Speak to any cyber security firm or technology provider about protecting your business from cyber attack, and chances are they will mention Artificial Intelligence (AI). AI is one of the most important innovations to hit the tech industry, with a huge range of impacts and benefits across the board, and one of the ways it has most changed the way the game is played is when it comes to cyber security.
Most businesses are now fully immersed in the digital world, one way or another. As digital businesses grow, and as the world of work goes more online, the risk of cyber attacks increases exponentially. In 2018, 21% of businesses reported cyber security breaches, with the cost of a breach being potentially huge. As the stakes get higher, cyber criminals are using increasingly sophisticated methods to breach security, and traditional methods of online security are no longer always sufficient.
One of the most common criticisms of cyber security approaches is that they can only spot and prevent known threats. Traditional cyber security is essentially just monitoring a perimeter fence around your business’s online domain, and stopping the malicious actors getting in by knowing what they look like and how to stop them (usually based on malware samples). This is a hugely reactive approach, a cure rather than a prevention, and is at risk from new and unforeseen threats. It also leaves a business hugely vulnerable if an attacker does get in, as there is nothing internal to deal with them once they have got past the line of defense.
Even when new attacks are detected and identified, the time between detecting the attacks and developing and applying the relevant security measures leaves companies unprotected. Moreover, to identify a new attack, at least one business has to take the hit.
This is where the importance of AI and machine learning in cyber security is so important. A huge part of cyber security is spotting unusual behavior, behavior that doesn’t adhere to the normal way of doing things, and that could be considered a threat. Things like insider threats, malware, outsider attacks, and email phishing all look just a tiny bit out of place. The problem is that spotting this aberrant behavior amidst the millions of emails, clicks, documents, etc that happen every single day is almost impossible, without a system specifically designed to do just that.
AI includes a range of technologies that gives computers the ability to learn, reason and draw insights, essentially endowing them with human capabilities. AI, and in particular machine learning, analyses what happens on a network, and gets smarter, more efficient and more effective at spotting behavior that might be a threat. AI can look at impossible numbers of events, and spot the few that aren’t quite right. It analyses past threats and makes predictions about what future threats might look like, allowing cyber security systems to be proactive, rather than reactive.
AI also reacts far faster than human operators, and can, therefore, keep up with the vast amounts of malware that are being created every month. AI can collect vast amounts of information on current cyber security threats, predict new ones (as described above), and be trained to identify even the smallest ransomware or malware behaviors, preventing attacks before they even begin. It also has the capacity to help with one of the most vexing areas for cyber security professionals, the human error angle. Passwords are one of the weakest areas of cyber security, with many (if not most) people not taking the necessary precautions when it comes to password protection or robustness. AI can provide multi-factor authentication, as well as biometric logins, which can prevent weak passwords being an issue at all.
AI is also becoming more and more essential in cyber security as a form of self-fulfilling prophecy. With all the benefits of AI, the potential is high for hackers and bad actors weaponizing the potential of AI and machine learning and using it to massively increase their attacks, in both volume and sophistication. AI allows cyber attacks to happen on a far greater scale, at a far lesser cost, and new threats are going to be more and more common as machine learning is able to predict potential defenses and mitigations. In these cases, AI will be an essential tool to protect against AI-boosted attacks as traditional security and humans just won’t have the capacity.
Last year’s Capgemini report showed that 61% of businesses felt unable to detect breach attempts without AI, and 69% believe that AI will be crucial to preventing attacks in the future. 48% of enterprises expected to have to increase their budgets by an average of 29% in 2020 to deal with the expected threat level and Cisco reported that in 2018 they prevented seven trillion threats on behalf of their customers.
In this climate, it is hard to understate the importance of AI. However while it might seem tempting to just hand over to the robots and let them get on with it, it is still hugely important to take a varied and careful approach to everything that involves cyber security. There is always a risk when moving any critical thing from people to machines that the machines don’t do it well either, and it is important to be sure that the AI systems you are using are properly tested, and are actually effective. Something like Cylance, for example, carries out ongoing testing against major threats to ensure that they are always improving their ability to protect against the newest and most sophisticated threats.
AI is not a cure-all and doesn’t take over from classic techniques like practicing proper online hygiene, understanding risk and protecting your crown jewels. The key is to move from a reactive anti-virus approach to proactive network monitoring and to know your priorities and what to protect. However, it is an absolutely essential tool in dealing with the increasingly varied and hard-to-defend-against attacks that cyber criminals are employing, and can make a huge difference to an organization’s cyber security systems.
For more information about AI in cyber security, and to find out how CompuVision uses AI to protect our clients’ businesses, get in touch.