Along with the advent of newer and newer technologies, the cybersecurity domain is also getting its impact. Whilst users are getting better at spotting basic attacks like phishing, cyber criminals are using new technologies and machine learning to trick us, steal data, and ultimately make fortunes. Artificial intelligence, in particular, is perceived to have the potential to become a game-changer with the rising availability of AI posing a new cyber crime threat. Also, the increased sophistication available to criminals such as chat bots will enable them to rapidly upscale the breadth of their targets. A group of 26 experts from around the world have warned that wanton proliferation of artificial intelligence technologies could enable new forms of cybercrime, political disruption and even physical attacks within five years. In a new report, the academic, industry and the charitable sector experts, describe AI as a “dual use technology” with potential military and civilian uses, akin to nuclear power, explosives and hacking tools. On account of all this, the role artificial intelligence can play – both for cybercriminals and cybersecurity experts- has become the topic of heated discussions in the IT world.
The current threat landscape is fraught with too many challenges. Traditional, prevention-focused, rule-based security approaches have already become a thing of the past a while ago. Cybercriminals are using sophisticated, multi-layered attacks to take advantage of this situation. Recent attacks such as WannaCry ransomware attack highlight just how vulnerable the global IT landscape is to advanced threats. It was a worldwide cyberattack, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
Experts in the field are of the opinion that the strong entry of AI into the mix would in all probability worsen the situation. Using AI, cybercriminals can automate their attacks. It provides an opportunity to threat actors to continue doing what they were doing, in a better and more effective way. Attacks will be swifter, their surface area larger and capable of targeting vulnerabilities with greater efficiency. The number of incidents and resultantly their impact will go up. A single local breach could end up compromising networks and devices on a global scale.
But cyber defence is the realm where AI has made the most important difference. By using its massive computational power, AI can automate the collection and analysis of data. This helps in filtering out false positives and focusing on actual threats. AI can also analyse data from across the entire IT stack, giving security teams a more comprehensive view of the entire security framework, and identify vulnerabilities, threats, and incidents at a much-faster pace. This, in turn, allows for near-instant and more accurate threat detection, response, containment, mitigation, and remediation.
Understanding these threats, leading cybersecurity players have started integrating AI into their security solutions to offer AI-driven Managed Detection and Response (MDR) services. These solutions allow cybersecurity experts to contextualise the global threat data, and use those insights in reference to the particular needs of a business to anticipate potential threats in advance. Such high level of insights enable them to continuously update the security frameworks as per the latest business and security requirements. By providing 24×7x365 security monitoring, AI can also identify and hunt stealth attack campaigns within the network before they can cause a breach by analysing suspicious activity. Compliance violations and policy changes can also be viewed in real-time, enabling better visibility into the threat and risk postures across IT systems.
Another aspect that an AI-driven MDR approach optimises is that of security response. Machine learning algorithms constantly analyse and triage security alerts, while forensic automation determines the criticality of the event. This enables a much swifter response to actual security incidents. Security teams are also guided through the threat response and remediation with actionable measures, helping them make accurate and data-driven decisions.
AI-driven MDR can also help in optimising the post-incident security response. Incidents are investigated for impact and attacker attribute, and the entire attack chain is analysed for improving security strategies. This minimises the risk of a future breach from similar attacks.
Experts are of the opinion that more work should be done in understanding the right balance of openness in AI, developing improved technical measures for formally verifying the robustness of systems, and ensuring that policy frameworks developed in a less AI-infused world adapt to the new world we are creating.