AI, Automation, and the Future of Cyber Security
By i-confidential Staff
Cyber crime will cost the world over $6 trillion this year. That's up 100% from 2015. But a single number, however large, doesn’t answer the obvious question - what’s driving the huge increase?
Many of the new threats are caused by the growth in artificial intelligence (AI) and automation.
These terms are often used interchangeably, but there are some major differences.
AI can be defined as, “the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions.”
Automation, however, “substitutes human labour in tasks both physical and cognitive - especially those that are predictable and routine.”
When you combine the two, you can achieve incredible efficiency, flexibility, and scale.
Let’s look at a couple of the big threats from AI and automation.
One of the most common types of cyber attacks today is ‘credential stuffing’. This occurs when cyber criminals take stolen credentials from data breaches. Next, they use tools to automatically attempt logins to every matching account to steal funds or data. Many people will have come across CAPTCHA, which was created to combat this threat.
CAPTCHA attempts to prevent bots credential stuffing by presenting a visual challenge which a human would find relatively easy and a bot should struggle with.
And yet AI is growing exponentially, both in its use and advancing intelligence. Cyber criminals have adopted it with open arms. A study undertaken by Google found that AI-based Optical Character Recognition technology (OCR) could solve 99.8% of CAPTCHA challenges.
‘Stealth’ Malware is another cyber attack method which uses AI. This malware is designed to be undetectable by network security tools. It will hide within a network for months at a time, waiting to discover possible loopholes in security mechanisms, and to detect what is ‘normal’ network behaviour. The malware will then analyse the patterns and attack the organisation’s systems in the most effective and efficient manner.
One example comes from researchers at IBM who presented malware called DeepLocker, which worked by using WannaCry ransomware. The malware infiltrated a video-conferencing application and scanned the faces of people in the organisation using their webcams. After detecting a specific person, DeepLocker then launched an automated cyber attack. These kinds of attacks can target specific people using face, voice, or even geolocation detection as a trigger.
Modern cyber attacks increasingly use automation and AI. When organisations attempt to defend themselves in a manual way, the battle is totally one sided. The only way to have a fighting chance with cyber criminals is to use AI and automation against them. By incorporating these methods into their own cyber security strategy, organisations can even the odds and utilise intelligent automation for a quicker, more comprehensive defence model.
How can automation and AI improve cyber security?
Automated Network Scanning
Automated network scanning tools are the most effective way of discovering vulnerabilities. These tools continuously scan and monitor your network 24 hours a day. They can often map network flows too, providing a clear picture of all the systems within your architecture, regardless of geography or who manages it. This enables rapid remediation of any detected vulnerabilities and prevents malicious exploitation.
AI Powered Threat Detection
A company called Senseon has created a form of intelligent threat detection, known as ‘AI Triangulation’. This technology imitates how a human security analyst would think. It acts to automate the process of threat detection, investigation, and response. By observing the behaviours of users and devices from multiple perspectives, Senseon provides accurate and context-rich alerts. These automated capabilities free security teams from the burden of exhaustive analysis, alert fatigue, and false positives.
Automated Certificate Management
Google’s requirement for website encryption as standard makes the use of SSL certificates and keys almost a prerequisite. The subsequent creation of dangerous blind spots regarding public key infrastructure is a common problem. Questions such as, “How many keys does your organisation have?” and, “Who has access to those certificates and keys?” are all a cause for concern.
‘Shadow’, or unknown certificates, are a massive liability. They can cause security breaches, downtime, and long outages. This is where Automated Certificate Management tools come in. They will discover and identify the certificates within your network. They can also automate certificate issuance, renewal, installation, and revocation, as well as send automatic expiry notifications and generate certificate status reports.
Both AI and automation will be hugely beneficial to the way we manage security. But despite them being positioned by some as the only solutions, they will never remove the need for human involvement. AI and automation are not a replacement for human interaction, but they can support human capabilities. The aim is to aid employees with tools that make them more productive overall, so they can concentrate efforts on tackling the most challenging threats.
Humans understand their working environments, they remember legacy infrastructure, and they have the intuition to account for a variety of factors outside of technology alone (human error or historical lessons). These are tough concepts for AI to understand.
Yet security professionals often struggle with what makes them human in the first place. Mistakes and inconsistencies happen, people get tired or distracted. Machines have no problem with scaling up or down in a matter of seconds and they are relentlessly consistent.
It is clear that the perfect solution, for now at least, is a mixture of both human and machine. By uniting human analysts with AI and automation, intuition and intellect with scalability and consistency, organisations can reap significant benefits.