Richard Meeus is Security Technology and Strategy Director for Akamai's EMEA region.
Following a few tumultuous years of data breaches, cybersecurity vulnerabilities (opens in new tab) have been pushed to the front (opens in new tab) of the news agenda (opens in new tab). However, despite cybersecurity budgets increasing, the threats and number of breaches continues to rise, highlighting that the current approach businesses are taking – particularly small and medium-sized businesses – to protect their networks remain insufficient.
So, why are businesses continuing to invest in traditional network security measures that don’t appear to protect their data, and how should they use emerging technologies, such as artificial intelligence (AI) (opens in new tab), to secure their networks?
With growing threats from cybercriminals, and legislation such as the EU’s General Data Protection Regulation (GDPR) (opens in new tab), businesses have had to change how they go about cybersecurity, and quickly. But the race in ensuring compliance, while keeping up to date on the latest threats, has left many security teams feeling stretched. Fortunately, one emerging technology may hold the key to helping secure these networks from internal and external bad actors: AI.
Machines to the rescue?
When an AI system is given access to an organisation’s internal network and monitoring systems, it can act as a million extra sets of eyes for an existing IT department (opens in new tab). For example, AI operating on a network can evaluate the usage patterns of individual employees (opens in new tab) accessing it, create a series of baseline activity profiles, and monitor all network activity for deviation from that, 24 hours a day.
This could do a great deal to minimise the number of false alerts that are detected due to behaviour that, whilst atypical is not unpredictable, and enable IT teams to focus their energies on combating other potential threats and innovation.
While AI’s ability to filter threats is tremendously useful, the technology becomes truly invaluable once it starts to recognise threats based on miniscule signs that are invisible to the human eye. As an AI algorithm is fed more and more data, it becomes capable of maintaining a constantly evolving standard to judge potential threats by.
IT teams are ultimately limited by the amount of data they can process in a day (opens in new tab), as is AI, but the difference in the size of data an AI is able to process is significantly bigger. When it comes to processing data and spotting potential threats, the “brain power” of an AI system will give it a distinct advantage over human cybersecurity monitors.
Of course, AI has limitations too and the technology is ultimately only as good as the platform, code and tools at its disposal – If these are limited, then so is AI. As the AI itself cannot create these tools, it’s reliant on the input of humans to work effectively – this in turn can introduce bias which left unchecked can skew the potential benefits.
In addition, the AI lacks the intuition to spot new threats; basing its analysis on existential data, it takes a human expert to identify the anomalies identified by AI and to realise them as emerging threats (opens in new tab). With that in mind, AI will be most effective as a cybersecurity mechanism deployed alongside human experts.
AI for one, AI for all
However, as much as AI can help businesses secure their own networks (opens in new tab), it can also be harnessed by hackers to launch increasingly sophisticated attacks against them. As we saw last year, vast botnets such as Mirai (opens in new tab) can help hackers deliver devastating cyberattacks. These botnet attacks are becoming harder to spot and trace as they coopt more and varied devices. AI incorporated into the hostile bots can help evolve their patterns, effectively going on the run from those that try to detect them, posing an even greater threat to businesses.
The advanced and dynamic nature of an AI-enabled attack means businesses would need their own suite of AI tools to fight back – human cybersecurity experts would struggle to respond to such an attack alone. There is another advantage to an AI algorithm securing a network, that – given enough time, the attacks launched against a defending network, with AI incorporated, would teach it the methods necessary to protect itself. Put simply, the attacker teaches the defender.
There is a downside to this approach, though. While the business’ AI system is adapting and learning these new threats, it still needs effective defences to protect against other known attacks. If a dedicated AI botnet was attacking a network (opens in new tab), a business may become vulnerable to a simpler, more direct attack such as phishing. This would be like fighting a war on two fronts, where a business takes its strongest forces to face the biggest army, or threat, leaving its flank vulnerable to surprise attacks.
This is why it’s imperative that a business relies on the expertise of its human cybersecurity specialists (opens in new tab), to help mitigate additional threats and support the AI system. Of course, with more resources available than hackers, a business could also employ more than one form of AI – one to tackle AI-based threats, and another to focus on other forms of attacks.
AI poses the potential to revolutionise both sides of the cyber battle, so it’s imperative that cybersecurity experts and businesses begin working together to better understand the technology and its implications now – before cybercriminals do (opens in new tab). Whoever masters the technology first will ultimately have the upper hand when it comes to securing or accessing our data in the future.
Thankfully, the momentum is leaning the way of the security industry, which is using its vast resources and expertise to stay ahead of the hackers when it comes to implementing and developing these AI systems. But the industry should not rest on its laurels. Instead it should drive home the advantage that it currently has. If it doesn’t, hackers will be waiting in the wings to inflict damage that can be devastating to a business.
Richard Meeus is Security Technology and Strategy Director for Akamai (opens in new tab)'s EMEA region.