How AI and ML are helping us to fight cybercrime, and why it can be overhyped?
The world is going digital at a pace faster than the blink of an eye. Artificial intelligence (AI) and machine learning (ML) have been heralded as a means of digital technology that can solve a wide range of problems in different industries and applications. This also includes the realm of cybersecurity. Capgemini’s Reinventing Cybersecurity with Artificial Intelligence Report, which was published last year, found that 61% of enterprises say they cannot detect breach attempts today without using AI technologies. In a similar survey by Webroot, it was observed that 89% of IT professionals believe their company could be doing more to defend against cyberattacks. And surprisingly, 64% of the respondents admitted that they are not sure what AI/ML means – despite increased adoption on a global scale. Last month, Interpol reported in its Covid-19 cybercrime report that two-thirds of EU member countries had witnessed a massive increase in malicious domains registered with the keywords’ COVID or ‘Corona.’ These sites are aiming to take advantage of the growing number of people searching for information about COVID-19 online. While this means COVID-19 has been instrumental in cybercrimes’ uptick, these malicious activities were wreaking havoc before the outburst of a global pandemic.
As cyberattacks have increased in both volume and complexity, conventional ways of detecting malware and threats are failing. Conventional methods like anti-malware software installations or login audits aren’t sufficient in today’s scenario. This is because most of these methods relied on rules-based or signature-based pattern matching, which means they can only be helpful against known virus signatures or threats. During COVID-19, the attackers exploit the internet in the disguise of providing help and information when they are trying to get access to sensitive personal information and misuse them for ransomware and similar illegal activities. In the business domain, attackers are taking advantage of the uncertainty of industry and stealing information. To counter these problems, AI and ML can certainly help. However, we should keep in mind not to over hype their potential.
AI is extremely good at attempting to mimic human intelligence. While it is still far beyond replacing humans’ cognitive thinking, it is proficient at finding anomalies and irregularities and reducing errors and faults in the operational tasks. On the other hand, ML can analyze the data from the past and evaluate the use cases for the future – processes that can help identify possible cybercrimes and take proactive preventive measures. Diving into the 2020s, it is evident that business and technology analysts expect to see solid applications of AI and ML accelerate.
Meanwhile, in the same report, Capgemini found that as digital businesses grow, their cyberattacks’ risk exponentially increases. There is also a higher probability that the attackers can weaponize AI and ML tools and automate it to boost their attacks. Further, similar to businesses deploying AI and machine learning to complement the shortage of human resources and save cost in cybersecurity, cybercrooks can also use it for the same. Experts also argue that AI can be used to hack into a system’s vulnerability much faster and better than a human. Both AI and ML can be used to disguise attacks so effectively that one might never know that their network or device has been affected. So, spotting every malware variation, especially when it is deliberately disguised, is problematic for defenders who are attempting to stop even the unknown, new types of malware attack.
Fortunately, the latter can be used to our advantage too. As, ML is used to develop new forms of malware, it can also be used to detect one. For instance, in 2018, Microsoft’s Windows Defender used machine learning algorithms to identify and block an attempt to install malicious cryptocurrency miners on hundreds of thousands of computers. Even Cylance used ML to uncover and protect users against — a new campaign by OceanLotus, a.k.a. APT32, a hacking group linked to Vietnam. Apart from that, AI can help protect endpoints. This is becoming ever the more important as the number of remote devices used for work rises amidst COVID-19. AI establishes a baseline of behavior for the endpoint through a repeated training process. If something out of the ordinary occurs, AI can flag it and take action — whether that’s sending a notification to a technician or even reverting to a safe state after a ransomware attack. This provides proactive protection against threats, rather than waiting for signature updates, informs Tim Brown, vice-president of security architecture at SolarWinds.
ML algorithms can also help detect and remove outliers from training data sets to address the data poisoning attacks. AI-based risk management systems can be utilized to identify changes in those methods and to determine password patterns of explicit customer behavior. In doing as such, they will alert their Cybersecurity teams when the pattern does not work.
There are many ways AI and ML can be leveraged to fight cybersecurity issues. However, it is always better to define what kind of threats one wants to address using these technologies. Besides, businesses need to have a solid understanding of how these algorithms work and how they can enhance security and train the algorithms and others. This can help to enhance the cybersecurity posture and minimize the hype.