For years now we’ve trusted automated systems to fly our planes and wouldn’t think twice about boarding a flight. Why then are we so mistrusting of AI when it comes to cybersecurity? Perhaps it’s because there is a pilot overseeing the ‘machine’ on a flight.
Most businesses are comfortable with the idea of using AI, but are less enthusiastic if you remove the human from the decision-making process entirely.
As the threat landscape continues to be increasingly volatile, and attacks rise and become more sophisticated, it might be time to rethink how we use this technology to protect our businesses.
Using artificial intelligence (AI) and machine learning (ML) technologies, vast amounts of data can be automatically monitored, finding patterns and spotting anomalies that the human brain wouldn’t detect nor a traditional firewall prevent.
As cybercriminals start to exploit these technologies for their own malicious means, it’s time to fight back.
AI-powered cyberattacks have the power to help criminals fly under the radar of conventional protection methods.
Let’s look at phishing as an example. Infused with AI, these messages, designed to trick employees into revealing sensitive information or downloading harmful software, can be personalised to target a higher-profile of employee such as the C-Suite.
Bad actors could impersonate board members or send fake invoices from known suppliers. ML can be used to generate convincing emails and replies, and reference previous correspondence making it near impossible to spot the difference.For instance, cybercriminals know that Netflix and Apple send users emails to reactivate their account or update their details, so they can easily exploit this by sending out similar material. Often they include real links that fool security systems and end users.
This technology has even started to be applied to audio, known as deepfake phishing attacks. Algorithms only need to hear a few seconds of someone talking to be able to reproduce their voice.
AI can also be used to help identify the individuals to target in the first place based on their social media activity or email signature.
Something we saw happen to Marriott Hotels in January 2020, and more recently, Colonial Pipeline in the US, where employee logins were used to access IT systems and guest records.
This is where AI is most dangerous. It’s the context it brings for cybercriminals.
When amplified with AI, malware can move through an organisation undetected, analysing the network traffic as it goes to blend in. AI can also learn from probing into an organisation’s network, using the failed attempts to arrive at the most effective form of attack.
Another form of probing comes from ‘credential stuffing’ which is where attackers, usually bots, try existing sets of known usernames and passwords to try and access different systems – based on the fact people use the same credentials across different platforms.
TaskRabbit, an online marketplace, fell victim to this in April 2018. 3.75 million users were affected and the entire site had to be disabled until security was restored five months later. In the meantime, a further 141 million users were impacted.
We’ve entered a complex time, and all the usual defences we’ve relied on before – such as the perimeter firewall defined by the physical office are a thing of the past. IT teams have a much wider attack surface to monitor and you can’t protect what you can’t see.
Businesses will increasingly need the support of digital tools that can bring intelligence to human teams.
AI technology can identify many different threats and analyse millions of users, spotting patterns and abnormalities on the network, finding bad actors quicker than an individual and minimising risky employee behaviour.
In the same way that cybercriminals are using this technology, AI can learn from past vulnerabilities and quickly adapt the network to safeguard against future attacks.
In addition, ML algorithms are trained on the range of malware that was detected on a system in the past. This technology can then detect and predict breaches and calculate the types of malware that might infiltrate the network in the future.
Monitoring threat trends in real-time, AI systems can make security decisions based on what is likely to be used to attack your business, and, upon analysing your current strategy for any weak spots, these insights can be used to build cyber resilience in those areas.
Of course, humans are always the best form of defence. Once employees are trained or made aware of what to look for with cyber risks, they can help stop threats in their tracks. But the support provided by AI and ML means we can rely on this technology to help do the heavy lifting.
Start by making sure all assets on the network are tracked through an IT Asset Management Program. Knowing what’s on the network is key to protecting it.
Secondly, ensure standardisation of data models across the business, so that the AI tool can analyse multiple information in one place, giving a complete view of what’s happening on an organisation’s network and infrastructure.
And finally, start small. Identify your weak points and build use cases around those.
For example, in America, The United States Department of Homeland Security has developed a system call AVATAR that screens body gestures and facial expressions of people, helping immigration officers and customs detect those who are lying about their intentions.
With the wide range of attacks cybercriminals are throwing at businesses today, this AI/ML combination will be a critical part of cybersecurity strategies moving forward. Partly because hackers are already using it, but also thanks to the speed and agility it offers when responding to breaches.
And once you open your business up to this level of digital transformation, it doesn’t have to stop at cybersecurity. Everything from collaboration to customer service and the employee experience is being revolutionised by these technologies, which can also help deliver a competitive edge.Learn more about how to protect your business using the latest cybersecurity technologies.
Around the globe, our network reaches 184 countries.
We provide the underlying transport network, the virtual overlay, and the platform to prioritise everything.