AI in cybersecurity works, but watch the hype

AI and automation technologies can help businesses cope with a proliferation of cyberthreats— but watch out for the hype.
6 August 2019

Alpha Mini robots using AI to dance at CES 2019. Source: AFP

Cybercrime is a fast-growing economy that doesn’t show any signs of slowing— in fact, over half (55 percent) of businesses in the UK faced a cyber-attack this year, according to Hiscox

No organization is immune, especially with the many indiscriminate attack types. 

Gone are the days when businesses can ‘hide in the herd’; cybercriminal’s techniques are so far spread that just connecting to the internet opens the door to threats, including compromised websites, phishing emails, and distributed denial of service attacks. 

For this reason, it’s important that businesses employ layers of defense that include training employees on security best practices, deploying the right security tools, and implementing a robust remediation plan. 

Especially given the reputational and financial risk at play— it’s estimated the average total cost of a data breach is a whopping US$3.86 million.

Unfortunately, businesses are unprepared to fully prevent, detect, and respond to the growing number, and sophistication, of threats.

Consider that ransomware attacks occur every 14 seconds, according to a Cyber Security Ventures Official Annual Cybercrime Report. Given so many attacks, businesses are turning to Artificial Intelligence (AI) and Machine Learning (ML) capabilities to help shore up a scarcity of cybersecurity experts.

Measure and reduce mean time to respond

Once a criminal has penetrated your organization, the most important factor is to reduce the meantime to respond (MTTR). This means reducing the window from compromise of the first system to the complete removal of all traces of activity. 

The difference can mean simple laptop remediation or the breach of intellectual property and employee and customer data. Malware can spread; the faster you’re able to detect and respond, the more you reduce the impact to resources and sensitive data.

However, we know a number of businesses still manually wipe one machine at a time in the event of a cybersecurity incident. 

Compromised endpoints are re-imaged and backed up from the latest restore point. This may include additional time and resources to confirm the latest restore-point was not infected, to locate and enter all software license keys, to update drivers and patches, and then apply any endpoint customizations. And this time is crucial given the mean time to respond to an incident is 69 days and 197 days to identify, according to the Ponemon Institute.

These statistics alone raise a red flag in how companies are in dire need of more effective containment. There’s also a high likelihood of lost work between the last clean backup and the time of infection. Employee productivity and money are among the many casualties.

Use technologies that remove manual effort

AI and ML have been introduced to help reduce the mean time to detect and respond to cybersecurity incidents. 

AI is achieved when machines carry out tasks that are not pre-programmed, and in a way that we consider “smart.” For example, there is a big difference between a computer that plays chess with countless pre-programmed moves and performs the given solution versus a computer that analyzes the position of the pieces and calculates the outcome for every possible move many moves ahead. 

The first is executing commands; the second is using AI. ML is an algorithm that, when fed enough information, is capable of recognizing patterns in new data and learning to classify that new data based on the information it already has. Essentially, these algorithms teach the machine how to learn. 

Combined, these technologies are much better and more cost-efficient than humans when it comes to handling large amounts of data (threats) and performing routine tasks to detect and respond.

What’s more, AI and ML mean security teams can be freed from some of the more mundane tasks, enabling them to focus on more strategic threat hunting and intelligence. 

Indeed, a report by PwC found that 54 percent of businesses can confirm that the implementation of AI firms has already boosted their productivity. AI and ML provide a number of additional benefits in the workplace, such as less scope for human error and added efficiency.

Confusion and misinformation make choices difficult

This begs the question: why aren’t more organizations using automation in the fight against cybercrime? 

Businesses must be one step ahead of the game and use technology to their advantage. In fairness, it can be confusing for security professionals to effectively distinguish what solution will be beneficial to their business. Unfortunately, there are vendors out there incorporating AI into their branding and messaging, but if you dig a bit deeper, it is no more than marketing. 

Indeed, a report by MMC Ventures found 40 percent of AI startups were just cashing in on the hype, without actually having any of the tech.

This gap in reality versus marketing hype leads to misinformation and can lead to much cynicism. The unreliability and ambiguity surrounding these technologies are why businesses are wary to invest in them. 

However, businesses can overcome some of this uncertainty by having their security teams outline technology roadmaps and implement risk-aligned strategies that will allow them to make more informed choices in investing in new technologies. 

They should interview their vendors to uncover how AI and ML are being applied to prevent, detect, and respond to threats.

But AI and ML alone are not enough, they are simply additional technologies that, when applied, help reduce some of the manual requirements. You’ll still need to apply security best practices like least privilege and separation of duties. Start with encryption of data at rest and in motion, and apply all appropriate layers of security across networks, endpoints, and people.

It’s more important now than ever that enterprises make the shift from the manual and into the automated world, and shed some of their hefty load onto more advanced and capable technologies.

Security teams will find that they have more on their plate given the rapid frequency of cyber threats and how they have proved to be greater threats in recent years. Due to this, it’s crucial these teams take every opportunity to bolster systems and manage time effectively. 

And thanks to regulations such as GDPR (General Data Protection Regulation), businesses are inclined to implement better data privacy and security principles that will only serve to protect them in the long run.

IT teams should be using all the weapons in their arsenal, including artificial intelligence; and mind the gap of security marketing hype to reduce mean time to respond to threats. 

This article was contributed by Akshay Bhargava, SVP of Products at Malwarebytes.