Is AI superficial when it comes to using it for cybersecurity purposes?

Image credit: Pixabay (Image credit: Pixabay)

Data is central to today’s digital economy and it has intrinsic value to businesses and consumers. However, organisations worldwide are facing severe challenges when it comes to protecting data from cybercrime and data leakage. 

Technology can of course provide many solutions to help protect data from leakage. Yet, some technologies such as artificial intelligence (AI) can also arm cybercriminals with new ways to expand upon malicious attacks.

To better understand whether AI is a help or a hindrance to cybersecurity, TechRadar Pro sat down with Ensighten’s Chief Revenue Officer, Ian Woolley.

What security risks are out there for businesses?

Businesses must take notice and realise that cybercrime is becoming increasingly common especially given more consumers are using online channels to transact and share data.

As a result, there have been plenty of cybersecurity incidents that have leaked businesses’ data - both its own and of its customers. Microsoft Office 365 is just one example with some of its users’ accounts being compromised by hackers - exposing personal content from emails as part of a data breach. Although the number of users affected has not been disclosed, Microsoft confirmed that around 6% of those involved would have had their emails hacked. It’s clear cybercriminals find value in any type of data for monetary return. For example, Facebook logins are sold for just $5.20 (£4.09) each on the dark web.

It’s clear that data breaches need to be prevented for various reasons - such as avoiding financial or reputational implications. IBM found the global average cost of a data breach is £3 million, and estimated that a breach of 50 million records or more can cost a company as much as £273 million. 

Yet, despite many businesses best efforts towards security, it’s a tough playing field. Attackers are trading knowledge in underground marketplaces - allowing them to specialise in particular aspects of cybercrime such as stealing security credentials or hacking into accounts. Cybercriminals are highly knowledgeable of how to surpass security protocols. 

What’s even more dangerous is the fact they are mirroring the way businesses work. Cybercriminals are identifying where to spend their time and effort based on the return-on-investment. For instance, if businesses only focus security on one channel, such as phones, criminals will turn their attention to pursue internet platforms, such as company websites. We’re seeing this behaviour in the banking and finance sector. Some attackers are turning away from internet and telephone banking to turn their attention towards mobile banking fraud. According to RSA, 60% percent of digital banking fraud now originates from the mobile channel. 

Image credit: Shutterstock

Image credit: Shutterstock (Image credit: Shutterstock)

AI is being chosen by many businesses to help protect against cybercrime. But is it a cure or a risk?

Technology for many businesses is a silver bullet, especially as AV-TEST Institute found 856 million malware variants were created last year alone. Traditional cybersecurity systems and techniques cannot handle the many variations of malware which is why evolving technologies, such as AI, are being chosen to tackle potential cybercrime risk - thanks to its ability to automate businesses’ threat prevention, detection and response. Gartner found the number of organisations implementing forms of artificial intelligence (AI), has grown exponentially over the past four years by 270%.

Businesses hope that by adding an intelligent, machine-based layer to its traditional firewall approach they will arm themselves with the necessary tools to keep their networks impenetrable. For example, AI is being used to help with securing existing business log-ins and passwords thanks to its biometric login techniques, such as fingerprint scans, retina and palm prints.

However, in the spirit of harvesting data, hackers are soon catching up to these techniques by taking advantage of AI’s capabilities to breakthrough advanced security strategies. Essentially, just as organisations are using AI for cybersecurity purposes, hackers are also using the same technology to put their own malware to the test.

Image credit: Shutterstock

Image credit: Shutterstock (Image credit: Shutterstock)

What other elements do businesses need to consider when it comes to cybersecurity?

AI is critical thanks to its ability to analyse large amounts of risk data in quick response times and augment under-resourced security operations. Yet, only through machine learning and deep learning techniques can AI improve its knowledge to “understand” cyber threats and risks. This of course takes time and resource which can be a barrier for organisations. This is perhaps why only 37% of CIOs have deployed AI technology, according to Gartner’s 2019 CIO Agenda.

Businesses must not become blinkered and leave AI to do the heavy lifting. AI should be implemented to bolster cybersecurity but it should be used with a website security solution. While cyberattacks are increasingly complex and targeted, it is integral businesses do not overlook some of the most common attack vectors, such as digital card skimming on websites, which these solutions can help to prevent.

It’s important that businesses put the right technology in place, but having the right people for the job to ensure AI runs effectively is equally important - after all, the majority of attacks stem from human hackers. Even the most sophisticated AI and machine learning algorithms cannot by themselves understand the intricacies of the human mind. We’re seeing companies adopt senior security talent in-house rather than relying on external partners to support its security infrastructure.

Overall, organisations must invest in the basic foundations, which means taking a holistic view of cybersecurity and understanding where all the possible gaps are. Businesses’ data defences are ultimately only as strong as the weakest link in their supply chain.