Author: Kathleen

In this era of digitization where data and connectivity underpin every business decision, protecting your digital assets isn’t just crucial; it’s the fundamental core of business survival. AI offers a potential of a more resilient digital infrastructure, a proactive approach to threat management, and a complete overhaul of digital security.

According to a survey conducted by The Economist Intelligence Unit, approximately 48.9% of top executives and leading security experts worldwide believe that artificial intelligence (AI) and machine learning (ML) represent the most effective tools for combating modern cyberthreats.

However, a survey conducted by Baker McKenzie highlights that C-level leaders tend to overestimate their organizations’ readiness when it comes to AI in cybersecurity. This underscores the critical importance of conducting realistic assessments of AI-related cybersecurity strategies.

Dr. Bruce Watson and Dr. Mohammad A. Razzaque shared actionable insights for digital leaders on implementing AI-powered cybersecurity.

The combination of AI and cybersecurity is a game changer. Is it a solution or a threat?

Bruce: Quite honestly, it’s both. It’s fantastic that we’ve seen the arrival of artificial intelligence that’s been in the works for many decades. Now it’s useable and is having a real impact on business. At the same time, we still have cybersecurity issues. The emergence of ways to combine these two things is exciting.

Razzaque: It has benefits and serious challenges, depending on context. For example, in critical applications such as healthcare or driverless card, it can be challenging. Driverless cars were projected to be on the roads by 2020, but it may take another 10 years. Similarly with the safety of AI, I think it’s hard to say.

What are your respective experiences in the field of cybersecurity and AI?

B: I come from a traditional cybersecurity background where it was all about penetration testing and exploring the limits of a security system. In the last couple of years, we’ve observed that the bad guys are quickly able to use artificial intelligence techniques. To an extent, these things have been commoditized. They’re available through cloud service providers and there are open-source libraries with resources for people to make use of AI. It means the barrier for entry for bad actors is now very low. In practice at the university as well as when we interface with the industry at large, we incentivize people to bring AI techniques to bear on the defensive side of things. That’s where I think there’s a real potential impact.  

It’s asymmetrical warfare. Anyone defending using traditional methods will be very quickly overrun by those who use AI techniques to generate attacks at an extreme rate.

R: I’m currently working on secure machine learning. I work with companies that are developing solutions to use generative AI for automated responses to security incident. I’m also working on research on secure sensing, such as for autonomous vehicles. This is about making sure that the sensors data is accurate, since companies like Tesla rely on machine learning. If you have garbage in, you’ll produce garbage out.

Given AI’s nature, is there a risk of AI developing itself as an attacker?

B: It fits well with the horror scenarios from science fiction movies. Everyone is familiar with Terminator, for example. We’re not at that point yet where there’s a possibility of AI developing arbitrary new ways to attack systems. However, we’re also not far from that point. Generative AI, when given access to a large body of malicious code, or even fragments of computer viruses, malware, or other attack techniques, it is able to hybridize these things rapidly into new forms of attack, quicker than humans can. In that sense, we’re seeing a runaway process. But it is still stoppable, because systems are trained on data that we provide them in the first place. At a certain point, if we let this free to fetch codes on the internet or be fed by bad actors, then we’ll have a problem where attacks will start to dramatically exceed what we can reasonably detect with traditional firewalls or anomaly detection systems.

It scares me to some extent, but doesn’t keep me awake at night yet. I tend to be an optimist and that optimism is based on the possibility for us to act now. There isn’t time for people to set around and wait until next year before embracing the combination of AI and cybersecurity. There are solutions now so there’s no good reason for anyone to be sitting back and waiting for an AI-cybersecurity apocalypse. We can start mitigating now.

R: We use ChatGPT and other LLMs that are part of the generative AI revolution. But there are also tools out there for bad actors like FraudGPT. That’s a service you can buy to generate an attack scenario. The market for these types of tools is growing, but we’re not yet at a self-generating stage.

Are we overestimating the threat of AI to cybersecurity?

B: A potential issue is that we simply do not know what else is out there in the malware community. Or rather, we have some idea as we interact with malware and the hacker community as much as we can without getting into trouble ourselves, but we do see that they’re making significant advances. They’re spending a lot of time doing their own research using commodity and open-source products and manipulating them in such a way that they’re getting interesting and potentially dangerous results.

How can the good guys stay ahead of bad actors? Is it a question of money, or the red tape of regulations?

