Artificial Intelligence & Its Impact On Cyber Security

Uploaded on 2022-11-07 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

Contributed by AT Corp / Cyrin

It seemed simple enough: in 2014 the California Public Utilities Commission (CPUC) directed the State’s three largest utilities to come up with a program to address the threat of wildfires. As reported in the new book, California Burning, Pacific Gas & Electric (PG&E) which provides electric and natural gas service throughout most of Northern and Central California, found the task daunting. The company realized there was no way they could clear every tree from every line.

To alleviate the problem an attempt was made to identify the areas at highest risk of causing fires. According to the book, one company slide read… “it’s not about the 50,000,000 potential threats… it’s about the 5,000 real threats to our facilities.”

For firms facing ongoing cyber attacks, the analogy is similar. How do they pursue the really dangerous attacks that can take down their network, versus intrusions while problematic, will not take down the whole organization?

According to several studies, security operations center (SOC) analysts are overwhelmed by security alerts that come in every day, many of them false alarms. Much of their time gets directed to routine work and not enough on the big problems – or they miss those attacks altogether.

“All vendors have to use AI and ML today, just to handle the volume of threats and the sophistication of threats,” according to Etay Maor, cyber security professor at Boston College and senior director of security strategy at Cato.

In a Trend Micro survey of IT security and SOC decision-makers released last May, 51% said their teams were overwhelmed by the volume of alerts and 55% said they weren’t confident in their ability to prioritize and respond to them. In addition, the survey indicated respondents spent up to 27% of their time dealing with false alarms.

This means that actual problems or big problems can be missed. According to a survey of SOC professionals by Critical Start, nearly half the respondents admitted turning off high-volume alerting features when there are too many alerts to process. There were over 900 attacks per organization per week in the fourth quarter of last year, an all-time high, according to a Check Point report released last month. Education/Research and Government/Military facilities were at the top of the attack chart. The overall number of attacks on corporate networks was up 50% in 2021, compared to 2020.

According to Verizon’s data breach investigation report, most breaches were discovered in days, however 20% of breaches could take months or more before organizations realized something was amiss.

AI is definitely the latest weapon in the cybersecurity war. The trend is definitely moving to security vendors who integrate AI into their product offerings. Looking at suspicious events quickly inside a corporate environment and figuring out which ones indicate an actual threat is something that artificial intelligence can do well. Partner that with the critical shortage of skilled cybersecurity workers and some believe that given the potential capabilities and broad reach of AI, the industry will eventually “automate” some jobs to solve the problem of scarce cyber talent.

This may reduce the need for people to physically complete particular tasks in the cybersecurity world, but this scenario is unlikely to come to fruition in the short term. AI still has problems when things change too quickly, and incidents fall outside its area of knowledge. Also, someone will need to monitor the AI to continue to measure its effectiveness. That said, great strides in AI will be made within the next decade, building on the progress of the last five years.

AI: What is it and who is using it?

According to most accounts, the modern version of Artificial Intelligence, or AI, wasn't formally founded until 1956, at a conference at Dartmouth College, in Hanover, New Hampshire, where the term "artificial intelligence" was coined. Many consider John McCarthy, a professor emeritus of computer science at Stanford, as the dean of AI and the man who persuaded the attendees to accept "Artificial Intelligence" as the name of the field. McCarthy subsequently went on to become one of the major principals in the field for more than five decades.

By most definitions, artificial intelligence is a type of intelligence displayed by machines, as opposed to the natural intelligence displayed by humans and other animals. AI applications can analyze data and make decisions on their own, without human intervention. As AI becomes more and more prevalent in society, it is also making its way into the world of cybersecurity. AI can be used in several ways to help improve cybersecurity, including automatically detecting and responding to threats, improving network efficiency, and helping to identify vulnerabilities.

Why AI in Cyber is Gaining in Importance

The cyber attack surface in modern environments is massive, and it’s continuing to grow rapidly. This means that analyzing and improving an organization’s cyber security posture needs more than mere human intervention.

AI and machine learning are now becoming essential to information security, as these technologies are capable of swiftly analyzing millions of data sets and tracking down a wide variety of cyber threats — from malware menaces to shady behavior that might result in a phishing attack. These technologies continually learn and improve, drawing data from past experiences and present to pinpoint new varieties of attacks that can occur today or tomorrow.

There are Downsides to AI

Without huge volumes of data and events, AI systems can render incorrect results and/or false positives. AI-based products operate within dynamic systems where the flows of information change constantly. So, getting inaccurate data from unreliable sources can backfire.

It’s possible that AI will misinterpret inputs into the system and behave in a way that’s favorable to the attacker. For example, an iPhone’s “FaceID” access feature uses neural networks to recognize faces, making it susceptible to adversarial AI attacks. Hackers could construct adversarial images to bypass the Face ID security features and easily continue their attack without drawing attention.

The Market Potential of AI

Although AI may still be seen as somewhat of a “niche market,” that is going to change dramatically in the next decade. It’s no surprise that companies are investing research and resources into AI and that the technology has moved to the front and center of organizations. According to Grand View Research in its latest report on the global market, “Artificial Intelligence Market Size 2022-2030,” the worldwide AI market size was valued at $93.5 billion in 2021, with an anticipated growth rate of 38.1% from 2022 to 2030.

In the cyber security space, as the world continues to experience data breaches and cyber threats from in country and overseas, there will be a continuing need for companies and organizations to use AI to safeguard sensitive information. Today, AI is playing a key role in helping organizations like HSBC and Cisco power various applications. Some of these hot spots of potential information breaches are in identity, anti-money laundering investigations, and the use of AI analytics to detect a threat in encrypted traffic.

The increasing number of mobile users, as well as the continued adoption of cloud-based services, will contribute to the growth of the AI market for security due to the increased ease of attack. Companies are increasingly placing their trust in AI to stop hackers and others.

These all seem like obvious pros in terms of AI taking over the management of crucial systems. That said, how will the AI create negative competition, for example, between countries? As much as cybersecurity professionals have become expert at building defenses, will the offense have different and more advanced tools? Will our AI end up fighting their AI? Will everybody face off with their doomsday applications.

Conclusion

It will take all hands-on deck in the coming years to deal with cyber threats. According to many experts, including CYRIN’s own Kevin Cardwell, you still have to do the “fundamentals.” In the near term, shiny objects or no one product will take over the basic tenets of cybersecurity. That means human intervention combined with “intelligent” uses of AI and increased training in all sectors will still be the key.

CYRIN Can Help

CYRIN’s online interactive virtual training platform is designed to be “always available” 24/7 to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 60 interactive labs, courses, exercises and attacks where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks.

To meet the test, CYRIN is continuously evolving to stay abreast of the cyber “arms” race. We constantly add new exercises and courses and our collaboration with partners like the Rochester Institute of Technology (RIT) help us add new tools to meet the existing challenges and new threats as they emerge.

But don’t take our word for it. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

You Might Also Read:

CYRIN Launches New Docker Lab:

« Make Sure Your MSP Isn’t Your Security Achilles’ Heel
British Prime Minister’s Phone Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cloud Industry Forum (CIF)

Cloud Industry Forum (CIF)

Cloud Industry Forum is a non-profit industry body that champions and advocates the adoption and use of Cloud-based services by businesses and individuals.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Chainkit

Chainkit

Chainkit detects adversarial anti-forensic tampering techniques that attackers use to evade detection and prolong dwell times inside a system.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.