Company 
Team 
League Partners 
Case Study
Company News 
Team Member Spotlight 
Managed IT Services
Cloud Hosting 
Co-Managed %201.svg){kind=icon}
Managed VOIP 
Managed Security Services 
Data Backup + Disaster Recovery 
Security Assessment 
CMMC Compliance 
SharePoint
Power BI
Web Design + Hosting
Application Development
Businesses 
Municipalities 
Local Government Services 
Healthcare
Manufacturing
Aerospace and Defense
Case Studies
Guides
News
Events
Municipalities
Healthcare
Managed IT Services
Compliance
Cybersecurity
Speak to any cybersecurity firm or technology provider about protecting your business from cyberattacks, and chances are they will mention Artificial Intelligence (AI). AI is one of the most important innovations to hit the tech industry, with a huge range of impacts and benefits across the board, and one of the ways it has most changed the way the game is played is when it comes to cybersecurity.
Most businesses are now fully immersed in the digital world, one way or another. As digital businesses grow and as the world of work goes more online, the risk of cyberattacks increases exponentially. In 2018, 21% of businesses reported cybersecurity breaches, with the cost of a breach being potentially huge. As the stakes get higher, cybercriminals are using increasingly sophisticated methods to breach security, and traditional methods of online security are no longer always sufficient.
One of the most common criticisms of cybersecurity approaches is that they can only spot and prevent known threats. Traditional cybersecurity is essentially just monitoring a perimeter fence around your business’s online domain and stopping the malicious actors from getting in by knowing what they look like and how to stop them (usually based on malware samples). This is a hugely reactive approach, a cure rather than prevention, and is at risk from new and unforeseen threats. It also leaves a business hugely vulnerable if an attacker does get in, as there is nothing internal to deal with them once they have got past the line of defense.
Even when new attacks are detected and identified, the time between detecting the attacks and developing and applying the relevant security measures leaves companies unprotected. Moreover, to identify a new attack, at least one business has to take the hit.
This is where the importance of AI and machine learning in cybersecurity is so important. A huge part of cybersecurity is spotting unusual behavior, behavior that doesn’t adhere to the normal way of doing things and that could be considered a threat. Things like insider threats, malware, outsider attacks, and email phishing all look just a tiny bit out of place. The problem is that spotting this aberrant behavior amidst the millions of emails, clicks, documents, etc, that happen every single day is almost impossible without a system specifically designed to do just that.
AI includes a range of technologies that gives computers the ability to learn, reason, and draw insights, essentially endowing them with human capabilities. AI, and in particular machine learning, analyses what happens on a network and gets smarter, more efficient, and more effective at spotting behavior that might be a threat. AI can look at impossible numbers of events and spot the few that aren’t quite right. It analyses past threats and makes predictions about what future threats might look like, allowing cybersecurity systems to be proactive rather than reactive.
AI also reacts far faster than human operators and can, therefore, keep up with the vast amounts of malware that are being created every month. AI can collect vast amounts of information on current cybersecurity threats, predict new ones (as described above), and be trained to identify even the smallest ransomware or malware behaviors, preventing attacks before they even begin. It also has the capacity to help with one of the most vexing areas for cybersecurity professionals, the human error angle. Passwords are one of the weakest areas of cybersecurity, with many (if not most) people not taking the necessary precautions when it comes to password protection or robustness. AI can provide multi-factor authentication, as well as biometric logins, which can prevent weak passwords being an issue at all.
AI is also becoming more and more essential in cybersecurity as a form of self-fulfilling prophecy. With all the benefits of AI, the potential is high for hackers and bad actors to weaponize the potential of AI and machine learning and use it to massively increase their attacks, in both volume and sophistication. AI allows cyber attacks to happen on a far greater scale, at a far lesser cost, and new threats are going to be more and more common as machine learning is able to predict potential defenses and mitigations. In these cases, AI will be an essential tool to protect against AI-boosted attacks as traditional security and humans just won’t have the capacity.
Last year’s Capgemini report showed that 61% of businesses felt unable to detect breach attempts without AI, and 69% believe that AI will be crucial to preventing attacks in the future. 48% of enterprises expected to have to increase their budgets by an average of 29% in 2020 to deal with the expected threat level, and Cisco reported that in 2018 they prevented seven trillion threats on behalf of their customers.
In this climate, it is hard to understate the importance of AI. However, while it might seem tempting to just hand cybersecurity over to the robots and let them get on with it, it is still hugely important to take a varied and careful approach to everything that involves cybersecurity. There is always a risk when moving any critical thing from people to machines that the machines don’t do it well either, and it is important to be sure that the AI systems you are using are properly tested and are actually effective. Something like Cylance, for example, carries out ongoing testing against major threats to ensure that they are always improving their ability to protect against the newest and most sophisticated threats.
AI is not a cure-all and doesn’t take over from classic techniques like practicing proper online hygiene, understanding risk, and protecting your crown jewels. The key is to move from a reactive antivirus approach to proactive network monitoring and to know your priorities and what to protect. However, it is an absolutely essential tool in dealing with the increasingly varied and hard-to-defend-against attacks that cybercriminals are employing, and it can make a huge difference to an organization’s cybersecurity systems.
For more information about AI in cybersecurity and to find out how VC3 uses AI to protect our clients’ businesses, get in touch.