R: Based on my research experience, humans are the weakest link in cybersecurity. We’re the ones we should be worried about. IoT is responsible for about 25% of overall security concerns but only sees about 10% of investment. That’s a huge gap. The bad guys are always going to be ahead of us because they do not have bureaucracy. They are proactive while we need time to make decisions. And yes, staying ahead is also a question of money but it’s also about understand the importance of acting promptly. This doesn’t mean forgoing compliance and regulation. It means we have to behave responsibly, like changing out passwords regularly.

B: It’s very difficult to advocate for getting rid of governance and compliance, because these things keep us honest. There are some ways out of this conundrum, because this is definitely asymmetrical warfare where the bad guys can keep us occupied with minimal resources while we need tremendous resources to counter them.

One of the ways around it is to do a lot of the compliance and governance using AI systems themselves. For monitoring, reporting, compliance – those can be automated. As long as we keep humans in the loop of the business processes, we will experience a slowdown.

The other way of countering the issue is to get together on the defensive side of things. There’s far too little sharing of information. I’m talking about Cyberthreat Intelligence (CTI). Everyone has recognized for a long time that we need to share when we have a breach or even a potential breach. Rather than going into secrecy mode where we disclose as little as possible to anyone, we should be sharing information with governments and partner organizations. That way, we actually gain from their defensive posture and abilities.

Sharing cyberthreat intelligence is our way of pulling the cost down and spreading the burden across a collective defence network.

What is the first thing business leaders should to do prepare for what AI can do and will be used for?

R: When it comes to cybersecurity, technical solutions are only 10%. The other 90% is responsibility. Research shows that between 90 to 95% of cybersecurity incidents could have been avoided if we behaved responsibly. The second thing is that cybersecurity should be a consideration right from the start, not an afterthought. It’s like healthcare. You need to do what you can to avoid ever needing medical care in the first place. It’s the same here.

B: The number one thing is to make sure that your company appoints a Chief AI Officer. This may be someone who is also the CIO or CSO, but at the very least there should be board-level representation of AI and its impact on the business. Any business in the knowledge economy, financial industry, technology, as well as manufacturing and service industries – all are going to have to embrace AI. People may think it’s a fad, but AI will absolutely steamroll organizations that don’t embrace it immediately.  That’s what I would do on day one. Within a couple of days after that, there must be a working group within the company to figure out how to roll out AI, because people will be using it whether openly or discreetly. AI forms a tremendous force multiplier for running your business but also a potential security threat for leakage of information out of the business as well. So you need a coherent roll out in terms – in terms of information flow, your potential weaknesses, embedding it into corporate culture and bringing it into cybersecurity. Any company that ignores these things is in peril.

Where does ethics come into this?

R: No one can solve the problem of AI or cybersecurity individually. It needs to be collaborative. The EU AI Act outlines four categories of risk – unacceptable, high, limited, and minimal. The EU doesn’t consider it an individual state problem. In fact, they also have a cybersecurity legislation that clearly states that it would supersede state-level regulations. The UK, on the other hand, is slightly more pro-innovation. The good news is that they are focused on AI assurance research which include things like ethics, fairness, security, and explainability. So if businesses follow the EU AI Act and focus on AI assurance, they can lead with AI securely and responsibly.

B: There are a couple of leading frameworks for ethical and responsible AI use including from the European Union as well as the UN. Many of the standard organizations have been working hard on these frameworks. Still, there is a sense that this is not something that can be naturally embedded within AI systems. On the other said, I think it’s become increasingly likely and possible that we can build limited AI systems that have only one job of looking out for the ethical and responsible behaviour of either humans or other systems. So we are potentially equipping ourselves with the ability to have the guardrails themselves be a form of AI that is very restricted and conforms to the rules of the EU or other jurisdictions.

Which areas do you see as having the biggest potential for using AI within cybersecurity – for example identification, detections, response, recovery?

B: I’m hesitant to separate them because each of those are exactly where AI should be applied. It’s possible to apply them in tandem. AI has an immediate role in detection and prevention. We can use it to evaluate the security posture of an organization and make immediate suggestions and recommendations for how to strengthen it. Still, we know that at a certain point, something will get through. It’s impossible to defend against absolutely everything. But it is important to make quick moved in terms of defending and limiting damage, sharing information, and recovering. Humans are potentially the weak links there too. Humans monitoring a system will need time to assess a situation and find the best path forward, whereas an AI can embody all the relevant knowledge within our network and security operation centres and generation recommendations quicker. We can have faster response times which are key to minimizing damage.

What are some significant upcoming challenges and opportunities within the AI-powered cybersecurity domain in the next two years?

R: Definitely behaviour analysis, not only to analyse systems but users as well for real-time, proactive solutions. The systems we design, including AI, are for us. We need to analyse our behaviour to ensure that we’re not causing harm.

