Artificial intelligence (AI) has been increasing in sophistication for some years, finding its place in our everyday lives with ever-growing pace and force. As businesses and governments begin to use AI, the potential for its application in cyber security is becoming more apparent.
What’s more, hackers and businesses are going head-to-head – with hackers now able to develop more sophisticated threats, and businesses looking to use AI for threat detection, prevention and remedy.
When it comes to cyber security, businesses need to act now to tighten up cyber defences. With large-scale security breaches only increasing in number over recent years, organisations both big and small should consider investing in AI systems designed to bolster their defences.
Over the next year alone, we’ll see a rise in AI systems that can perform several tasks, including re-writing encryption keys continuously, preventing them from being unlocked by hackers outside of an organisation’s walls.
These more practical uses for AI are allowing organisations to anticipate issues before they arise through threat analysis, threat detection and threat modelling. For example, if a human manually checked systems for signs of outside breaches on a monthly basis, it could take a number of weeks to fully analyse. Using AI not only adds an extra layer of protection, but also allows organisations to react to the breach much quicker.
Hackers will up their AI game
Vulnerabilities found both in software and online have previously been numerous, offering hackers plenty of opportunities without great need for AI. This will quickly change as AI improves and businesses minimise the gaps within their organisation’s cyber defences.
It may not be long before the use of AI becomes the norm among hackers, providing them with more opportunities and avenues to access sensitive data. This technology could be used to scan the internet and software for vulnerabilities, as well as design attack strategies, and then launch them with minimal human error.
One current use of AI by cybercriminals is in phishing emails. By using data from the target to send phishing emails that replicate human mannerisms and content, these AI-powered attacks resonate with the target better than ever before. These tactics will make it harder for businesses and individuals to recognise when they’re being hacked.
Tackling insider threats
Of course, many threats to an organisation originate far closer to home. Insider threats have always been a cause for concern, but as the potential of AI systems grow in complexity, we are starting to see businesses tackle this with force.
AI can now help to detect a break from normal employee behaviour. This technology could be used to discover employees that are accessing company information, and evidence of them transferring this information outside of organisation walls.
Taking this to a more invasive level, AI technology could be used to detect instances of corporate policy being breached by employees. Tasks as harmless as using USB storage can now be analysed for signs of malicious intent and corporate corruption.
Of course, exact sentiment and explanation will be difficult to detect from AI technology alone. As a result, privacy laws will be key if organisations are to avoid breaches in employee law themselves.
Keeping the ball in the court of the cyber security teams will be an increasingly hard battle to fight in the coming years, and one which will need the full support and expertise of cyber security professionals and security-savvy organisations.
With the Centre for Cyber Safety and Education revealing that the world will face a shortfall of 1.8 million cyber security professionals by 2022, we are reaching a critical point where change is needed rapidly.
This is something that has been recognised by the government in recent months, with announcements made in the Budget demonstrating a commitment to address the skills shortage.
The introduction of T-Levels will aid in the creation of the next generation of technology professionals, helping to fill the widening gap in provision and part of this must focus on cyber security.
As the nature and complexity of AI grows, businesses need to start thinking about how to incorporate this new technology into their cyber security strategies. Of course, not everyone is a target for such advanced AI attacks and simple cyber hygiene remains an effective counter to many threats.
However, there is plenty of evidence that AI is becoming more available and affordable and so will become more prevalent. But if organisations are to truly take advantage, a combined effort is needed.
Not only must organisations invest in preventative AI, but the government must continue to back the development of the next generation of technology professionals. After all, there’s no use in having the technology without professionals that know how to use it.
Andy Powell, VP and head of cyber security, Capgemini UK