New threats to cybersecurity are emerging. The shift to remote, and now hybrid work, has blurred the lines between the personal and professional, with swift procurement of IT products and new working locations making it harder to enforce good ‘cyber hygiene’ across businesses. This change has occurred alongside an increase in the sophistication of cyber attackers and attack techniques, making things extremely difficult for enterprises, says Elaine Lee, Data Scientist, at the cyber firm Mimecast.
As cyber professionals struggle to stay one step ahead of these fast-emerging threats, it is clear new technological innovations are needed. With thousands of tech solutions on the market, the objective needs to be technology that brings together vital information to enable cyber security professionals to monitor critical threats and processes these in real-time. The solution: Artificial intelligence (AI).
Introducing AI
AI is quickly becoming essential to the complex, data-driven world of cyber threat intelligence, particularly in the spaces where human intervention is not enough. With the capabilities it provides, AI and machine learning uses data and algorithms to imitate the way that humans learn, meaning the technology excels at identifying patterns in data and does so infinitely faster than a human analyst ever could. Different subsets of AI, such as deep learning, computer vision and natural language processing, also enable computers to solve complex problems and analyse unstructured data, images, audio, natural language, unstructured speech and text datasets.
These capabilities can fortify an organisations cyber defences and incorporate a more solid cyber security approach. While generally a beneficial tool for cybersecurity, AI brings true value to the cyber industry when used as an advisor for cyber professionals, analysing threats immediately to help them act quickly and stay one step ahead.
New kid on the block: AI in cybersecurity
AI is well-understood to be a valuable tool for cybersecurity, especially with an increasingly dangerous and varied threat level, as cyber professionals need a quick solution to help them monitor attacks and improve their knowledge of new threats.
So, how exactly can AI be utilised in cyber security? Basically, AI acts as an extra, and incredibly quick and precise, observer automatically identifying the tell-tale signs of a threat, such as a phishing email. After learning how to detect these issues, AI can gradually adapt to react to an increasing number of threats effectively. For example, machine learning models are used to detect anomalous and potentially risky patterns, such as email sending frequency, which can indicate the use of an organisation’s email for outbound attacks. Similarly, supervised learning models can be trained to categorise websites, highlighting both high-risk sites sent over emails and on the web generally. This means that AI can constantly scan for malicious URLs, not-safe-for-work images and spam, and using neural networks, can help identity forms of unwanted, but non-malicious emails. The trick, of course, is to find and block the bad and unwanted content, emails and images quickly, while not blocking anything legitimate. In some cases, it is very challenging to write the explicit rules that differentiate between good and bad, which is where AI can be an incredibly useful tool, as it eliminates laborious, human intensive practises while flagging emerging threat to cyber professionals early, before they become widespread issues.
Now, probably the most complex question to answer, what exactly is AI’s role within existing cyber security teams?
Currently, the increased pressure from cybercrime has resulted in a continuous game of whack-a-mole between hackers and cyber professionals, and as soon as one cyberthreat is stopped, another one pops up. This leads to cyber professionals racing to adapt to hackers’ advancing capabilities, educate relevant victim groups and limit the risk of attacks. This isn’t sustainable, and with research highlighting that human error is involved in over 90% of successful cybersecurity incidents, it’s clear that security professionals need support from advanced technologies, like AI to tackle the significant growth in cyber criminality seen over the last year.
A common misconception is that these tools are a replacement for human security staff, this could not be more incorrect. Are AI algorithms smarter than your average security researcher? Not even close. However, AI is excellent at taking over specific and monotonous tasks, such as detecting, mapping, and stopping unknown threats in the tidal wave of security relevant data (hundreds of billions of emails every few months- roughly 50% are bad or unwanted).
AI can also work alongside cybersecurity expert by taking on the role of a live coach, which means tracking security threats 24/7 to detect unusual behaviour, this may not always be something threatening per se, but an anomaly that can be escalated for human investigation. So, unlike other examples where machine learning models are trained by humans to detect specific threats, the technology is the first port of call and communicates with the cyber professionals to flag potential, otherwise undetected threats. This provides the industry with cheaper, better, and faster protection than traditional analytic techniques and manual processes.
Having security provisions like this in place allows cybersecurity experts to dedicate time to proactively defending organisations, continuing to develop their knowledge of the threat landscape and training employees to recognise potential threats and avoid pitfalls.
AI has endless capabilities, especially in cyber security where it is already being utilised in multiple forms to detect outbound attacks, check and filter images and categorise phishing emails. However, when it comes to AI’s place in the overall security technology toolbox, it has most value as an analytic technique when it is used as a trusted advisor helping cyber professionals in the never-ending fight against threat actors.
