Artificial Intelligence & Its Impact On Cyber Security

Contributed by AT Corp / Cyrin

It seemed simple enough: in 2014 the California Public Utilities Commission (CPUC) directed the State’s three largest utilities to come up with a program to address the threat of wildfires. As reported in the new book, California Burning, Pacific Gas & Electric (PG&E) which provides electric and natural gas service throughout most of Northern and Central California, found the task daunting. The company realized there was no way they could clear every tree from every line.

To alleviate the problem an attempt was made to identify the areas at highest risk of causing fires. According to the book, one company slide read… “it’s not about the 50,000,000 potential threats… it’s about the 5,000 real threats to our facilities.”

For firms facing ongoing cyber attacks, the analogy is similar. How do they pursue the really dangerous attacks that can take down their network, versus intrusions while problematic, will not take down the whole organization?

According to several studies, security operations center (SOC) analysts are overwhelmed by security alerts that come in every day, many of them false alarms. Much of their time gets directed to routine work and not enough on the big problems – or they miss those attacks altogether.

“All vendors have to use AI and ML today, just to handle the volume of threats and the sophistication of threats,” according to Etay Maor, cyber security professor at Boston College and senior director of security strategy at Cato.

In a Trend Micro survey of IT security and SOC decision-makers released last May, 51% said their teams were overwhelmed by the volume of alerts and 55% said they weren’t confident in their ability to prioritize and respond to them. In addition, the survey indicated respondents spent up to 27% of their time dealing with false alarms.

This means that actual problems or big problems can be missed. According to a survey of SOC professionals by Critical Start, nearly half the respondents admitted turning off high-volume alerting features when there are too many alerts to process. There were over 900 attacks per organization per week in the fourth quarter of last year, an all-time high, according to a Check Point report released last month. Education/Research and Government/Military facilities were at the top of the attack chart. The overall number of attacks on corporate networks was up 50% in 2021, compared to 2020.

According to Verizon’s data breach investigation report, most breaches were discovered in days, however 20% of breaches could take months or more before organizations realized something was amiss.

AI is definitely the latest weapon in the cybersecurity war. The trend is definitely moving to security vendors who integrate AI into their product offerings. Looking at suspicious events quickly inside a corporate environment and figuring out which ones indicate an actual threat is something that artificial intelligence can do well. Partner that with the critical shortage of skilled cybersecurity workers and some believe that given the potential capabilities and broad reach of AI, the industry will eventually “automate” some jobs to solve the problem of scarce cyber talent.

This may reduce the need for people to physically complete particular tasks in the cybersecurity world, but this scenario is unlikely to come to fruition in the short term. AI still has problems when things change too quickly, and incidents fall outside its area of knowledge. Also, someone will need to monitor the AI to continue to measure its effectiveness. That said, great strides in AI will be made within the next decade, building on the progress of the last five years.

AI: What is it and who is using it?

According to most accounts, the modern version of Artificial Intelligence, or AI, wasn't formally founded until 1956, at a conference at Dartmouth College, in Hanover, New Hampshire, where the term "artificial intelligence" was coined. Many consider John McCarthy, a professor emeritus of computer science at Stanford, as the dean of AI and the man who persuaded the attendees to accept "Artificial Intelligence" as the name of the field. McCarthy subsequently went on to become one of the major principals in the field for more than five decades.

By most definitions, artificial intelligence is a type of intelligence displayed by machines, as opposed to the natural intelligence displayed by humans and other animals. AI applications can analyze data and make decisions on their own, without human intervention. As AI becomes more and more prevalent in society, it is also making its way into the world of cybersecurity. AI can be used in several ways to help improve cybersecurity, including automatically detecting and responding to threats, improving network efficiency, and helping to identify vulnerabilities.

Why AI in Cyber is Gaining in Importance

The cyber attack surface in modern environments is massive, and it’s continuing to grow rapidly. This means that analyzing and improving an organization’s cyber security posture needs more than mere human intervention.

AI and machine learning are now becoming essential to information security, as these technologies are capable of swiftly analyzing millions of data sets and tracking down a wide variety of cyber threats — from malware menaces to shady behavior that might result in a phishing attack. These technologies continually learn and improve, drawing data from past experiences and present to pinpoint new varieties of attacks that can occur today or tomorrow.

There are Downsides to AI

Without huge volumes of data and events, AI systems can render incorrect results and/or false positives. AI-based products operate within dynamic systems where the flows of information change constantly. So, getting inaccurate data from unreliable sources can backfire.

It’s possible that AI will misinterpret inputs into the system and behave in a way that’s favorable to the attacker. For example, an iPhone’s “FaceID” access feature uses neural networks to recognize faces, making it susceptible to adversarial AI attacks. Hackers could construct adversarial images to bypass the Face ID security features and easily continue their attack without drawing attention.

The Market Potential of AI

Although AI may still be seen as somewhat of a “niche market,” that is going to change dramatically in the next decade. It’s no surprise that companies are investing research and resources into AI and that the technology has moved to the front and center of organizations. According to Grand View Research in its latest report on the global market, “Artificial Intelligence Market Size 2022-2030,” the worldwide AI market size was valued at $93.5 billion in 2021, with an anticipated growth rate of 38.1% from 2022 to 2030.

In the cyber security space, as the world continues to experience data breaches and cyber threats from in country and overseas, there will be a continuing need for companies and organizations to use AI to safeguard sensitive information. Today, AI is playing a key role in helping organizations like HSBC and Cisco power various applications. Some of these hot spots of potential information breaches are in identity, anti-money laundering investigations, and the use of AI analytics to detect a threat in encrypted traffic.

The increasing number of mobile users, as well as the continued adoption of cloud-based services, will contribute to the growth of the AI market for security due to the increased ease of attack. Companies are increasingly placing their trust in AI to stop hackers and others.

These all seem like obvious pros in terms of AI taking over the management of crucial systems. That said, how will the AI create negative competition, for example, between countries? As much as cybersecurity professionals have become expert at building defenses, will the offense have different and more advanced tools? Will our AI end up fighting their AI? Will everybody face off with their doomsday applications.

Conclusion

It will take all hands-on deck in the coming years to deal with cyber threats. According to many experts, including CYRIN’s own Kevin Cardwell, you still have to do the “fundamentals.” In the near term, shiny objects or no one product will take over the basic tenets of cybersecurity. That means human intervention combined with “intelligent” uses of AI and increased training in all sectors will still be the key.

CYRIN Can Help

CYRIN’s online interactive virtual training platform is designed to be “always available” 24/7 to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 60 interactive labs, courses, exercises and attacks where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks.

To meet the test, CYRIN is continuously evolving to stay abreast of the cyber “arms” race. We constantly add new exercises and courses and our collaboration with partners like the Rochester Institute of Technology (RIT) help us add new tools to meet the existing challenges and new threats as they emerge.

But don’t take our word for it. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

You Might Also Read:

CYRIN Launches New Docker Lab:

« Make Sure Your MSP Isn’t Your Security Achilles’ Heel
British Prime Minister’s Phone Hacked »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.

MineOS

MineOS

MineOS aligns compliance with business growth. We designed our platform so that privacy compliance efforts directly benefit other teams and initiatives.

Minimus

Minimus

Minimus, a pioneering application security startup, offers a groundbreaking platform that eliminates over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains.