The Evolution of AI and Cybersecurity

As the evolution of AI and cybersecurity accelerates, we find exciting and sometimes dangerous cybersecurity trends making the news daily. Our world has become increasingly connected by technology and the internet, making the critical role that cybersecurity plays in defending our privacy, rights and even physical safety more vital than ever.

We rely on technology to tackle issues on a personal and global scale. From asking Siri to schedule appointments to online banking, curing cancer, confronting climate change and even flights to space, technology is woven into our days from start to finish. However, as we become further connected, the chances for those with impure motives to take advantage of this plethora of data increases. And as we’ll explore, combining AI and cybersecurity makes work easier for cybersecurity professionals, but also riskier.

Some AI Basics

Before we dive into the ways AI and cybersecurity combine, we need to specify the ways in which AI works. AI has turned into a bit of a buzzword, and because of this, there are many “AI” tools that don’t actually meet the AI definition. The title of artificial intelligence applies to technologies that can understand, learn, and act based on collected and received information. Pure AI reproduces cognitive abilities to automate tasks.¹
AI as we know it today functions in three ways:¹

• Assisted intelligence: This technology is widely available today and helps people and organizations improve upon work or tasks that they’re already doing
• Augmented intelligence: This technology is emerging now and enables people and organizations to accomplish things they couldn't do without AI
• Autonomous intelligence: This technology is currently being developed for the future and will power machines that act independently

True artificial intelligence systems are iterative and dynamic. AI systems learn from experience, the more data they analyze the smarter they get, becoming more autonomous as time passes. These qualities make AI well suited to keep up with cyber attackers. Automating threat detection is more efficient than traditional software driven methods.

The Double-Edged Sword of AI

As the development of AI and machine learning technologies progress, they are redefining nearly every facet of cybersecurity as we know it, and both technologies are crucial to defending the digital perimeters of any business. In the 20th century we saw the Space Race, now, AI has become the 21st century’s arms race, according to Forbes.² But it’s a race that anyone can join, and a crowded field can be a dangerous one. The same AI that governments use to attack an enemy state could easily be co-opted by gangs and terrorist organizations.

AI is a double-edged sword: Its ability to “learn” to detect patterns and behaviors that indicate a cybersecurity attack, but this capability to “learn” means AI can just as easily be used to hide attackers’ behavior, allowing them to slip past defenses undercover. The technology and consulting firm Capgemini performed a survey and found that as digital businesses grow, so does their risk of cyberattacks. That same survey also showed that 69 percent of enterprises believe that AI will be necessary to respond to cyberattacks.³

How AI Improves Cybersecurity

For all the risks that may come with incorporating AI into cybersecurity, the rewards are far greater. The first obvious improvement is that AI helps ease the burden of work for humans. According to the New York Times, by 2021, there will be an estimated 3.5 million cybersecurity jobs available but unfilled.⁴ This leaves few trained professionals to tackle thousands of attacks and vulnerabilities in a vast threat landscape. Here are three areas in which the evolution of AI and cybersecurity is showing promise:

• Threat Hunting:⁵ Manual threat hunting is time consuming and expensive, and it often results in unnoticed attacks. Conventional security techniques use signatures or indicators of danger to recognize threats. This technique might work well for threats that have been faced before, but they're not sufficient for attack methods that have yet to be encountered. AI remembers and taps into information about each form of malware that's been identified before, learning from it. So when a new form of malware appears––whether it's an adjusted version of existing malware or an entirely new type––the AI system can compare it against its previous learnings, examining the code and blocking the attack based on similar events that were deemed as nefarious. The systems are so efficient that they can even recognize when malicious code is hidden amongst large amounts of harmless code.
• Vulnerability Management:⁶ Companies are finding it hard to prioritize and handle the vast number of new vulnerabilities they encounter daily. Standard vulnerability management practices usually neutralize hackers only after they've already exploited high-risk vulnerabilities. Traditional vulnerability databases are crucial to managing and containing known vulnerabilities. AI systems make it easier to examine massive amounts of data, analyze user accounts' baseline behavior, endpoint and servers, and recognize irregular behavior that might indicate an impending unknown attack. In this way, AI can help defend organizations before vulnerabilities are even formally reported and patched.
• Network Security:⁷ There are two time-intensive aspects of conventional network security: designing security policies and learning the company's network topography. Security policies distinguish which network connections are valid and which should be inspected for malicious activity. These policies can be used to enforce a zero-trust model efficiently. Due to the vast amount of networks, the time-consuming aspect is creating and maintaining the policies. Learning network topography takes a great deal of time because most companies lack the same naming conventions for applications and workloads. As a result, ascertaining what set of workloads belong to a given application becomes a very involved process. Companies can utilize AI to enhance network security by learning network traffic patterns and suggesting functional groupings of workloads and security policy.

Constraints of Employing AI in Cybersecurity

As promising as the benefits sound, implementing an AI system isn't as quick and easy as one might hope. There are still barriers that prevent companies from using this technology. Building and maintaining these systems requires an organization to invest a great deal of time and money into computing power, memory and data sets. Access to the data sets is critical since AI systems are trained with them. Security teams need access to as many types of data sets, malware codes and anomalies as possible, and some companies simply lack the resources to obtain accurate sets.⁸

Another drawback is the double-edged sword we mentioned earlier. Hackers are also using AI to test and improve their malware so that it resists AI-based security tools. AI learns quickly, and hackers learn just as speedily from existing AI tools to generate more high-level attacks on conventional security systems or even AI-augmented systems.

Create Powerful Human-Machine Partnerships

The duality of AI is a trend to follow in the next year. The shift to working from home in 2020 has shown attacks varying from phishing emails to denial-of-service attacks aimed to disable vital infrastructure are becoming more frequent and sophisticated. The good news is that AI systems and deep learning security algorithms are becoming better and better at quashing attacks before they can even happen.

If you would like to build powerful human-machine partnerships that push the limits of our understanding, improve our lives, and drive the advancement of cybersecurity, consider how earning your MS in Cybersecurity online from the Katz School of Science and Health can help you achieve your goals.