Artificial Intelligence & Its Impact On Cyber Security

Contributed by AT Corp / Cyrin

It seemed simple enough: in 2014 the California Public Utilities Commission (CPUC) directed the State’s three largest utilities to come up with a program to address the threat of wildfires. As reported in the new book, California Burning, Pacific Gas & Electric (PG&E) which provides electric and natural gas service throughout most of Northern and Central California, found the task daunting. The company realized there was no way they could clear every tree from every line.

To alleviate the problem an attempt was made to identify the areas at highest risk of causing fires. According to the book, one company slide read… “it’s not about the 50,000,000 potential threats… it’s about the 5,000 real threats to our facilities.”

For firms facing ongoing cyber attacks, the analogy is similar. How do they pursue the really dangerous attacks that can take down their network, versus intrusions while problematic, will not take down the whole organization?

According to several studies, security operations center (SOC) analysts are overwhelmed by security alerts that come in every day, many of them false alarms. Much of their time gets directed to routine work and not enough on the big problems – or they miss those attacks altogether.

“All vendors have to use AI and ML today, just to handle the volume of threats and the sophistication of threats,” according to Etay Maor, cyber security professor at Boston College and senior director of security strategy at Cato.

In a Trend Micro survey of IT security and SOC decision-makers released last May, 51% said their teams were overwhelmed by the volume of alerts and 55% said they weren’t confident in their ability to prioritize and respond to them. In addition, the survey indicated respondents spent up to 27% of their time dealing with false alarms.

This means that actual problems or big problems can be missed. According to a survey of SOC professionals by Critical Start, nearly half the respondents admitted turning off high-volume alerting features when there are too many alerts to process. There were over 900 attacks per organization per week in the fourth quarter of last year, an all-time high, according to a Check Point report released last month. Education/Research and Government/Military facilities were at the top of the attack chart. The overall number of attacks on corporate networks was up 50% in 2021, compared to 2020.

According to Verizon’s data breach investigation report, most breaches were discovered in days, however 20% of breaches could take months or more before organizations realized something was amiss.

AI is definitely the latest weapon in the cybersecurity war. The trend is definitely moving to security vendors who integrate AI into their product offerings. Looking at suspicious events quickly inside a corporate environment and figuring out which ones indicate an actual threat is something that artificial intelligence can do well. Partner that with the critical shortage of skilled cybersecurity workers and some believe that given the potential capabilities and broad reach of AI, the industry will eventually “automate” some jobs to solve the problem of scarce cyber talent.

This may reduce the need for people to physically complete particular tasks in the cybersecurity world, but this scenario is unlikely to come to fruition in the short term. AI still has problems when things change too quickly, and incidents fall outside its area of knowledge. Also, someone will need to monitor the AI to continue to measure its effectiveness. That said, great strides in AI will be made within the next decade, building on the progress of the last five years.

AI: What is it and who is using it?

According to most accounts, the modern version of Artificial Intelligence, or AI, wasn't formally founded until 1956, at a conference at Dartmouth College, in Hanover, New Hampshire, where the term "artificial intelligence" was coined. Many consider John McCarthy, a professor emeritus of computer science at Stanford, as the dean of AI and the man who persuaded the attendees to accept "Artificial Intelligence" as the name of the field. McCarthy subsequently went on to become one of the major principals in the field for more than five decades.

By most definitions, artificial intelligence is a type of intelligence displayed by machines, as opposed to the natural intelligence displayed by humans and other animals. AI applications can analyze data and make decisions on their own, without human intervention. As AI becomes more and more prevalent in society, it is also making its way into the world of cybersecurity. AI can be used in several ways to help improve cybersecurity, including automatically detecting and responding to threats, improving network efficiency, and helping to identify vulnerabilities.

Why AI in Cyber is Gaining in Importance

The cyber attack surface in modern environments is massive, and it’s continuing to grow rapidly. This means that analyzing and improving an organization’s cyber security posture needs more than mere human intervention.

AI and machine learning are now becoming essential to information security, as these technologies are capable of swiftly analyzing millions of data sets and tracking down a wide variety of cyber threats — from malware menaces to shady behavior that might result in a phishing attack. These technologies continually learn and improve, drawing data from past experiences and present to pinpoint new varieties of attacks that can occur today or tomorrow.

There are Downsides to AI

Without huge volumes of data and events, AI systems can render incorrect results and/or false positives. AI-based products operate within dynamic systems where the flows of information change constantly. So, getting inaccurate data from unreliable sources can backfire.

It’s possible that AI will misinterpret inputs into the system and behave in a way that’s favorable to the attacker. For example, an iPhone’s “FaceID” access feature uses neural networks to recognize faces, making it susceptible to adversarial AI attacks. Hackers could construct adversarial images to bypass the Face ID security features and easily continue their attack without drawing attention.

The Market Potential of AI

Although AI may still be seen as somewhat of a “niche market,” that is going to change dramatically in the next decade. It’s no surprise that companies are investing research and resources into AI and that the technology has moved to the front and center of organizations. According to Grand View Research in its latest report on the global market, “Artificial Intelligence Market Size 2022-2030,” the worldwide AI market size was valued at $93.5 billion in 2021, with an anticipated growth rate of 38.1% from 2022 to 2030.

In the cyber security space, as the world continues to experience data breaches and cyber threats from in country and overseas, there will be a continuing need for companies and organizations to use AI to safeguard sensitive information. Today, AI is playing a key role in helping organizations like HSBC and Cisco power various applications. Some of these hot spots of potential information breaches are in identity, anti-money laundering investigations, and the use of AI analytics to detect a threat in encrypted traffic.

The increasing number of mobile users, as well as the continued adoption of cloud-based services, will contribute to the growth of the AI market for security due to the increased ease of attack. Companies are increasingly placing their trust in AI to stop hackers and others.

These all seem like obvious pros in terms of AI taking over the management of crucial systems. That said, how will the AI create negative competition, for example, between countries? As much as cybersecurity professionals have become expert at building defenses, will the offense have different and more advanced tools? Will our AI end up fighting their AI? Will everybody face off with their doomsday applications.

Conclusion

It will take all hands-on deck in the coming years to deal with cyber threats. According to many experts, including CYRIN’s own Kevin Cardwell, you still have to do the “fundamentals.” In the near term, shiny objects or no one product will take over the basic tenets of cybersecurity. That means human intervention combined with “intelligent” uses of AI and increased training in all sectors will still be the key.

CYRIN Can Help

CYRIN’s online interactive virtual training platform is designed to be “always available” 24/7 to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 60 interactive labs, courses, exercises and attacks where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks.

To meet the test, CYRIN is continuously evolving to stay abreast of the cyber “arms” race. We constantly add new exercises and courses and our collaboration with partners like the Rochester Institute of Technology (RIT) help us add new tools to meet the existing challenges and new threats as they emerge.

But don’t take our word for it. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

You Might Also Read:

CYRIN Launches New Docker Lab:

« Make Sure Your MSP Isn’t Your Security Achilles’ Heel
British Prime Minister’s Phone Hacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

Velum Labs

Velum Labs

Velum Labs is a cyber intelligence company that provides simple and non-intrusive, cloud and cyber intelligence solutions; built from a market-leading understanding of cyber-attack methodology.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.