Cyber-attacks are a key concern for every organization today. As the development of more new technology to make lives better increases, the chance of being a victim of a cyber-attack is also on the rise as every system supposedly has a vulnerability that attackers can exploit to compromise the system for the purpose of stealing information, demanding ransom, and to misinform the public.
With the increase in cyber threats that each organization now has to deal with on daily basis, ranging from phishing, distributed denial of service, rootkits, man-in-the-middle, and a few others more. There is now an urgent need for assistants who can help the security analysts more proficiently and faster, and this led to the involvement of artificial intelligence in cybersecurity that can analyze data faster than humans could do and give better predictions in the very shortest time possible.
In the Age of AI
Now in this age of artificial intelligence, where automation has now become the essence of the fourth industrial revolution, ranging from web search technology, human speech analogy, self-driving cars, and a few others. There is now a higher risk of the system being compromised. As more systems are now automated, thanks to AI; now there is also a greater need for its protection to be automated as well.
Many pieces of research have shown that 2021 recorded the most cybersecurity attacks, and this number is intensively expected to increase by the end of 2022 with the majority global workforce grinding away from the secure confines of a cooperative network as recorded by Fortinet.
In this age of AI, attacks are becoming faster in their deployment, and they quickly get to the target because of the way their program is written. About 10 years ago, we have a lesser number of programmers and cyber intruders compared to the large numbers circulating in different countries of the universe today.
While many are leaning towards learning, those on the part are becoming more advanced with new discoveries of tools, libraries, and machines.
Back then, one can use any of the varieties of an antivirus to repel attacks, but now, the attackers are also following trends by becoming smarter in their deployment and using updated tools. With the help of an AI-based security system, an attack can now be detected and repelled before it even gets to the system, and the data collected from the attacks will also be useful in training the AI if it is a supervised or a semi-supervised learning model.
How AI Made Cybersecurity Reliable
With the involvement of AI, the sustainability of cybersecurity is continuously greatly improving. It has also increased system reliability and dependability by helping the system to behave as expected even when it processes a false input (at least periodically).
On the other hand, AI helped in system response advancement – most of the works done previously have relied on applications, and sometimes they take a long time to load or encounter loading failure due to low memory or other possible reasons.
But in this era of AI, most of the work is now done at a click of a button (thanks to machine learning algorithms running either on the machine or in the cloud, and its operation consumes lower memory and performs more functions at a shorter time frame). This machine learning model understands the system that sends the request and what an expected output is supposed to look like due to its ability to read and understand the system’s data (for an unsupervised learning model) in other to process its response.
Other numerous impacts of artificial intelligence have now offered a strategic advantage to cybersecurity through its ability to reduce its vulnerability to cyber-attacks, and some of the cyber-attacks are:
Zero-day Attack – is an exploit through a vulnerability of an application or a system before such vulnerability would be detected and patched. It is almost impossible to create a system or an application without at least a vulnerability or potential vulnerabilities, which technologically means all systems are prone to or potentially prone to this particular threat.
With the help of artificial intelligence, detection of anomalies in data and sharing of data results can now be quickly disseminated to the security analysts when the system detects zero-day threats, even though it may not be able to stop them, but the result will provide security analysts with something to start with, rather than having to do the groundwork themselves which could take a sizable amount of time, and therefore, unnecessarily delay the quest to defend the system from being compromised.
Some AI systems even went as far as analyzing the data gathered by themselves and providing the IT engineers with insights on the attack surface and suggestions that can be useful in the process of defending against this attack. Therefore, using Artificial Intelligence reduces the Mean-Time-To-Respond (MTTR).
Ransomware Attack – is a type of malware deployed by attackers to block owners or authorized personnel from accessing the system, or maybe encrypting the system data with the hope to demand a ransom before a pass key to decrypt the system would be given. In this attack, the network has to be compromised first, while the attacker finds its way to the domain controller to deploy the ransomware which blocks access to a server until a ransom is paid. However, there could be more steps to this if it is a multi-staged attack.
While most ransomware attack happens on a work-free day, this is done to delay the responsiveness of the IT engineer due to fewer cybersecurity engineers on duty.
