Today’s economy is hinged on data – it has huge value to businesses and consumers but also to the dark web.
We’ve seen the lengths that hackers will go to get their hands on data with the vast amount of malicious attacks that have saturated recent headlines. Cybercriminals are constantly finding new and more efficient ways to infiltrate business defences. Indeed, there is good money to be made – hackers can make up to £279.74 per PayPal log-in according to research by technology website Top10VPN.
While new technologies undoubtedly help organisations to protect themselves, artificial intelligence and machine learning can also arm cybercriminals with new ways to expand malicious attacks.
So, is AI the answer to better data security? Or is it going to create even more issues for businesses looking to protect their customer data?
AI fuelling or solving problems?
Last year, 856 million malware variants were created according to the AV-TEST Institute. No amount of manpower can tackle breaches alone and with every type of attack prevented, hackers create new and more sophisticated ways to breach standard defences.
Implementing the right technology solutions is therefore essential if businesses want a fighting chance to prevent data leakage.
Thanks to AI’s ability to automate businesses’ threat prevention, detection and response, it has a significant role to play within a robust cyber security strategy. However, just as organisations are using AI for cyber security purposes, hackers are also using the same technology to test their own malware – the aim being to bypass even the most advanced strategies.
The way fraudsters are using AI can vary in sophistication. Mobile bot farms, for instance, can be found across thousands of devices and often appear “human like” – think click farms boosting up a brand’s social media likes. Teaching bots to appear human makes it more difficult for businesses to differentiate between real users and non-users.
ML and AI in cyber security: real opportunities overshadowed by hype
With criminals automating attacks and improving evasion capabilities against detection systems, businesses need to fight back with the same standard of tech. The future lies in building personalised user models that detect any deviation from normal, or “good” behaviour.
Thorough security strategies will always need a human touch
In order for AI to work it needs to learn. This takes time and also resource which can be a barrier for organisations. This is perhaps why only 37% of CIOs have deployed AI technology, according to Gartner’s 2019 CIO Agenda.
Having the right technology in place is vital but companies need the right people to ensure it runs effectively. In a great deal of cases we’re seeing a shift in companies bringing senior security talent in-house rather than relying on external partners to bolster their security infrastructure.
But organisations still have a long way to go when it comes to building security expertise from within. More than half, 52%, of respondents in a recent poll by Infosecurity Europe cited that they have a skill shortage in their organisation when it comes to preventing cyber attacks.
Without the right team and technology, cyber attacks will only grow in severity. Neither can work effectively in isolation and those organisations that don’t invest in both will find out that the impact of a data breach goes far beyond fines.
Cover all bases
Businesses know that there is a high risk of cyber attacks and the majority are trying to build the right team and implement technology to tackle cyber security. But very few leaders truly understand where all data leak vulnerabilities exist and how to prevent them.
The Government’s recent FTSE 350 Cyber Governance Health Check report highlighted this. Showing that while 96% of businesses have a cyber security strategy in place, just 56% of businesses reported testing their cyber security incident response on a regular basis – meaning that companies were unaware of the current threats they could be up against.
“Is AI really, really stupid?” On the limitations of AI
Despite most companies putting preventative measures in place, some businesses can still overlook common attack vectors where customers’ data can be compromised. Websites and apps, for example, can be a blind spot for IT and security teams, as their core focus is traditionally on servers and infrastructure. Often under the care of the marketing team, the very places consumers share their data can be unprotected. This is something Ticketmaster found out the hard way, whereby hackers used a supply chain attack to gain access to the website and change the code on its payment page.
AI and machine learning should be implemented to bolster cyber security, but always in tandem with a website security solution. While cyber attacks are increasingly complex and targeted, hackers will look for any crack in a security system – and vulnerabilities through third-party technologies are often where they start looking.
Prepare for the new royal wedding of IT: AI and cyber security
Phishing, cyber bots, multi-cloud strategies, zero trust, diversity in cyber and blockchain and cyber: we are set to enter a tumultuous period for cyber crime: but AI and cyber security will become the partnership that both cyber security and cyber criminals will put their faith in
It is important for organisations to invest in the basic foundations, which means taking a holistic view of cyber security and understanding where all the possible gaps are. Businesses’ data defences are ultimately only as strong as their weakest link in their supply chain.
In our evolving data economy, there will never be a silver bullet to cyber security. Where there is money to be made, cybercriminals will always be present and looking for ways to outsmart organisations and exploit data. Having the right technology in place will help tackle the scale of malicious attacks which brands are up against. But, the only way to truly combat these threats is by implementing a strategy which incorporates the right team too. Only then can companies do the due diligence needed to protect their data.
Written by Ian Woolley, chief revenue officer at Ensighten