B: Another thing AI is used for is training, within cybersecurity but across corporations as well. There’s a tremendous amount of knowledge and many companies have training for a wide variety of things. These can be fed into AI systems that resemble large language models. AI can be used as a vector for training. The other thing is a challenge on how quickly organizations will decide to be open with peer companies. Will you have your Chief AI Officer sit at a roundtable of peers from other companies to actually share your cybersecurity horror stories? The other significant challenged is related to change management. People are going to get past the novelty of ChatGPT as a fun thing to play around with and actually develop increasing fears about potential job losses and other threats posed by AI.

With rapid advancements in technology, security leaders are actively exploring how to use artificial intelligence (AI) in cybersecurity as traditional measures alone may no longer be sufficient in defending against sophisticated threats. AI has emerged as a potentially powerful tool in bolstering cybersecurity efforts, offering enhanced threat detection, prediction, and response capabilities among other uses.

A survey by The Economist Intelligence Unit revealed that 48.9% of global executives and leading security experts believe that AI and machine learning (ML) are best equipped for countering modern cyberthreats. Additionally, IBM found that AI and automation in security practices can significantly reduce threat detection and response times by up to 14 weeks of labor and reduce costs associated with data breaches. In fact, global interest in AI’s potential in countering cyberthreats is evident by the growing investments in it. The global AI in cybersecurity market is projected to reach USD 96.81 billion by 2032.

Despite the promise of AI, Baker McKenzie found in a survey that C-level leaders tend to overestimate their organization’s preparedness in relation to AI in cybersecurity. This serves to underscore the importance of realistic assessments on AI-related cybersecurity strategies.

Security Applications of AI

Many tools in the market leverage subsets of AI such as machine learning, deep learning, and natural language processing (NLP) enhance the security ecosystem. CISOs are challenged with finding the best ways to incorporate cybersecurity and artificial intelligence into their strategies.

1. Enhanced Threat Detection and Response

One of the main examples of AI in cybersecurity is its use for malware detection and preventing phishing, AI-powered tools are shown to be significantly more efficient compared to traditional signature-based systems.

Where traditional systems can prevent about 30% to 60% of malware, AI-assisted systems have an efficiency rate of 80% to 92%.

Researchers at Plymouth University detected malware with an accuracy of 74% on all file formats using neural networks. The accuracy was between 91% to 94% for .doc and .pdf files specifically. As for phishing, researchers at the University of North Dakota proposed a detection technique utilizing machine learning, which achieved an accuracy of 94%.

Given that phishing and malware remain the biggest cybersecurity threats for organizations, this is good news. These advancements enable organizations to identify potential threats more accurately and respond proactively to mitigate risks that could cause massive financial and reputational damage.

2. Knowledge Consolidation

A pressing issue for CISOs is the sheer volume of security protocols and software vulnerabilities poses a challenge for their security teams. An advantage of AI in cybersecurity is that ML-enabled security systems can consolidate vast amounts of historical data and knowledge to detect and respond to security breaches. Platforms like IBM Watson leverage ML models trained on millions of data points to enhance threat detection and minimize the risk of human error.

AI’s ability to improve its knowledge of cybersecurity threats and risks by consuming billions of data points and recognize patterns and anomalies faster than humans enables it to learn from past experiences and come up with increasingly efficient ways to deal with combat cyberattacks. This allows AI-powered security systems to keep pace with the evolving threat landscape more efficiently.

IBM notes that AI is also able to analyze relationships between threats in mere seconds or minutes, thus reducing the amount of time it takes to find threats. This is essential to reducing the detection and response times of cybersecurity breaches, which can significantly reduce costs to organizations as well.

The global average total cost of data breach according to IBM is $4.35 million USD in 2022. Organizations also took an average of 277 days to identify and contain a breach. However, if that number is brought down to 200 days or less with the help of AI, organizations can save an average of $1.12 million USD.

3. Enhanced Threat Analysis and Prioritization

Tech giants like Google, IBM, and Microsoft are investing heavily in AI systems to identify and analyze and prioritize threats. In fact, Microsoft’s Cyber Signal’s program leverages AI to analyze 24 trillion security signals, 40 nation-state groups, and 140 hacker groups to detect software vulnerabilities and malicious activities.

Given the vast amounts of data that must be analyzed, it’s not surprising that 51% of IT security and SOC decision-makers said they were overwhelmed by the volume of alerts (Trend Micro) while 55% cited their lack of confidence in prioritizing and responding to them. Moreover, 27% of surveyed respondents spent up to 27% of their time managing false positives.

