software simply cannot keep up with the sheer volume of new malware threats created each week.
AI enables cybersecurity systems to process those new threats quickly and because AI systems continually learn, they are being trained to detect malware, run pattern recognition and detect even the most minute behaviours that could indicate malware or ransomware, before it enters the system.
One of the key advantages of AI in cybersecurity is the predictive analysis that cybersecurity professionals are able to extract from an AI-driven system. The system can learn by scraping articles, news and studies, helping to provide intelligence on new anomalies, cyberattacks and prevention strategies.
Prevent credit card fraud
AI and ML are being used by banks to help to prevent credit card fraud and keep customers’ information safe. AI is able to quickly detect unusual activity, such as purchases made from a different device or unusual transactions.
AI-powered systems can then help to verify the credit-card holder, helping to reduce the number of fraudulent transactions.
Bots make up a massive proportion of internet traffic today and whilst much of that bot traffic is just an annoyance for website owners, they can be dangerous.
One thing that is very difficult to do without the help of AI is to keep up with the sheer volume of bots. Manual response alone cannot keep up with the number of bots and AI can be used to help identify the legitimacy of bots.
From account takeovers to stolen credentials to data fraud – bots can pose a real threat to businesses if they go undetected and AI enables cybersecurity teams to analyse huge amounts of data and understand behavioural patterns when it comes to the way a typical user navigates a website. Unusual behaviour can be quickly identified, allowing cybersecurity specialists to stay ahead of bad bots.
Breach risk prediction
Accounting for IT asset inventory, threat exposure, and controls effectiveness, AI-based systems can predict how and where you are most likely to be breached so that you can plan for resource and tool allocation towards areas of weakness.
Prescriptive insights derived from AI analysis can help you configure and enhance controls and processes to most effectively improve your organization’s cyber resilience.
The advantages of AI in cybersecurity go far beyond these four areas outlined above and as we move into 2022 and beyond, AI will become an integral and essential element in cybersecurity systems around the world.
Disadvantages of AI in cybersecurity
Whilst is it likely that all cybersecurity software models will move towards a model that integrates AI and ML, there are always some downsides associated with any technology.
Whilst AI can save time and money in the long run, there is a hefty up-front investment required in terms of the software itself but also in computing power, memory and data needed to build and maintain AI systems.
AI models are trained using data sets. In order for an AI system to learn, you need to acquire many different and distinct data sets including malware code, non-malicious code and anomalies. Acquiring these data sets is expensive and it is then time-consuming for the AI system to learn from the data sets. These can be barriers to adoption as the upfront outlay is significant in terms of time and money.
We’ve already talked about adversarial AI and this is an important factor to consider. Attackers test and improve their malware to make it resistant to AI-based cyber security tools. So whilst AI can help to protect your business from attacks, it can also inadvertently help cyber criminals to learn more about AI tools and develop more advanced attacks against both traditional and AI-supported systems.
Early adopters of AI in cybersecurity
In an article by leading cybersecurity brand Balbix, they reported some of the earliest adopters of AI in cybersecurity and it is no surprise to see some of the world’s biggest brands leading the way including:
Gmail has used machine learning techniques to filter emails since its launch 18 years ago. Today, there are applications of machine learning in almost all of its services, especially through deep learning, which allows algorithms to do more independent adjustments and self-regulation as they train and evolve.
“Before we were in a world where the more data you had, the more problems you had. Now with deep learning, the more data the better.” – Elie Bursztein, head of anti-abuse research team at Google
The team at IBM has increasingly leaned on its Watson cognitive learning platform for “knowledge consolidation” tasks and threat detection based on machine learning.
“A lot of work that’s happening in a security operation center today is routine or repetitive, so what if we can automate some of that using machine learning?” – Koos Lodewijkx, vice president and chief technology officer of security operations and response at IBM Security.
The networking community hungers for disruptive ideas to address the unsustainable economics of present-day networks. Juniper sees the answer to this problem taking shape as a production-ready, economically feasible Self-Driving Network™.
“The world is ready for autonomous networks. Advances in artificial intelligence, machine learning, and intent-driven networking have brought us to the threshold at which automation gives way to autonomy.” – Kevin Hutchins, Sr. VP of strategy and product management.
Despite some drawbacks, the advantages of AI in cybersecurity far outweigh any downsides and AI in cybersecurity will become the de facto way for large organisations to combat cybercrime.
Whilst there are some who believe AI will eventually replace humans in the cybersecurity sector, it is our strong belief that AI and humans working together will be the most effective way for businesses to effectively manage cybersecurity threats.