Will artificial intelligence (AI) and machine learning (ML) benefit enterprises in their fight against cybersecurity threats? Or will these technologies, in the wrong hands, make it even more challenging to stay secure and resilient?
The short answer to both questions is yes.
“AI and ML can help enterprises better secure their networks and data,” says Asher de Metz, Senior Manager of Security Consulting at Sungard AS. “Unfortunately, they also make it easier for bad actors to break into those networks and get that data.”
Sungard AS experts share five things enterprises should know about the state of AI/ML and their impact on cybersecurity and resilience.
1. As more companies go digital, they may be more vulnerable to attacks.
The speed of organisational change has been intensifying in recent years as companies undertake digital transformations, which AI/ML is helping to enable, de Metz says. At the same time, cybersecurity threats continue to become more widespread and potentially damaging and nastier, especially from some nation states with seemingly endless resources.
For example, AI/ML are enabling such things as hyperautomation and the ability to generate, aggregate and make sense of data from hundreds of enterprise Internet of Things (IoT) devices. But IoT sensors, along with the growing use of cloud computing, microservices and highly connected systems, give black-hat hackers even more potential points of attack. And AI/ML can help criminals more efficiently target and exploit those vulnerable end points.
AI/ML can also help crooks more precisely target victims with authentic-looking social engineering attacks. “AI/ML can generate phishing emails that are targeted to individuals and look believable,” says Kiran Chitturi, a Sungard AS CTO Architect. In comparison, phishing emails of the past were often riddled with tell-tale grammatical errors and thus were easier for individuals to spot.
2. There aren’t enough cybersecurity experts.
Making matters worse: There aren’t enough skilled cybersecurity professionals available to help enterprises protect themselves against rising threats. In fact, it’s estimated that an additional 4.07 million cybersecurity professionals are needed, with 65% of organisations reporting a shortage of security talent.
3. Most IT professionals are looking to AI/ML to bolster their cybersecurity defenses.
According to Capgemini Research Institute, nearly two-thirds of senior IT executives don’t believe they can identify the constantly changing cybersecurity threat landscape without the help of AI/ML. Also, IT executives at three out of five firms say that AI/ML improves the accuracy and efficiency of their cybersecurity analysis.
No surprise, then, that many enterprises hope to fill the cybersecurity skills gap with AI/ML. “Even the smartest white-hat hacker in the universe couldn’t achieve visibility into all the new threats out there because so many new ones are emerging on a regular basis,” de Metz says. “That’s why AI/ML has become so important in helping enterprises maintain organisational resilience.”
For example, some Software as a Service (SaaS) backup solutions for enterprises can apply ML algorithms to analyse backup patterns and metrics, which in turn can help those backup solutions automatically identify a ransomware or other malware attack before it’s too late, adds Joseph George, Vice President of Product Management for Sungard AS.
“At the same time, backup and recovery execution can become more intelligent and automated with AI/ML to better accommodate unique considerations for each enterprise’s recovery process,” George adds.
4. You still need humans to make judgment calls.
One way in which AI/ML can help is in analysing vast amounts of cybersecurity-related data to identify patterns and spot irregularities.
“With AI/ML, you can collate large amounts of threat data and parse through it on a constant basis to see the changing nature of the threat landscape,” de Metz says. For example, your organization might routinely transmit data between China and Romania between certain hours, de Metz explains. But if data is transmitted beyond those hours, and/or a different type of data is suddenly being transmitted, AI/ML would spot the irregularity in real-time.
In a situation like this, human decision-making may still be needed. The obvious decision may be to shut down an unusual data flow right away and potentially thwart bad actors before they can do any damage. However, doing so may drastically disrupt important operations. And so, while AI/ML alerts your cybersecurity team to the irregularity, one or more team members may still need to make a judgment call based on their knowledge of the enterprise’s priorities, the operations potentially impacted, and the resilience risks, de Metz says.
5. To truly be resilient, your organisation should have a data-oriented culture.
To fully extract the resilience benefits of AI/ML, organisations must develop a culture oriented toward business analytics, says Alex Ough, a Sungard AS Senior CTO Architect.
As big data continues to grow, resilience threats escalate, and AI/ML is increasingly deployed, it will be imperative for all teams to be on the same page, Ough explains. “You may have a brilliant cybersecurity team that can analyse all the threat data and develop the ideal solutions for resilience, but they still need to really understand the organisation’s business imperatives. And other teams need to understand where the organisation’s vulnerabilities are. So, if all your teams have a data analytics mindset, together they can proactively determine what needs to be improved in the organisation’s resilience risks and to prioritise those improvements.”
Above all, don’t forget the basics
AI/ML can be highly seductive for organisations looking to avoid resilience risks. But enterprises must understand that even the most sophisticated AI solutions and ML algorithms won’t help strengthen resilience if the basics are neglected.
“I’ve seen some companies spend $1 million on highly sophisticated AI software to make them more secure,” de Metz says. “And yet, they still get hacked because they didn’t focus enough attention on securing their networks, data, backups and end points with basic cybersecurity defenses.”
James A. Martin has written about security and other technology topics for CSO, CIO, Computerworld, PC World, and others.