AI has jumped from science fiction to fact in 2019. Product recommendations, film recommendations, chess games, GO games (an Asian strategy board game) and Jeopardy successfully executed by AI. If artificial intelligence is successful in those areas, could it be used to carry out cybersecurity attacks? What options are there to use AI to defend your organization? Let’s explore both pieces of the puzzle.
A Brief Note On Terminology
There is no universally accepted definition for “artificial intelligence.” Some experts distinguish between algorithms, machine learning, weak AI (i.e., AI specialised for a specific task) and strong AI. For our purposes, we will use the Techopedia definition of artificial intelligence:
“Artificial intelligence (AI) is an area of computer science that emphasizes the creation of intelligent machines that work and react like humans. Some of the activities computers with artificial intelligence are designed for include: Speech recognition, Learning, Planning, [and] Problem-solving.“
Defining AI As A Cybersecurity Threat
In the wrong hands or without oversight, AI tools can be used for attacks, especially against less sophisticated organizations. Here are some of the ways that AI can be used for an attack.
1) Increase the power and capability of Distributed Denial of Service (DDOS) attacks
Distributed denial of service (DDOS) attacks is nothing new. However, some AI tools make these traditional cyberattacks cheaper and more challenging to prevent. Last year, Network World wrote about the use of AI in DDOS attacks. This example shows that existing hacking and cybersecurity hacking techniques and methods can be augmented and made more dangerous by AI.
2) Increase the number of successful unauthorized access attacks with password hacking
Have you ever used the same password on more than one account? If so, you are making password cracking and guessing easy for AI tools. Most machine learning efforts require a large dataset to “learn” patterns. Unfortunately, hackers can easily find large databases of compromised, real-life passwords. For example, consider the repository of millions of compromised passwords offered by Pwned Passwords. In addition to this database, there are many more passwords available for purchase from other hackers on the dark web. Using this data, AI and machine learning tools can be trained to break into more systems.
Traditional defences such as limiting a user to 3-5 password attempts are less effective when an AI tool can start an attack with high probability passwords. Even worse, these tools will be able to generate plausible passwords by analyzing large datasets of passwords.
3) Scan for vulnerabilities to exploit
Modern networks and computers are designed for connection across networks. That has made them much more productive. However, there is a dark side to that openness. It is more difficult to scan for vulnerabilities. With AI tools, you can run 24/7 scans to detect vulnerabilities. Once those weaknesses are identified, it is a race against the clock to exploit the situation or defend against attacks.
How AI Tools Bolster Cybersecurity Defenses
Think back to one of the most common uses for modern AI tools: recommendations and pattern recommendations. Every time you use Amazon or Netflix, you receive personalized suggestions based on your activities. The same ability to analyze large data volumes and produce recommendations applies to cybersecurity defences. Here are four ways
1) Managing IT Security Help Desk Requests
Many organizations require their employees to phone a help desk whenever they need a new password. That process is a hassle! If it is after hours, it is even more stressful. Fortunately, there is a new generation of companies like Avatier which have created an IT security chatbot. This type of “weak AI” automates certain repetitive activities such as password resets. In this case, your AI fulfils a necessary task to support security and frees up staff time to deal with other threats.
2) Detecting Suspicious End User Behavior
As employees go about their daily work, some of their actions expose the company to higher risk. For example, accessing high-risk websites or opening phishing emails. Manually keeping up with these threats is challenging. Instead, AI tools can use pattern recognition and machine learning to flag the highest risk behaviours. These actions can be blocked automatically or trigger a request to IT to review the situation with a score or rating. This last point is critical because traditional IT security monitoring software has a bad reputation for burying people in alert messages. With AI tools, you can sort security alerts so that you can focus on the most important ones.
British startup ThirdEye is already developing AI tools to look for suspicious behaviour in CCTV footage. The same principles of pattern recognition will soon come to AI as well.
3) Scoring Suspicious Reports Generated by Systems
Your corporate IT infrastructure is made up of thousands of devices, networks, cloud applications, and other components. Keeping track of all of those assets is difficult for today’s overworked IT security departments. Using AI tools, you can run continuous scans of your infrastructure to detect problems. For example, IBM’s threat detection solutions are starting to use AI to detect cyber threats.
4) Stopping Viruses, Malware, and Other Malicious Software
Antivirus companies like Symantec, Kaspersky, and others are in a constant war to detect and prevent viruses and their cousins. Traditionally, these companies relied on large teams of analysts to identify, deconstruct and stop viruses. This approach worked; however, it is slow. To increase productivity, security software companies are using AI capabilities to spot problems.
How To Harness AI for Your Security Needs: You Have Two Options
There are two ways to engage with AI and cybersecurity. The choice you make now will determine whether your organization keeps up or falls behind. First, you can take the “wait and see” approach and wait for AI tools to fully mature before implementing them in your defences. While you receive highly polished systems, you will be exposed to more significant threats. The second option is to take proactive action now — buy or build AI security defence tools today and stay ahead of the hackers.