Worryingly, Critical Start found that nearly half of SOC professionals turn off high-volume alerts when there are too many to process.

One answer to the question of how to use AI in cybersecurity is by applying it to analyze vast amounts of security signals and data points to detect and prioritize threats quickly and effectively. With the assistance of AI, security teams are better able to promptly respond to threats under the increasing frequency of cyberattacks.

4. Threat Mitigation

The complexity of analyzing every component of an organization’s IT inventory is well-understood. With the help of AI tools, the complexity can be managed. AI can identify points within a network that may be more susceptible to breaches and even predict the type of attacks that may occur.

In fact, some researchers have proposed cognitive learning-based AI models that can monitor security access points for authorized logins. This model can detect remote hacks early, alert the relevant users, and create additional security layers to prevent a breach.

Of course, this would also require training AI/ML algorithms to recognize attacks carried out by other such algorithms as cybersecurity and risks evolve in lockstep. For example, hackers have been found to use ML to analyze enterprise networks for weak points. This information is used to target possible entry points for phishing, spyware, and DDoS attacks.

5. Task Automation

When talking of AI applications in cybersecurity, task automation is one of the most widely adopted. Especially for repetitive tasks, such as analyzing a high-volume of low-risk alerts and taking immediate measures, AI tools can come in handy to free up human analysts for higher-value tasks. This is especially valuable to companies that are still short on qualified cybersecurity talent.

Beyond that, intelligent automation is also useful for gathering research on security incidents, assessing data from multiple systems, and consolidating it into a report for analysts. Shifting this routine task to an AI helper will save plenty of time.

How Threat Actors Are Using AI

While AI is proving to be a valuable tool in the cybersecurity arsenal, it is also becoming a mainstay for threat actors who are leveraging it for their malicious activities. AI’s high processing capabilities enable them to hack systems faster and more effectively than humans.

In fact, generative AI models such as ChatGPT and Dall-E have made it easier for cybercriminals to develop malicious exploits and launch sophisticated cyberattacks at scale. Threat actors can use NLP AI models to generate human-like text and speech for social engineering attacks such as phishing. The use of NLP and ML enhances the effectiveness of these phishing attempts, creating more convincing emails and messages that trick people into revealing sensitive information.

AI enables cybercriminals to automate attacks, target a broader range of victims, and create more convincing and sophisticated threats. For now, there is no efficient way to distinguish between AI- or human-generated social engineering attacks.

Apart from social engineering attacked, AI-powered cyberthreats come in various forms including:

• Advanced persistent threats (APT)s that use AI to evade detection and target specific organizations;
• Deepfake attacks which leverage AI-generated synthetic media to impersonate real people and carry out fraud; and
• AI-powered malware which adapts its behavior to avoid detection and adjust to changing environments.

The rapid development of AI technology allows hackers to launch sophisticated and targeted attacks that exploit vulnerabilities in systems and networks. Defending against AI-powered threats requires a comprehensive and proactive approach that combines AI-based defense mechanisms with human expertise and control.

AI and Cybersecurity: The Way Forward

The integration of AI into cybersecurity is transforming the way organizations detect, prevent, and respond to cyber threats. By harnessing the power of AI, organizations can bolster their cybersecurity defenses, reduce human error, and mitigate risks.

Having said that, the immense potential of AI also increases the risk of cyber threats which demand vigilant defense mechanisms. After all, humans remain a significant contributing factor to cybersecurity breaches, accounting for over 80% of incidents. This emphasizes the need to also address the human element through effective training and awareness programs.

Ultimately, a holistic approach that combines human expertise with AI technologies is vital in building a resilient defense against the ever-evolving landscape of cyber threats.

FAQ: AI in Cybersecurity

How is AI used in cybersecurity?

In cybersecurity, AI removes the need for human experts to do tedious, time-consuming tasks. AI can read an immense amount of data and identify potential threats while reducing false positives by filtering non-threatening activities. This helps human security experts to focus on vital tasks instead.

How will AI improve cybersecurity?

AI technologies can spot potential weak spots in a network, flag breach risks before they occur, and even automatically trigger measures to prevent and mitigate cyberattacks from ransomware to phishing and malware.

What are the risks of AI in cybersecurity?

AI-enabled cybersecurity tools are reliant on the data sets they are trained on. This means bias may unintentionally skew the model, resulting in mistaken analysis and inefficient decisions that could lead to terrible consequences.

What are pros and cons of AI in cybersecurity?

Some benefits of AI-based security tools include quicker response times, better threat detection, and increased efficiency. On the other hand, there are ethical concerns to AI such as privacy, algorithmic bias, and talent displacement.