Artificial Intelligence & Its Impact On Cyber Security

Contributed by AT Corp / Cyrin

It seemed simple enough: in 2014 the California Public Utilities Commission (CPUC) directed the State’s three largest utilities to come up with a program to address the threat of wildfires. As reported in the new book, California Burning, Pacific Gas & Electric (PG&E) which provides electric and natural gas service throughout most of Northern and Central California, found the task daunting. The company realized there was no way they could clear every tree from every line.

To alleviate the problem an attempt was made to identify the areas at highest risk of causing fires. According to the book, one company slide read… “it’s not about the 50,000,000 potential threats… it’s about the 5,000 real threats to our facilities.”

For firms facing ongoing cyber attacks, the analogy is similar. How do they pursue the really dangerous attacks that can take down their network, versus intrusions while problematic, will not take down the whole organization?

According to several studies, security operations center (SOC) analysts are overwhelmed by security alerts that come in every day, many of them false alarms. Much of their time gets directed to routine work and not enough on the big problems – or they miss those attacks altogether.

“All vendors have to use AI and ML today, just to handle the volume of threats and the sophistication of threats,” according to Etay Maor, cyber security professor at Boston College and senior director of security strategy at Cato.

In a Trend Micro survey of IT security and SOC decision-makers released last May, 51% said their teams were overwhelmed by the volume of alerts and 55% said they weren’t confident in their ability to prioritize and respond to them. In addition, the survey indicated respondents spent up to 27% of their time dealing with false alarms.

This means that actual problems or big problems can be missed. According to a survey of SOC professionals by Critical Start, nearly half the respondents admitted turning off high-volume alerting features when there are too many alerts to process. There were over 900 attacks per organization per week in the fourth quarter of last year, an all-time high, according to a Check Point report released last month. Education/Research and Government/Military facilities were at the top of the attack chart. The overall number of attacks on corporate networks was up 50% in 2021, compared to 2020.

According to Verizon’s data breach investigation report, most breaches were discovered in days, however 20% of breaches could take months or more before organizations realized something was amiss.

AI is definitely the latest weapon in the cybersecurity war. The trend is definitely moving to security vendors who integrate AI into their product offerings. Looking at suspicious events quickly inside a corporate environment and figuring out which ones indicate an actual threat is something that artificial intelligence can do well. Partner that with the critical shortage of skilled cybersecurity workers and some believe that given the potential capabilities and broad reach of AI, the industry will eventually “automate” some jobs to solve the problem of scarce cyber talent.

This may reduce the need for people to physically complete particular tasks in the cybersecurity world, but this scenario is unlikely to come to fruition in the short term. AI still has problems when things change too quickly, and incidents fall outside its area of knowledge. Also, someone will need to monitor the AI to continue to measure its effectiveness. That said, great strides in AI will be made within the next decade, building on the progress of the last five years.

AI: What is it and who is using it?

According to most accounts, the modern version of Artificial Intelligence, or AI, wasn't formally founded until 1956, at a conference at Dartmouth College, in Hanover, New Hampshire, where the term "artificial intelligence" was coined. Many consider John McCarthy, a professor emeritus of computer science at Stanford, as the dean of AI and the man who persuaded the attendees to accept "Artificial Intelligence" as the name of the field. McCarthy subsequently went on to become one of the major principals in the field for more than five decades.

By most definitions, artificial intelligence is a type of intelligence displayed by machines, as opposed to the natural intelligence displayed by humans and other animals. AI applications can analyze data and make decisions on their own, without human intervention. As AI becomes more and more prevalent in society, it is also making its way into the world of cybersecurity. AI can be used in several ways to help improve cybersecurity, including automatically detecting and responding to threats, improving network efficiency, and helping to identify vulnerabilities.

Why AI in Cyber is Gaining in Importance

The cyber attack surface in modern environments is massive, and it’s continuing to grow rapidly. This means that analyzing and improving an organization’s cyber security posture needs more than mere human intervention.

AI and machine learning are now becoming essential to information security, as these technologies are capable of swiftly analyzing millions of data sets and tracking down a wide variety of cyber threats — from malware menaces to shady behavior that might result in a phishing attack. These technologies continually learn and improve, drawing data from past experiences and present to pinpoint new varieties of attacks that can occur today or tomorrow.

There are Downsides to AI

Without huge volumes of data and events, AI systems can render incorrect results and/or false positives. AI-based products operate within dynamic systems where the flows of information change constantly. So, getting inaccurate data from unreliable sources can backfire.

It’s possible that AI will misinterpret inputs into the system and behave in a way that’s favorable to the attacker. For example, an iPhone’s “FaceID” access feature uses neural networks to recognize faces, making it susceptible to adversarial AI attacks. Hackers could construct adversarial images to bypass the Face ID security features and easily continue their attack without drawing attention.

The Market Potential of AI

Although AI may still be seen as somewhat of a “niche market,” that is going to change dramatically in the next decade. It’s no surprise that companies are investing research and resources into AI and that the technology has moved to the front and center of organizations. According to Grand View Research in its latest report on the global market, “Artificial Intelligence Market Size 2022-2030,” the worldwide AI market size was valued at $93.5 billion in 2021, with an anticipated growth rate of 38.1% from 2022 to 2030.

In the cyber security space, as the world continues to experience data breaches and cyber threats from in country and overseas, there will be a continuing need for companies and organizations to use AI to safeguard sensitive information. Today, AI is playing a key role in helping organizations like HSBC and Cisco power various applications. Some of these hot spots of potential information breaches are in identity, anti-money laundering investigations, and the use of AI analytics to detect a threat in encrypted traffic.

The increasing number of mobile users, as well as the continued adoption of cloud-based services, will contribute to the growth of the AI market for security due to the increased ease of attack. Companies are increasingly placing their trust in AI to stop hackers and others.

These all seem like obvious pros in terms of AI taking over the management of crucial systems. That said, how will the AI create negative competition, for example, between countries? As much as cybersecurity professionals have become expert at building defenses, will the offense have different and more advanced tools? Will our AI end up fighting their AI? Will everybody face off with their doomsday applications.

Conclusion

It will take all hands-on deck in the coming years to deal with cyber threats. According to many experts, including CYRIN’s own Kevin Cardwell, you still have to do the “fundamentals.” In the near term, shiny objects or no one product will take over the basic tenets of cybersecurity. That means human intervention combined with “intelligent” uses of AI and increased training in all sectors will still be the key.

CYRIN Can Help

CYRIN’s online interactive virtual training platform is designed to be “always available” 24/7 to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 60 interactive labs, courses, exercises and attacks where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks.

To meet the test, CYRIN is continuously evolving to stay abreast of the cyber “arms” race. We constantly add new exercises and courses and our collaboration with partners like the Rochester Institute of Technology (RIT) help us add new tools to meet the existing challenges and new threats as they emerge.

But don’t take our word for it. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

You Might Also Read:

CYRIN Launches New Docker Lab:

« Make Sure Your MSP Isn’t Your Security Achilles’ Heel
British Prime Minister’s Phone Hacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

authen2cate

authen2cate

authen2cate is a single-sign-on (SSO) and multi-factor authentication service provider.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Drainware

Drainware

Drainware is an innovative solution designed to replace legacy traditional AV and deliver advanced protection pre and post-infection to your endpoints.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

BLOCKO

BLOCKO

BLOCKO is a blockchain specialized technology company that has experienced and achieved the largest amount of business in South Korea.

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.