background-image

Friend and Foe: How AI Is Equipping Both Cyber Criminals and Security Professionals With Sophisticated New Capabilities

Aug 9, 2024

Share:

As we’re seeing in so many other arenas, artificial intelligence (AI) is threatening to shake the very foundations of cybersecurity. It’s a double-edged sword: AI is providing bad actors with powerful new tools to exploit security vulnerabilities, but the very same capabilities allow enterprises to sharpen their defenses and improve their security posture. What are the new threats that AI poses, and how can security professionals harness its potential to stay one step ahead?

AI Is Making Cyber Attacks Faster, More Targeted and More Effective

The AI security threat is already a reality: Almost three-quarters of organizations are seeing significant impacts from AI-powered cyber attacks.

AI is providing bad actors with even more sophisticated tools that excel in finding ways through traditional security systems, by identifying and exploiting opportunities for tactics such as cross-site scripting, injection attacks, and zero-day attacks more quickly, before they’re patched.

WormGPT and Evil-GPT, for example, are AI-powered tools that allow cyber criminals to identify zero-day vulnerabilities and speedily exploit them with adaptive malware that can change tactics to avoid being detected. Similarly, botnets powered by AI are increasing the devastating impact of DDoS attacks without the need for additional human involvement.

Generative AI (GenAI) is likely to give a worrying boost to social engineering techniques too. Its ability to draw information at scale from a wide variety of sources means it’s ideally placed to identify phishing opportunities. It can then create convincing, personalized communications that are contextually appropriate but lack the tone, grammar, and spelling mistakes that often alert victims to a phishing attack.

The Enterprise Security Landscape Is Becoming More Complex

Threat actors harnessing AI for more effective attacks are not the only challenge that enterprise security teams face.

The enterprise attack surface is huge and still growing, thanks to cloud, XaaS, edge computing, and a multitude of connected devices that might run into the hundreds of thousands for an individual organization.

Across this complex IT environment, enormous amounts of security and risk data are generated that could provide valuable insight into an organization’s risk profile and vulnerabilities. In most organizations, however, much of this data remains unused due to human inability to process the overwhelming volume of information.

Even the number of security alerts is becoming unmanageable — more than 90% of organizations can’t investigate all the security alerts they receive on a typical day. Add this to the difficulty in attracting and retaining skilled security staff and it’s clear that enterprise security is beginning to surpass human capacity.

The ability of AI — and Machine Learning (ML) in particular — to analyze and learn from huge quantities of data and millions of events across many different threat vectors is key here, as it allows enterprises to identify threats and uncover security insights faster and more easily, without needing more human resources.

It’s unsurprising, then, that security teams are beginning to explore how AI can help them improve their defenses — 46% of organizations are already using AI in cybersecurity, and 43% are planning to start adopting it in the near future.

AI Boosts the Speed and Effectiveness of Threat Detection and Mitigation

Improving threat detection is the top area within cybersecurity where enterprises expect AI to have the greatest immediate impact.

Traditional signature-based threat detection is likely to become less effective as AI increasingly enables bad actors to generate custom malware and faster zero-day attacks.

However, self-learning ML tools can train themselves on historical data patterns, gather millions or billions of pieces of information from across enterprise-wide IT and network systems, and identify deviations from the norm that might indicate a security breach — even for previously unseen threats. AI will also become more effective at predicting the threats an individual organization is likely to face, based on its profile and security posture.

We’re also likely to see greater AI-powered real-time automation. As security threats or incidents are identified, AI can be trained to automatically respond and neutralize threats quickly, minimizing or eliminating their impact.

Enterprises Can Counter More Convincing Phishing Attacks With Machine Learning

Phishing is on the rise, and is increasing in effectiveness. In 2022, a survey found that 52% of people clicked on a phishing email — up from 41% in 2020 — because it looked as though it had come from a senior executive at the company. As deepfake technology becomes more convincing, this is likely to become an alarmingly effective feature of phishing attacks too.

However, AI offers a potential solution to these sophisticated social engineering techniques. AI can use historical data to establish normal user habits, and monitor for unusual behavior (like abnormal patterns of sending emails that might indicate an incident). Natural language processing can also learn to identify phishing attack characteristics, such as unusual email content.

Analysis of Security Vulnerabilities and Enterprise Risk Profiles Will Become More Accurate

 As network and IT systems become more complex and users are more geographically disparate, it grows ever trickier to monitor these large and evolving attack surfaces to identify potential vulnerabilities.

AI, however, has the scale to tackle this challenge around the clock — identifying threats and risks in real-time, prioritizing them, and providing recommendations to mitigate them.

Until now, many security teams have based their tactics on human-level knowledge of their organization’s cyber defenses, along with comparatively generic information on the threat landscape. Developing more tailored insight into an individual company’s security and threat profile has involved significant employee resources or costs — or both.

AI’s ability to analyze large datasets, however, is set to transform this picture. It can handle almost unlimited real-time data drawn from a company’s IT inventory, network set-up, and user characteristics, combined with up-to-date global, regional, and industry-specific threat insights.

This will provide organizations with faster and more customized security information and more tailored recommendations for security teams to base decisions on, as well as improved predictions about the likelihood of future threats.

Real-Life Example: Best Buy Boosts Detection Rate for Phishing Attacks

Phishing is a major security concern for enterprises. Highly targeted and convincing “spear phishing” attacks are even more worrying, with 88% of organizations experiencing these each year.

Traditional rules-based approaches to filtering out phishing emails are not infallible, and the consequences of human error can be catastrophic for businesses.

To tackle this problem, consumer electronics retailer Best Buy turned to ML- and NLP-based cybersecurity trained on large datasets of benign and phishing emails. As a result, the company has improved the accuracy of phishing email detection to 96% while maintaining a false positive rate of under 20%.

AI Can Keep Enterprises One Step Ahead of the Cyber Criminals

While AI offers threat actors an alarming new toolset to launch more effective and sophisticated attacks, it also arms security teams with valuable new capabilities to increase resilience and adaptability and boost their security posture. AI’s ability to ingest reams of previously unused security data, learn from it, and make predictions about the future provides enterprises with powerful, proactive intelligence to help keep them ahead of the cybersecurity game.