This can happen and has unfortunately happened numerous times to some organizations. Maximilian Heinemeyer, VP of Cyber Innovation at Darktrace says, “It’s one thing to detect an attack that has not been seen before, it’s another thing to stop its ransomware” – While it is easy to detect an attack, stopping its encryption is far opposite due to the limited time.
The involvement of AI in such an attack can help to detect the attack at an earlier stage and repel it before it gets to the domain controller. Since some ransomware starts with file encryption, AI can also help stop the intrusion before it gets to the encryption process.
These are a few attacks among many that a system can be exposed to, one of the others remaining is phishing mail, which comes with an intention of gaining access to steal information which may be login credentials and other types of data. Artificial Intelligence can help by detecting this type of mail earlier and killing its command control that will navigate the victim away from the original page and can even go as far as killing the attacker’s network connection depending on how the AI algorithm program is written.
Drawbacks of AI on Cybersecurity
While it is true that AI is a smarter machine that can process, evaluate, and predict faster than human intelligence, it requires constant updates and enhancement to meet up with the current trends of attacks, and most times when this is not done on time, the system can become more vulnerable due to the AI model limitations to associate with its usability.
AI is not human; it is a machine trained by a developer (supervised) or allowed to train itself with available data (unsupervised) to recognize some particular patterns or do certain tasks based on conditions. Due to this, AI can raise false alarms when it discovers discrepancies that are irrelevant as low as web traffic or network instability, this may lead to the organization making unnecessary moves to curtail a supposed attack that never happened and that can even sometimes make the system more vulnerable during the process of stopping or discovering what never happened.
Another great setback in fully relying on artificial intelligence is that it reduces the alertness of the security experts in that organization as it creates an impression that AI will always do the most jobs and when the AI itself is compromised, they find it more difficult to defend the threat, and that buys time for the attackers to fully operate and succeed in their quest. If the attacker is skillful enough, he can even manipulate the AI remotely by just feeding it with the wrong dataset causing the AI to misbehave due to data bridges.
When talking about the human relationship with the AI in repelling an attack, it should be limited to humans monitoring the AI activities, and they must be smart enough to know when the AI is about to misbehave. Trusting the AI to do the whole job comes with lots of consequences, and partially allowing the AI to do part of the job (sharing the responsibilities with humans) makes the system that implements the AI even more porous, and that cancels out the benefits of the AI involvement.
The previous initiation of cyber threats is targeted mostly at stealing information, either for personal usage, demanding ransom, or for fun. But the new form of recent attack from attackers now involves AI, and that has provided the attacker with more influence to attempt to gain full or partial control of the target systems remotely and went as far as changing its behavior if necessary or desiring.
Most importantly, relying fully on AI can sometimes lead to human destruction. Professor Mariarosaria Taddeo of the Oxford Internet Institute declares, “By adding 8% of erroneous data to an AI system for drug dosage, attackers could cause up to 75.06% change of the dosages for half of the patient relying on the system for treatment”.
She further discussed that similar results can be achieved by manipulating the categorization models of a neural network. Once an AI system is launched, attacks on the AI itself are difficult to detect due to its lack of transparency because of the dynamic and adaptive nature of an AI system which makes it almost impossible to explain the system’s internal processes.
Cyber infrastructures are now more exposed to diverse interruptions and warnings that may be due to the processing of complex information.
Hardware devices are no more adequate to guarantee the security of these infrastructures. Due to the buildup of the internet, attackers now have access to the tools and expertise that are needed to deploy an attack right at the convention of their homes.
We must fully agree that AI has helped advance the field of security and provide some sophisticated ways of analyzing, evaluating, predicting, and repelling an attack, and due to this providence, old hardware conventional cybersecurity measures are not adequate anymore in fighting the ever-increasing cyber threats.
The existing cybersecurity methods are now becoming obsolete due to ineffectiveness. The old common method of cybersecurity through firewalls now has limitations in the security process. Therefore, there is now a heavy demand for efficient security measures to defend against these newly modern clustered attacks as cyber interventions that are carried out by intelligent agents are not sufficient to meet the pace of these cyber threats, but also we should not quickly forget the challenges that lie in fully relying on the AI to do all tasks that IT engineers are expected to take care of.