Finding New Opportunities for Role of AI in Cybersecurity
Technology tends to come with positive and negative applications. In cyberspace, as long as technology continues to evolve, the frequency of technical threats will also rise; it will always leave an open doorway for attackers to sneak in. While strategies are formed in place to counter-attack, perpetrators will always remain one step ahead of inflicting damage and compromising critical systems. However, with advanced intelligent technologies in cybersecurity, we can expand our resources to defend vulnerable networks and data from attackers. This is where Artificial Intelligence (AI) makes its way into the picture. When combined, AI can set up an additional layer of strength capable of bringing instant insights, predicting threats, and reducing response times.
Matt Gyde, CEO of NTT Ltd.’s Security Division states, “Automation and AI provide the scalability required to protect today’s ever-growing attack surface. A great example here is automating the interaction between detection and mitigation. Linking continuous AppSec monitoring with web application firewalls, for instance, can provide real-time risk mitigation.”
In the context of advancing in the industry, according to Capgemini, 69% of enterprise executives believe that AI will be necessary to respond to cyberthreats. While 80% of telecom firms are counting on AI to help identify threats. Further, Gartner predicts $136 billion investment in IT Risk & Management will rise to $175 billion in 2023 at a CAGR of 9.1 percent.
In theory, a perfectly designed and implemented AI technology can:
- Fill up the gaps in security measures
- Assemble the next-gen security team
- Deploy security culture into enterprises
- Automate repetitive tasks
- Bring human and environmental context to security
- Enable 24/7 monitoring and reporting of threats
Understanding the Need for Cybersecurity in 2021
The number of connected networks has grown exponentially with easy access to faster internet services, including Wi-Fi and public hotspots. Cloud and BYOD-enabled infra have eased the pressure off on-site IT architecture. Systems are now digital and available from anywhere. This transition has shortened business limits and isolated consumers, data, and equipment from the organization’s borders. As a result, the threat environment has grown. Fraudsters have been able to take advantage of unsecured systems and compromised user devices. Furthermore, the absence of cybersecurity personnel has pushed the industry to a higher form of challenges.
Here’s a look at some prominent cyberattacks of 2020:
- In October, Software AG, the second-largest software company in Germany, suffered from a CLOP ransomware attack. Confidential documents were stolen, and a $23 million ransom was demanded. The firm is still restoring its system and database to resume operations.
- October also witnessed the attack of ransomware on Frech IT service Sopra Steria. The virus was identified as the new Ryuk ransomware, previously unknown to cybersecurity professionals. Ryuk has also battled with EWA, a US defense contractor, and Prosegur, a Spanish logistics firm.
- Seyfarth Shaw LLP, a Chicago-based global legal services firm, was also attacked via aggressive malware in October. The attack completely shut down the email system of the firm. Its many systems were also found encrypted, which the law firm closed as a precautionary measure.
- September marks the hijack of the popular messenger app Telegram. Hackers used the Signaling System 7 to gain access to the messenger and email data of some big names in the cryptocurrency business. Their intent was to obtain cryptocurrency. Additionally, this type of attack is quite common in the cryptocurrency community.
- In August, the world’s largest cruise line operator, Carnival Corporation, detected a ransomware attack that breached and encrypted one of its brand’s IT infrastructure. The attackers took away confidential information of customers, employees, and crew members.
- December 2020 marks the most famous and advanced-level cyberattack involving SolarWinds, a major US information technology company, which has been the target of a cyberattack that extended to its customers and gone on undetected for months. Foreign hackers used the breach to spy on private firms such as the FireEye (cybersecurity company) and the higher echelons of the US government, including the Department of Homeland Security and the Treasury Department.
Cybersecurity is of much significance as the organizations like above comprise sensitive information, personally identifiable information (PII), protected health information (PHI) intellectual data, personal information, and industry information system. Consequently, cybercrime is becoming one of the largest challenges to both corporate and government organizations.
Cybercriminals disclosed 2.8 billion user’s information costing more than $654 billion, in 2018, according to reports. In addition, in the 2019 Ninth Annual Cost of Cybercrime Study, the cumulative risk value over the next five years has been estimated at US$5.2 trillion worldwide. In the same study, automation, predictive analytics, and security intelligence were described to handle the increasing expense of discovering threats.
AI — Friend and a Foe
Though cybersecurity experts have embraced AI as the industry’s potential, overcoming its challenges hasn’t been widely discussed. Besides being a viable solution, AI can also become a considerable challenge for companies. AI is useful in examining user habits, deducing a trend, and recognizing all kinds of network anomalies or disturbances. With such info, it’s simpler to detect cyber weaknesses. Matt asserts, “There are already examples of successful use of AI for malicious activity, and we’ll probably see this evolve at the same pace as AI in general. Just as we can apply AI to detect malicious activity, threat actors can use AI to establish weak points, avoid detection, and so on.” Besides having a disadvantage side, AI will minimize the routine security responsibility with quality results. AI automation will detect and resolve repeated incidents. It will also handle internal risks and system management.
