Most businesses are comfortable with the idea of using AI, but are less enthusiastic if you remove the human from the decision-making process entirely. As the threat landscape continues to be increasingly volatile, and attacks rise and become more sophisticated, it might be time to rethink how we use this technology to protect our businesses.
Using artificial intelligence (AI) and machine learning (ML) technologies, vast amounts of data can be automatically monitored, finding patterns and spotting anomalies that the human brain wouldn’t detect nor a traditional firewall prevent.
AI-powered cyberattacks have the power to help criminals fly under the radar of conventional protection methods. Let’s look at phishing as an example. Infused with AI, these messages, designed to trick employees into revealing sensitive information or downloading harmful software, can be personalised to target a higher profile of employees such as the C-Suite.
For instance, cybercriminals know that Netflix and Apple send users emails to reactivate their accounts or update their details, so they can easily exploit this by sending out similar material. Often they include real links that fool security systems and end-users.
This technology has even started to be applied to audio, known as deepfake phishing attacks. Algorithms only need to hear a few seconds of someone talking to be able to reproduce their voice. AI can also be used to help identify the individuals to target in the first place based on their social media activity or email signature.
This is where AI is most dangerous. It’s the context it brings for cybercriminals. When amplified with AI, malware can move through an organisation undetected, analysing the network traffic as it goes to blend in. AI can also learn from probing into an organisation’s network, using the failed attempts to arrive at the most effective form of attack.
Another form of probing comes from ‘credential stuffing’ which is where attackers, usually bots, try existing sets of known usernames and passwords to try and access different systems – based on the fact people use the same credentials across different platforms.
We’ve entered a complex time, and all the usual defences we’ve relied on before – such as the perimeter firewall defined by the physical office are a thing of the past. IT teams have a much wider attack surface to monitor and you can’t protect what you can’t see.
Businesses will increasingly need the support of digital tools that can bring intelligence to human teams. AI technology can identify many different threats and analyse millions of users, spotting patterns and abnormalities on the network, finding bad actors quicker than an individual and minimising risky employee behaviour.
In the same way that cybercriminals are using this technology, AI can learn from past vulnerabilities and quickly adapt the network to safeguard against future attacks. In addition, ML algorithms are trained on the range of malware that was detected on a system in the past. This technology can then detect and predict breaches and calculate the types of malware that might infiltrate the network in the future.
Monitoring threat trends in real-time, AI systems can make security decisions based on what is likely to be used to attack your business, and, upon analysing your current strategy for any weak spots, these insights can be used to build cyber resilience in those areas.
Of course, humans are always the best form of defence. Once employees are trained or made aware of what to look for with cyber risks, they can help stop threats in their tracks. But the support provided by AI and ML means we can rely on this technology to help do the heavy lifting. Start by making sure all assets on the network are tracked through an IT Asset Management Program. Knowing what’s on the network is key to protecting it.
Secondly, ensure standardisation of data models across the business, so that the AI tool can analyse multiple information in one place, giving a complete view of what’s happening on an organisation’s network and infrastructure.
And finally, start small. Identify your weak points and build use cases around those.
With the wide range of attacks cybercriminals are throwing at businesses today, this AI/ML combination will be a critical part of cybersecurity strategies moving forward. Partly because hackers are already using it, but also thanks to the speed and agility it offers when responding to breaches.
And once you open your business up to this level of digital transformation, it doesn’t have to stop at cybersecurity. Everything from collaboration to customer service and the employee experience is being revolutionised by these technologies, which can also help deliver a competitive edge.
Learn more about how to protect your business using the latest cybersecurity technologies.
Andrzej Kawalec
Head of Cybersecurity, Vodafone Business
- Header image by Dan Nelson on Unsplash