AI IN CYBER SECURITY - ALLY OR ADVERSARY

Introduced by John McCarthy in 1956, Artificial intelligence (AI) aimed to replicate human cognitive abilities and empower computers in different fields. These include medicine, sports, and cybersecurity to mention but a few. In cybersecurity, AI improves data protection and automation, amongst other things. According to Verified Market Research, the AI cybersecurity market was valued at $17 billion in 2022 and is projected to be valued at $102 billion by 2032.

Before AI, security experts largely depended on signature-based detection tools. These tools were used to compare incoming network traffic to known threats or malicious code signatures.  This approach was pretty successful for known threats and has been greatly enhanced by artificial intelligence. AI has also improved how effective user behavioral analysis (UBA) based tools are in detecting new or unknown threats.

But has AI been all good tales and no bad days? This article explores the impact of AI on cybersecurity, and examines its positive contributions and potential adversarial traits.

AI AND CYBERSECURITY 

AI's involvement in cybersecurity helps human experts to recognize hacking attempts. This aids organizations to better secure their systems and data against malicious attempts. Advancements in computing power allow AI integration with small datasets. Standard graphics processing units (GPUs) are now in use which eliminates the need for clusters of high-end servers with costly processors.

AI AS AN ALLY IN CYBERSECURITY

AI serves as a powerful ally in cybersecurity, offering the advantages below:

Anomaly Detection: 

Using traditional security tools may no longer be the fastest way to cope in a fast moving threat landscape. Security analysts spend several man-hours going through tens of security alerts, sometimes missing critical information in the huge volume they are faced with.

AI will help your organization address these challenges through AI algorithms. These can analyze vast datasets to identify anomalies and patterns that may go unnoticed by traditional methods. Once these anomalies and patterns are flagged, your analysts can then validate them and/or continue investigation. This especially saves analysts time by alerting on the anomalies promptly.

An example is the Anomaly Detection tool offered by DynaTrace. 

Incident response and security automation: 

Last year, IBM launched a New QRadar Security Suite aimed at speeding up threat detection and response. This upgraded interface plays an important role in enhancing analyst response throughout the entire attack lifecycle. It has shown an average 55% acceleration in alert triage through its AI and automation functionalities.

For incident response, AI can help trigger swift and automated actions by providing your organization with real-time insights into the nature of the attack. 

Darktrace relies on an AI-driven continuous feedback loop, incorporating AI inputs to generate outcomes, safeguarding corporate data against advanced cyber threats.

When properly applied, AI can help your organization in automating security which will free employees from repetitive tasks and save time and resources. Additionally, this can limit the occurrence of human error by reducing human involvement in some tasks.

Endpoint Security: 

Due to the increase in remote work, securing endpoints is a must to avoid security breaches. VPNs and antivirus solutions are inadequate, leaving endpoints susceptible. With AI, your organization can boost password protection and user account security using authentication methods. Artificial intelligence-powered solutions such as CAPTCHA, fingerprint scanners, and facial recognition have the ability to identify genuine login attempts.

An example is IBM’s Verify. This tool caters to both hybrid and multi-cloud enterprises that have to comply with regulatory standards, such as ISO 27001. It uses AI to assess current risks, discover existing access controls, and provide guidance on reducing this risk and meeting compliance standards.

Risk Assessment: 

Risk Assessment involves evaluating potential risks and vulnerabilities. AI can provide your organization with swift access to detailed technical knowledge on tools, offering insights into the latest vulnerabilities. This also includes third and fourth party risks. AI’s quick access to vast data, ability to enrich information with the latest threat intelligence, and strong data analysis make it ideal for cybersecurity enhancement. 

Tools like Tenable’s Exposure enable security professionals to swiftly gather, analyze, and understand risks, ensuring a prompt response to potential threats.

AI AS AN ADVERSARY IN CYBERSECURITY

AI also introduces several disadvantages in cybersecurity, including:

AI as a Tool for Hackers: 

The worrisome trend of hackers using AI to enhance malware abilities introduces a new level of cybersecurity threats. AI-based malware, continuously learning and adapting, poses an increased risk for organizations defending against cyber attacks. Another area of concern is the fusion of neural fuzzing and neural networks. This enables threat actors to exploit software vulnerabilities, allowing attackers to gather information about target systems, and identify weaknesses for potential exploitation. A great example is the cyberattack TaskRabbit experienced in 2018. This data breach affected about 3.75 million users. Cybersecurity experts largely suspect that there was a great level of AI involved in the attack because it was sophisticated and untraceable. 

Privacy and Legal Issues:

The application of AI in cybersecurity within organizations may require evaluating large volumes of personally identifiable information (PII) which has raised privacy concerns. Last year, Italy temporarily banned Western ChatGPT–a popular AI chatbot due to a suspected breach of Europe's privacy regulations. Although it has been restored, there are still data concerns.

Final Word

As the frequency of cybersecurity attacks keep surging, the role of AI in cybersecurity is more crucial than ever. 

AI is both an ally and an adversary. While it enhances threat detection and response, careful navigation is needed to address potential adversarial aspects. The journey forward requires a collaborative effort just like Google's $10 billion commitment to strengthen cybersecurity.