Artificial intelligence (AI) is the topic du jour, with the latest and greatest in AI technology drawing breathless news coverage. And probably few industries are set to gain as much, or possibly to be hit as hard, as cybersecurity. Contrary to popular belief, some in the field have been using the technology in some form for over two decades. But the power of cloud computing and advanced algorithms are combining to enhance digital defenses further or help create a new generation of AI-based applications, which could transform how organizations protect, detect and respond to attacks.
On the other hand, as these capabilities become cheaper and more accessible, threat actors will also utilize the technology in social engineering, disinformation, scams and more. A new white paper from ESET sets out to uncover the risks and opportunities for cyber-defenders.
Large language models (LLMs) may be the reason boardrooms across the globe are abuzz with talk of AI, but the technology has been to good use in other ways for years. ESET, for example, first deployed AI over a quarter of a century ago via neural networks in a bid to improve detection of macro viruses. Since then, it has used AI in various forms to deliver:
Today, security teams need effective AI-based tools more than ever, thanks to three main drivers:
At the last count, there was a shortfall of around four million cybersecurity professionals globally, including 348,000 in Europe and 522,000 in North America. Organizations need tools to enhance the productivity of the staff they do have, and provide guidance on threat analysis and remediation in the absence of senior colleagues. Unlike human teams, AI can run 24/7/365 and spot patterns that security professionals might miss.
As cybersecurity teams struggle to recruit, their adversaries are going from strength to strength. By one estimate, the cybercrime economy could cost the world as much as $10.5 trillion annually by 2025. Budding threat actors can find everything they need to launch attacks, bundled into readymade “as-a-service” offerings and toolkits. Third-party brokers offer up access to pre-breached organizations. And even nation state actors are getting involved in financially motivated attacks – most notably North Korea, but also China and other nations. In states like Russia, the government is suspected of actively nurturing anti-West hacktivism.
As digital investment has grown over the years, so has reliance on IT systems to power sustainable growth and competitive advantage. Network defenders know that if they fail to prevent or rapidly detect and contain cyberthreats, their organization could suffer major financial and reputational damage. A data breach costs on average $4.45m today. But a serious ransomware breach involving service disruption and data theft could hit many times that. One estimate claims financial institutions alone have lost $32bn in downtime due to service disruption since 2018.
It’s therefore no surprise that organizations are looking to harness the power of AI to help them prevent, detect and respond to cyberthreats more effectively. But exactly how are they doing so? By correlating indicators in large volumes of data to identify attacks. By identifying malicious code through suspicious activity which stands out from the norm. And by helping threat analysts through interpretation of complex information and prioritization of alerts.
Here are a few examples of current and near-future uses of AI for good:
Unfortunately, the bad guys have also got their sights on AI. According to the UK’s National Cyber Security Centre (NCSC), the technology will “heighten the global ransomware threat” and “almost certainly increase the volume and impact of cyber-attacks in the next two years.” How are threat actors currently using AI? Consider the following:
For good or bad, AI has its limitations at present. It may return high false positive rates and, without high-quality training sets, its impact will be limited. Human oversight is also often required in order to check output is correct, and to train the models themselves. It all points to the fact that AI is neither a silver bullet for attackers nor defenders.
In time, their tools could square off against each other – one seeking to pick holes in defenses and trick employees, while the other looks for signs of malicious AI activity. Welcome to the start of a new arms race in cybersecurity.