How AI is protecting businesses from cyber-threats
July 23rd, 2018
We are currently in the middle of another industrial revolution. This so called Fourth Industrial Revolution (4IR) has the potential for change on a massive scale.
The first industrial revolution brought us mechanisation and steam power. The second introduced production lines and electricity. The third added computerisation and robotics. And now the fourth promises interconnected intelligent systems.
Artificial Intelligence (AI) is next big thing in almost every industry. Even being called “the new electricity” in reference to its capability to revolutionise the way we work. And amidst this rapid change, the sphere of cyber-security has not gone untouched by the new power of AI.
Advantages of AI in cybersecurity
Most approaches to cyber-security such as firewalls or antiviruses rely on signatures. For instance, a firewall will drop incoming traffic from a known malicious IP. And an antivirus will prevent files with known pieces of virus code from running.
But because these systems rely on signatures, a new threat can slip past and cause untold damage. What’s worse is that large amounts of malware already bypass these peripheral defences by using emails as a carrier. Additionally, these approaches to cyber-security leave the issue of insider threats completely unguarded.
AI offers a solution to these problems.
Protecting against external threats
By using machine learning, AI can build a view of ‘normal’ on the network. Then when something something out of the ordinary happens, it can flag it.
Malware doesn’t act like a human does. So the ability to identify anomalous activity is incredibly useful. A human doesn’t access thousands of files per second because they can’t click that fast. But, a piece of malware is easily capable of doing such a thing. This makes spotting it easy.
For example, let’s say a normal employee accesses 50 files a day. One evening, after office hours, an account begins accessing and encrypting hundreds of files per second. The AI detects this as unusual behaviour and locks the account. Preventing it from accessing any more files.
In this scenario, ransomware had infected the machine was infected. It intended to encrypt and ransom back company files. By using the machine learning data about what typical activity looked like. The AI could determine that suspicious activity was occurring. Then by performing a rapid response, it contained the malware. Limiting the damage to the company’s files.
But AI-based security systems aren’t only capable of dealing with the behaviour of humans. They can also detect when hardware or software is acting in suspicious ways.
For example, placed around the office are several networked security cameras. Including one in the meeting room where major corporate decisions are made. The AI detects that the meeting room security camera has made a repeat connection to an unknown IP address outside the business and flags it.
A follow-up investigation discovers the device was infected with spyware. Allowing someone to watch private meetings and learn company secrets. Although damage had already occurred, patching the issue prevented it from happening again.
Protecting against insider threats
Besides detecting typical threats in the form of malware. AI-based security systems can also detect unusual activity from malicious employees.
For example, a disgruntled ex-employee with access to the company database containing client information decides to get revenge. They attempt to steal company files using the cloud storage system that employees can access from home.
Total downloads of 5GB of data from the company cloud every month are typical. So when the AI detects a download of several terrabytes it sees it as unusual and locks the account. Preventing the theft of company records.
Because the AI defence system can see any type of unusual activity, dealing with insider threats becomes as easy as outside attacks. Current cyber-security solutions don’t have a good way of detecting an insider threat. And it’s only been through new applications of AI and machine learning that the prospect of reliably detecting insider attacks has arisen.
Disadvantages of AI
Unfortunately, AI-based cyber-security is not a perfect system and has its shortcomings. The main issue is its inability to differentiate harmless unusual behaviour from dangerous unusual behaviour. This can create a significant management overhead.
For example, a typical employee who works in the marketing department acquires an album of stock images to use in marketing materials. They decide to download them from the company cloud system so they can work from home. The AI sees the unusually large file download and locks the account.
Although the actions of the AI are reversible and the account can be unlocked, the disruption resulted in lost productivity. Because unusual things are sometimes done on purpose and without bad intentions, an AI can be overreactive.
This, along with the technology being still in its infancy means an AI security system is generally used as a supporting tool to a typical security system. Instead of being the single line of defence.
The evolving use of AI in IT security is already invaluable and it’s going to develop quickly – it has to as the threat-landscape is just so large. But it’s worth noting that on the other side of the fence, hackers have begun using AI to breach security defences. The battle has begun…
Wessex Cancer Trust flying high after QuoStar-sponsored fundraiser
Wessex Cancer Trust thrilled after this year’s QuoStar-sponsored fundraiser hits great heights. Wessex Cancer Trust’s annual fundraising Bournemouth Air Show hospitality event, sponsored by local IT consultancy QuoStar, raised £12,000 this year to support local people living with cancer. An annual QuoStar-sponsored fundraiser event After taking a break in 2020 due to Covid-19, this […]
A 5 step guide of actions necessary in the face of Security or Privacy breaches
Security and privacy breaches are on the rise globally, with potentially serious implications for businesses that are not able to handle them promptly and efficiently. This can feel like a vast and confusing maze to navigate, especially for small and medium businesses, if underprepared. However, with just a few simple steps, businesses can […]
When will the legal sector go lean?
As we all know, the legal sector is changing and changing fast. Several emerging challenges in the sector are driving this change, namely: globalisation, shrinking margins and innovation. But whilst change can be uncomfortable, failing to adapt means you die. This may seem like a scary prospect (and it is) but the legal sector has […]