Artificial Intelligence Is Being Badly Used In Cyber Security

Uploaded on 2021-07-20 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

The cyber attack surface in modern enterprise environments is massive, and it’s continuing to grow rapidly. This means that analysing and improving an organisation’s cyber security posture needs more than mere human intervention.

There is currently a big debate going on over whether Artificial Intelligence (AI) is a good or bad thing in terms of its impact on human life.  With more and more enterprises using AI for their needs, it’s time to analyse the possible impacts of the implementation of AI in the cyber security field.

AI in cyber security is beneficial because it improves how security experts analyse and understand cyber crime. It enhances the cyber security technologies that companies use to combat cyber criminals and help keep organisations and customers safe. On the other hand, AI can be very resource intensive. It may not be practical in all applications. More importantly, it also can serve as a new weapon in the arsenal of cyber criminals who use the technology to hone and improve their cyber-attacks.

The cyber security industry is rapidly embracing the notion of “zero trust”, where architectures, policies, and processes are guided by the principle that no one and nothing should be trusted. However, the cyber security industry is simultaneously  incorporating a growing number of AI-driven security solutions that rely on some type of trusted “ground truth” as reference point.

Organisations are beginning to use AI in their cyber security, but a lot of the methods being employed put questions upon whether regulators, compliance officers, security professionals, and employees are able to trust these new security models.

Because AI models are sophisticated, obscure, automated, and oftentimes evolving, it is difficult to establish trust in an AI-dominant environment. Yet without trust and accountability, some of these models might be considered risk-prohibitive and may be restricted or banned altogether. 

  • AI security revolves around data, and making sure data quality and integrity really works. 
  • The data used to power AI-based cyber security systems faces further problems:
  • Cyber criminals can use data training data to infiltrate datasets and they can then disrupt and take down the security controls.
  • AI  significantly increases the number of data points

Security professionals are faced with dynamic and sophisticated adversaries that learn and adapt over time. Accumulating more security-related data might well improve AI-powered security models, but at the same time, it could lead adversaries to change their modus operandi, diminishing the efficacy of existing data and AI models. 

Another challenge for AI models emanates from unknown unknowns, or blind spots, that are seamlessly incorporated into the models’ training datasets and therefore attain a stamp of approval and might not raise any alarms from AI-based security controls.

Future

All of these challenges and more are detrimental to the ongoing effort to fortify islands of trust in AI-dominated cyber security industry. This is especially true in the current environment where we lack widely-accepted AI explainability, accountability, and robustness standards and frameworks. It is up to the data science and cyber security communities to design, incorporate, and advocate for robust risk assessments and stress tests, enhanced visibility and validation, hard-coded guardrails, and offsetting mechanisms that can ensure trust and stability in our digital ecosystem in the age of AI.

As the potential of AI is being explored to boost the cyber security profile of a corporation, it is also being developed by hackers. Since it is still being developed and its potential is far from reach, we cannot yet know whether it will one day be helpful or detrimental for cyber security. 

In the meantime, it’s important that organisations do as much as they can with a mix of traditional methods and AI to stay on top of their cyber security strategy. 

AI is fast emerging as a must-have technology for enhancing the performance of IT security teams. Humans can no longer scale to sufficiently secure an enterprise-level attack surface, and AI gives the much-needed analysis and threat identification that can be used by security professionals to minimise breach risk and enhance security posture. Moreover, AI can help discover and prioritize risks, direct incident response, and identify malware attacks before they come into the picture. So, even with the potential downsides, AI will serve to drive cybersecurity forward and help organisations create a more robust security posture. 

Business leaders are best advised to familiarise themselves with the cutting edge of AI safety and security research, which is still at a comparatively early stage. Only with better knowledge can decision makers can properly consider how adding  AI to their product or service will enhance user experiences, while weighing the costs of potentially subjecting users to additional data breaches and other unwelcome effects.

HBR:      Venturebeat:       CPO Magazine:       Computer.org:     The SSL Store:   

You Might Also Read: 

Can  Ethical AI Become A Reality?:

 

« SMEs Need To Close The Cyber Security Training Gap
Russian National Security Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Threater

Threater

Threater (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.