AI in cybersecurity: How to harness AI before hackers do
It started out as a hunch: that artificial intelligence (AI) could work like a double-edged sword. Researchers set out to validate this hypothesis with an experiment.
Human volunteers created and disseminated a stream of spear-phishing tweets, all while the clock was ticking. Scores were tallied.
Researchers then activated SNAP_R, the AI competitor. SNAP_R went to work sending its spear-phishing tweets.
How did the experiment end? You'll find out in just a minute.
In the meantime, you might wonder how AI can benefit the security posture of a business.
The answer is to achieve real-time operability. Built using new methods of data processing, intelligent software, and sensors, real-time operability provides compute that acts and responds in individualized, immediate ways.
Businesses beware, though: A silent war―the AI arms race―is well underway, and AI is both the hunter and the hunted. The criminal element was always good at learning, but now AI helps this domain learn to adapt even quicker than before. Hackers use AI because it takes less effort and yields greater rewards.
Think like a hacker
Real-time operability is a sweet spot for cybercriminals.
AI provides real-time advantages. Criminals like to launch cyberattacks in real time. It's the perfect storm. A business that doesn't install real-time cybersecurity infrastructure, thinking it too difficult, incentivizes cybercriminals.
Given that a cybercriminal operation is organized, targeted, and automated―just like a business―both seek maximum returns for minimal work. AI-backed cybersecurity provides such returns.
The security threat surface was growing before the advent of AI. However, AI-powered criminal attacks have added a new dimension to the cybersecurity landscape. Not only have attacks grown in sophistication but so has the problem of detection and removal of malicious code. AI adoption is leading to a new era of threats, such as when AI is used to test, learn, and adapt to defenses. Therefore, we must prepare for a continuous stream of AI-powered protagonists hitting the streets.
There are many ways cybercriminals can harness AI to avoid detection to maximize their success rates in the short term. These include:
- Use AI to speed up polymorphic malware, a type that uses persistent form change to remain undetectable. Polymorphic malware renders some security tools useless and has given the concepts behind old malware new leases on life. AI-based malware builds upon the foundation laid by malware and will become the scourge of businesses. For example, TrickBot is a recent banking Trojan that consists of hidden malicious code that can enter a network by pretending to be friendly. Once inside, the malicious code drops its façade, infects systems, and identifies information to steal. The code can then use AI techniques to change its form on the fly, making it difficult to detect and remediate.
- Purchase or rent AI-backed cybercrime-as-a-service tools. Once armed with sophisticated malware, contact centers, distributed denial of service for hire, and more, unskilled cybercriminals can become operational and surprisingly effective extremely quickly.
AI enables vast amounts of data to be processed quickly. With this new power, cybercriminals can create personalized emails or messages that profile and target unsuspecting individuals for spear phishing.
Cybercriminals use the autonomous security features of AI to execute their activities. They are then able to use AI to help perpetrate advanced cyberattacks en masse at the click of a button.
Let's now turn the discussion to ways businesses can harness the power of AI.
5 ways to get on the positive side of AI
Data is created at the edge, lives at the edge, and potentially dies at the edge. Examples of data at the edge include what happens on an oil rig, a retail store floor, in an office, with a medical device, or anywhere data is generated. Extracting intelligence in these examples requires data analysis to happen seamlessly and instantaneously at the edge, with zero tolerance for friction or latency.
A business that uses AI to extract value from data will succeed in the future—whether it happens in a smart hospital, in an autonomous car, during a credit card transaction, or via a security breach. Unprotected data will provide a world of possibilities for those looking to exploit it. Therefore, security is paramount.
Data centers, the cloud, the edge, and every device will need to be secured, as well as the data that is constantly traveling between them. Security models must be data-centric to be truly effective, and AI can augment such data-centricity.
AI can become your organization's best friend. Examples include:
- Forget the cloud for a minute and ask what is needed to process workloads and where. A business will need to use a data-centric security model underpinned by information assurance to protect data and continue innovating using AI. Simultaneously, continue to adopt a prevent-and-detect response appropriately. An AI-based response of this type is going to be the only way to protect a business in the digital world.
- Driven by the fast-paced environments in which we live, employee expectations are at an all-time high. Employees expect seamless, fast, mobile services that process data to enable decisions, since such services provide active, personalized engagement and enhance overall quality of life. AI can efficiently and securely manage the ever-growing increase in data from an always-expanding number of sources, which includes user-generated data.
- IT systems have become complex monsters that require constant fire-fighting in order to keep them operational. This leaves little time for internal staff to dedicate to innovation. Ultimately, IT needs resiliency and performance, but it also needs the agility to unlock innovation. A business must set up an AI-backed platform that monitors and protects every mission-critical app, so it is future-proofed for tomorrow. This enables already stretched IT resources to become more effectively targeted at high-impact areas through workload prioritization. This is a fundamental steppingstone to getting the most out of your data.
- Destructive malware and ransomware can reduce information availability and cause function loss. As a result, a business must use AI to guard against this new threat landscape, which makes any device a point at which intrusion can occur.
- It is estimated that the economic impact of cybercrime is $600 billion, according to a 2018 report from the Center for Strategic and International Studies (CSIS), in partnership with McAfee, and it is not slowing down. Therefore, a business must know about, understand, and defend against attacks by using AI-connected IoT devices.
Fight fire with fire
Focusing AI in the direction of data and security for your business is crucial. How do you secure devices when every device has its own compute power, storage, operating system, and software, and each can be exploited? The old model was to build a wall to keep threats out. This will not be possible in a hyperconnected world. Your business needs AI on its side―AI that will protect assets and ensure safety. You need good AI to fight bad AI.
Wait! Who was the winner in the AI vs. human volunteers experiment mentioned earlier?
Security firm ZeroFOX conducted the experiment in 2016. The humans identified 129 users and scored 49 victims, and the AI identified 800 users and scored 275 victims. In other words, the AI spear phisher performed better by volume and on par with a human when it came to conversion.
It is a volume game in the security space. AI can work 24/7 and will only get better.
Download SNAP_R from GitHub to learn more.
What AI can mean for your business
Optimal data governance control, security, and ownership require careful consideration. Although there are sector-specific factors, businesses must think about the role they play in securing personally identifiable information. AI solutions can change the dynamic and make cloud economics much more compelling in the data center.
Don't let security be an afterthought or a solution you bolt onto your infrastructure. The costs are too great. Competitive businesses must employ a secure continuum―from the Intelligent Edge to the enterprise core, whether on premises or in the cloud―to guard against disruptions.
We help your business hone the required in-house skills to continue your AI journey. In the end, your business can engage in a protective and prosperous relationship with AI into the future, where AI-backed cybersecurity solutions work to protect your business 24 hours a day.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.