AI and ML to the Rescue
AI and ML play a rising role in cybersecurity. It can help identify attacks, recognize trends, and reduce reaction time. Adopting AI in cybersecurity improves outcomes when evaluating large data sizes, speeds up reaction times, and increases the performance of frequently under-resourced defense teams. “It’s not as much the AI/ML technology that is making the biggest difference, but rather the data. Having access to vast amounts of data, knowing how to curate and process those data, is what really makes a difference when it comes to developing the models that underpin AI and ML,” says Matt.
Large volumes of data from both structured and unstructured sources are gathered, stored, evaluated, and processed by AI. Deploying technology like machine learning and deep learning allows the AI to continuously develop and enhance its awareness of cybersecurity challenges and cyber harm. A fine example would be AI flagging patterns and enabling early detection of cyber threats in real-time. This detection with deeper insights will pave the way for ML. Consequently, we would have AI-powered systems constantly learning, adapting, and improving.
Deepak Patel, Security Evangelist at PerimeterX says, “Users now create staggering amounts of data per year, and novel algorithms are necessary to differentiate user behavior to solve new use cases. Website owners need a new defensive Machine Learning-driven methodology, sophisticated behavior modeling, and a constant real-time feedback loop to achieve that.”
AI in Practice
AI has already been implemented in the business world to improve organizations’ security infrastructure. There are several real-life cases where AI-powered technologies dramatically enhance cybersecurity. For example, biometric logins are used to protect entry by scanning fingerprints, retinas, or palm prints. AI technology such as facial recognition software protects individuals. AI also plays a key role in ensuring expanded consumer interaction in social networking networks. Some of the best AI software firms are finding new paths for AI engineering and its implementation to harness the power of technology.
- Google’s Gmail uses machine-learning to block a day’s 100 million spams. It built a framework for filtering emails and effectively providing a spam-free world. The search engine company also uses Deep Learning AI on Cloud Video Intelligence. The server-saved videos are tested depending on quality and meaning, and the AI algorithms submit warnings when anything unusual is detected.
- IBM’s Watson cognitive training leverage machine learning to identify cyber-attacks and other approaches to cybersecurity.
- Balbix uses AI-powered danger predictions to secure IT networks against data breaches and security breaches.
- Darktrace focuses on machine learning to build its cybersecurity products.
- Ipreo, a financial technology provider, utilizes Enterprise Immune System to detect risks through the global network from cloud to industrial control systems. The product uses unmonitored machine learning and AI to track users and devices, and workflows to understand actions in the modern world ensuring that the enterprise is protected from ransomware.
The Future of AI in Cybersecurity
The highest priority is on securing Enterprise IT resources. Therefore, it’s no surprise that cybersecurity has become the foremost challenge for organizations. These organizations are hiring AI consultants and availing of top RPA vendors to build advanced technologies to have a solid, deep defensive mechanism. Highlighting the importance of collaboration Matt says, “Cybersecurity is a lot about building trust with our clients, so regardless of whether we’re looking at red-teaming or blue-teaming exercises, the skills and knowledge of our experts require a well-tuned ethical compass to provide value to our clients.”
Accenture’s “2020 Cyber Threatscape Report” reveals five factors that are influencing the cybersecurity landscape.
- COVID-19 accelerates the need for adaptive security — COVID-19 led to social engineering opportunities and pressured organizations struggling with business continuity, travel restrictions, and remote working.
- New, sophisticated TTPS target business continuity — Sophisticated threat actors have been observed targeting platforms such as Microsoft Exchange and OWA, to conduct malicious activities.
- Masked or noisy cyberattacks complicate detection — Cyberthreat actors routinely chain together off-the-shelf tools with living-off-the-land techniques, complicating detection, and attribution.
- Ransomware feeds profitable, scalable business — Alongside finding new ways to infect businesses with ransomware, threat actors are finding new ways to influence victims to pay.
- Connectedness has consequences — Powerful technologies and the Internet enable greater connectivity and expose critical systems that attackers are findings new ways to exploit.
For a flexible future, the report suggests the following ways to mitigate the cyberattacks:
- Think “anytime, anywhere” — Secure all users, devices, and network traffic consistently with the same degree of effectiveness.
- Be transparent — Give users access to what they need when they need it.
- Inspire calm and confidence — Make security leaders the catalyst for change, using empathy and compassion to deliver a more agile response.
- Where possible, simplify — Consider managed services and automate where it makes sense.
- Build for resilience — Make business continuity and crisis management plans fit for purpose, backed by the right resources and investments.
The integration of AI in cybersecurity will create a layer of extra protection for enterprises. It will enable businesses to prepare, safeguard, and even come in line with the perpetrators in any kind of cyber-attack. However, they must also stay vigilant of the ways the attackers can use AI to penetrate through weak links. And with the machine and deep learning set in place, they can train their models to watch for incoming threats, block them, or mitigate them without severe damage.