Over the past decade, the world has seen a proliferation in cyberattacks and their complexity. According to the Government’s ‘Cyber Security Beaches Survey 2019’, a third of businesses in the United Kingdom experienced a breach or an attack. Of the businesses affected, only thirty-seven percent of incidents were identified by cyber security software and only ten percent by anti-virus software.
Smarter attacks, smarter defence
With a high percentage of incidents spotted by employees, organisations serious about cyber security are investing in products which utilise Artificial Intelligence (AI) and Machine Learning (ML) to decrease the dependency on human interaction.
In the digital age, we’re surrounded by big data. By utilising AI and ML, we can spot malicious patterns or irregularities in the environment and present this to an analyst. Based on the actions taken by the analyst, the program can fine tune and update its own model to identify incidents. AI and ML can also automate remediation – reducing the need for human interaction. Overall, this reduces the workload on human analysis and alleviates alert fatigue and false positives in the environment. This analysis can be combined with events (or signals) from other organisations to spot the most minute indication of compromise. We’ve started to see this type of cooperation with Microsoft’s Security Intelligence and their Threat Protection products, such as Office 365 Advanced Threat Protection.
Combining threat aware AI with patch management will add another layer of depth to the security of organisations. The ability to quickly patch high value systems against new exploits has always been important. However, with the introduction of AI and ML we can decrease patch deployment times and ensure greater coverage and reduce the time systems are vulnerable.
Unfortunately, alongside the benefits AI and ML bring, there is darker, malevolent side in which the technology is being applied. Cybercriminals and threat actors are also exploring the benefits to their enterprise. They could pair AL and ML with processes such as fuzzing to discover vulnerabilities or combine into botnets, to ensure their effectiveness. However, we expect to see AI and ML focused on ensuring cyber-attack technique effectiveness, by extracting techniques and combining the data, the most effective methods can be prioritised over less successful techniques.
With both sides using AI and ML to their advantage, there will be an arms race to build the most effective method of attack or defence which in-turn, will push the level of sophistication upwards. The organisations which do not invest into their cyber security and a defence-in-depth approach, will be susceptible to compromise in less time than ever before.