How AI is protecting businesses from cyber-threats
Last updated on July 2nd, 2019
We are currently in the middle of another industrial revolution. This so called Fourth Industrial Revolution (4IR) has the potential for change on a massive scale.
The first industrial revolution brought us mechanisation and steam power. The second introduced production lines and electricity. The third added computerisation and robotics. And now the fourth promises interconnected intelligent systems.
Artificial Intelligence (AI) is next big thing in almost every industry. Even being called “the new electricity” in reference to its capability to revolutionise the way we work. And amidst this rapid change, the sphere of cyber-security has not gone untouched by the new power of AI.
Advantages of AI in cybersecurity
Most approaches to cyber-security such as firewalls or antiviruses rely on signatures. For instance, a firewall will drop incoming traffic from a known malicious IP. And an antivirus will prevent files with known pieces of virus code from running.
But because these systems rely on signatures, a new threat can slip past and cause untold damage. What’s worse is that large amounts of malware already bypass these peripheral defences by using emails as a carrier. Additionally, these approaches to cyber-security leave the issue of insider threats completely unguarded.
AI offers a solution to these problems.
Protecting against external threats
By using machine learning, AI can build a view of ‘normal’ on the network. Then when something something out of the ordinary happens, it can flag it.
Malware doesn’t act like a human does. So the ability to identify anomalous activity is incredibly useful. A human doesn’t access thousands of files per second because they can’t click that fast. But, a piece of malware is easily capable of doing such a thing. This makes spotting it easy.
For example, let’s say a normal employee accesses 50 files a day. One evening, after office hours, an account begins accessing and encrypting hundreds of files per second. The AI detects this as unusual behaviour and locks the account. Preventing it from accessing any more files.
In this scenario, ransomware had infected the machine was infected. It intended to encrypt and ransom back company files. By using the machine learning data about what typical activity looked like. The AI could determine that suspicious activity was occurring. Then by performing a rapid response, it contained the malware. Limiting the damage to the company’s files.
But AI-based security systems aren’t only capable of dealing with the behaviour of humans. They can also detect when hardware or software is acting in suspicious ways.
For example, placed around the office are several networked security cameras. Including one in the meeting room where major corporate decisions are made. The AI detects that the meeting room security camera has made a repeat connection to an unknown IP address outside the business and flags it.
A follow-up investigation discovers the device was infected with spyware. Allowing someone to watch private meetings and learn company secrets. Although damage had already occurred, patching the issue prevented it from happening again.
Protecting against insider threats
Besides detecting typical threats in the form of malware. AI-based security systems can also detect unusual activity from malicious employees.
For example, a disgruntled ex-employee with access to the company database containing client information decides to get revenge. They attempt to steal company files using the cloud storage system that employees can access from home.
Total downloads of 5GB of data from the company cloud every month are typical. So when the AI detects a download of several terrabytes it sees it as unusual and locks the account. Preventing the theft of company records.
Because the AI defence system can see any type of unusual activity, dealing with insider threats becomes as easy as outside attacks. Current cyber-security solutions don’t have a good way of detecting an insider threat. And it’s only been through new applications of AI and machine learning that the prospect of reliably detecting insider attacks has arisen.
Disadvantages of AI
Unfortunately, AI-based cyber-security is not a perfect system and has its shortcomings. The main issue is its inability to differentiate harmless unusual behaviour from dangerous unusual behaviour. This can create a significant management overhead.
For example, a typical employee who works in the marketing department acquires an album of stock images to use in marketing materials. They decide to download them from the company cloud system so they can work from home. The AI sees the unusually large file download and locks the account.
Although the actions of the AI are reversible and the account can be unlocked, the disruption resulted in lost productivity. Because unusual things are sometimes done on purpose and without bad intentions, an AI can be overreactive.
This, along with the technology being still in its infancy means an AI security system is generally used as a supporting tool to a typical security system. Instead of being the single line of defence.
The evolving use of AI in IT security is already invaluable and it’s going to develop quickly – it has to as the threat-landscape is just so large. But it’s worth noting that on the other side of the fence, hackers have begun using AI to breach security defences. The battle has begun…