AI And Cybersecurity: Plague Or Promise?
By Bob Bruns
We hear from our teams every day regarding how cyberthreats to our enterprise are getting more frequent, more sophisticated and more targeted. Cyber intrusions, specifically publicly reported incidents, are on the rise. It’s easy to tune the warnings out, but we must remain vigilant. Our responsibilities to our clients, shareholders, employees and other stakeholders depend on us remaining focused.
As cyberattacks grow in volume and complexity, it’s time to face a hard truth: Humans are already not able to keep up with the pace of threats, and companies can’t afford to keep up manually. Many, if not most IT teams do not have the resources to protect their enterprises, certainly not in real time. And in a world where minutes matter and thoroughness is paramount, we need to look at artificial intelligence (AI) to support and augment what we need to combat the bad actors.
According to the Accenture Security Index, more than 70% of global organizations have difficulty identifying, let alone protecting, corporate high-value assets. At the same time, the financial impact of cyberattacks is growing. On average, the cost of cybercrime has gone up to $11.7 million per organization in 2017, an increase of 23% compared to the previous year based on a recent study by Accenture and the Ponemon Institute. (Full disclosure: Accenture is Avanade’s parent company.)
Technologies, some already being deployed and some in development, will help us gain the advantage we need. But it has already sparked conversation and debate. Do AI and machine learning present the promise of a more secure online infrastructure or a threat?
First, some definitions. Merriam-Webster defines artificial intelligence as “a branch of computer science that deals with the simulation of intelligent behavior in computers.” In contrast, machine learning is “the process by which a computer is able to improve its own performance…by continuously incorporating new data into an existing statistical model.” Think of machine learning as a subset of AI.
Detect And Prevent: Stop Malicious Activity Before It Starts
AI and machine learning can be leveraged throughout an enterprise’s security operations, most often in incident response or threat hunting. One of the biggest problems in the never-ending battle against cyberthreats is the large amount of data that must be processed to identify potential threats. Machine learning has the potential to sift through massive sets of data across many vectors to help combat that noise behind all the signals, as well as identify potentially malicious activities and take action. It can also weed out the false positives more effectively than humans alone and potentially take action before harm can occur.
Even better, the next evolution, where we will find untold additional value, is not just detection but prevention. Imagine if we could predict earlier how malware will spread and where. Aided by well-set-up AI systems, countermeasures could be in place before human operators even know a threat is about to happen. And in a world where minutes matter, this could be huge in managing global cyberattacks and cutting off the larger-scale impacts.
Use A Trust-But-Verify Method
As part of any good AI conversation, we have to consider the potential ramifications of an AI-based model. What are the true risks of harnessing AI to help defend ourselves in cyberspace? It is always possible to misuse the information a security system collects. It’s possible to program in unintentional bias. You could break things too much because AI told you to — or you could miss things because you trust your AI system to catch everything.
Yet as a business community, we must confront these risks and design to prevent these outcomes. The need for more robust cybersecurity is too great. We simply need to be thoughtful in our approaches, develop and use ethical standards around how we leverage these new and evolving technologies, and, finally, use a trust but-verify-methodology as we look to mature our multilayered cyber-defense strategies.
To do this, start by planning ahead and developing a framework for building AI that has preapproved controls in place. Building human review into the decision-making process can go a long way toward preventing major issues. You can also leverage some of the work already being done to manage insider threats and apply that to controlling runaway AI. And finally, perform threat modeling, and spend time running structured exercises to identify gaps; then think about what sorts of controls are needed to prevent and detect abuse or negative impacts to critical business systems.
It is possible to use almost any tool for nefarious purposes. A hammer used to build a birdhouse can also be thrown through a window to give a criminal access to a home. The email system we all depend on to operate our businesses and carry on daily personal interactions can also be configured to carry malicious malware.
To reach their potential, AI systems require a careful balance of machine learning and human intervention. The goal of AI is not to replace humans, but to augment them. Through open debate and the innovation of technology experts, we can develop tools and processes that will help protect people and data while mitigating the risks.
That is where AI and machine learning is going. These systems need to be trained. They take skillful development and careful supervision. Then, if used well, they can reduce the noise to help us find and deal with malevolent actors. They can sort through false positive alerts and make appropriate decisions about which alerts require attention.
AI and machine learning, already present today, will soon become the norm in how we protect our businesses and ourselves. These tools will help protect us against increasingly sophisticated bad actors and even the potential for AI-based malicious activities. I predict that very soon, AI will be viewed as a key component of how we approach security, if done appropriately. Humans will just not be able to keep up without the assistance of technology.