The cybersecurity industry has grown by 3400% in the last 13 years according to WIRED, a trend only expected to intensify in coming years. Yet, cyber attacks are still considered one of the worlds greatest threats, ranking number 4 on the UK list of biggest threats to national security. It is not hard to see why as there have been some of the most devastating cyber attacks ever in 2017 alone. From the biggest ransomware attack in history which crippled Britain’s NHS, to the 143 million Americans who had their personal information stolen from credit firm Equifax’s servers, the problem doesn’t seem to be getting much better.
However, despite the stereotype, most cyber attacks are not perpetrated by computer geniuses. The industrialization of cybercrime means criminals can now simply buy a multitude of malware programs on the Dark Web. The vast majority of damage could be prevented with some basic and frequent office-wide training as human error accounts for 62% of data breaches according to the UK’s Information Commissioner’s Office. However, in this constantly shifting technological climate, even a comprehensive lesson on cybersecurity can become obsolete in a few months. Criminals are constantly looking for new weaknesses to exploit.
So some businesses are starting to look for a more effective way of dealing with this ever growing scourge of attacks. And if the Terminator movies taught us anything, it’s that you’re probably better off fighting a machine with other machines.
Passing The Baton
AI and machine learning have also been making the news recently. Last year, Google’s DeepMind program, Alpha-go, beat the worlds best player at the Chinese game ‘Go’ for the first time. This is a feat many experts didn’t think was achievable for decades due to the games’ complexity.
So with AI advancing way faster than anyone expected, it makes sense that it should take on a bigger role in cybersecurity. Currently, within the context of cybersecurity, AI is mostly used to recognize patterns and anomalies within systems and help us prioritize threats. Due to a severe lack of cybersecurity professionals in general, most businesses have a limited number of experts dealing with threats coming in from all over the world. So it is important to use them appropriately. AI can not only help identify the urgency and type of threat, but also whether it or a human would be best equipped with handling said threat.
This is significant when you consider the importance of time when it comes to hacks. Once a business has been infiltrated, the length of time it takes to detect the intrusion has a momentous influence on how much damage is done and how easily the threat can be neutralized. 'The median time for detection is one hour. High-performance companies typically do this is in under 10 minutes - but low performing companies take days or weeks' according to Johanna Till Johnson, CEO at Nemertes Research.For example, when ransomware like the one which affected the NHS, penetrates a business, that is only the first step in the damage it causes. Once it's in, it starts encrypting all the data in that system, which can take time, so it needs to evade detection until it has finished. The earlier it is discovered, the easier it is to neutralize. So even a few seconds can make all the difference.
As useful as AI currently is in assisting with cyber threats, it is far from where it needs to be. Cybersecurity professionals still need to train these programs. Between staff shortages and a misguided lack of prioritization with regards to the most important aspects of cybersecurity by leaders, we aren’t doing a good enough job.
Even when businesses have AI security systems in place, it is impossible to guarantee its effectiveness when up against actual human hackers. So constant technological shifts and panicked business leaders have resulted in an industry that is rather chaotic. ‘Most companies today don't know how much to spend on cybersecurity and how to spend it,’ says James Stanger, chief technology evangelist at CompTIA.
It will take time and much better allocation of resources. Once industries begin to standardize the conversion of their data about attacks into information, it will allow AI systems to learn quicker and more effectively. The goal is to reach a place where AI can not only help businesses identify and deal with threats, but can assist in the orchestration of individual businesses cybersecurity plans. Then it will be able to identify what new technologies make the most sense for a company to invest in, specific to the kind of threats they are most likely to incur.
At the moment, it is up to each business to start responding more proactively to the threat of cyber attacks, as it is not a question of if, but when. So just buying tech and leaving it to deal with one stack of threats while the humans focus on another is not going to work long term. The most effective application of AI is when we work in tandem with it to assess and neutralize threats. The more mundane yet complex task of sifting through gigabytes upon gigabytes of information in search of anomalies will always be better done by machines. However, when it comes to more insidious, human-led attacks, another human mind is, for now at least, the best defence.