We often hear about artificial intelligence and its subset machine learning – but some businesses have not given enough thought to how those technologies can help protect them from cyber criminals. This is an area that is developing and it’s important that security professionals stay up to date with these tools and determine how they can use them in their business.
This post will provide examples of how AI can help prevent every stage of a cyber attack.
Identifying attacks and taking action
This 2019 Capgemini report states that 51% of organizations have a high utilization of AI for detection of cybersecurity threats. This is a practical first step for businesses who want to invest in AI. AI is used to monitor and analyze huge amounts of data and establish normal and abnormal behavior parameters. Anything that falls outside of normal behavior will be flagged.
One great example of this is using risk-adaptive authentication. This can be your first line of defense to prevent hackers from getting into your system. It analyzes a user’s normal behavior over time and any abnormal login attempts would require additional authentication. For example, if a user attempts to login at an unusual time of day or location, that would be considered high risk and another authentication step would be required or access would be denied outright.
What if a hacker gets into your system?
AI can help here too. User and Entity Behavioral Analytic systems (UEBA) also use AI to set baselines of normal and abnormal behavior. Let’s say a hacker somehow accesses your systems using stolen employee credentials. The UEBA system knows the typical behavior of that employee and will flag the abnormal behavior of the hacker (like downloading large amounts of data or logging into unusual applications, etc.). Once this behavior is flagged, access can be automatically revoked.
The key is managing identities
Both risk-adaptive authentication and UEBA systems can monitor and analyze huge amounts of data very quickly, so they can catch potential threats in real-time. Key to these technologies is a sound strategy on how to manage the associated identities: Knowing the digital identity of the user or device helps to correlate behavior across multiple sessions. The goal for advanced analytics is to ensure that the digital identity is actually used by the “real human” that is entitled to use this identity.
If we can use AI, aren’t hackers using it to?
Yes. It can sometimes feel like an arms race to keep escalating the use of new technologies to keep up with cybercriminals. Just like organizations can use AI to process large datasets, so can cybercriminals.
Analyzing this data allows them to figure out your vulnerabilities – which for many organizations is your employees. Hackers use AI to identify the best targets for phishing attacks (those with the most privilege in your system, those who are likely to be tricked, etc.).
They are also improving their social engineering attacks with AI. AI can gather information on the target and generate custom malicious websites, emails, links that are mostly likely to be clicked on. They could even send fake emails that mimic the writing style of the target to try to con their coworkers. Cybercriminals have been doing this for years – but AI makes it so much faster and less manual.
Beyond this there are many other potential malicious use cases for AI: audio or video deep fakes, or swarming attacks are but a few examples – an in-depth discussion can still be found in this Malicious AI Report from 2018.
How can your organization get started with AI?
It may seem daunting and expensive to implement technologies using AI into your organization, but there are still actions companies of all sizes can take.
First, see if any of your organization’s vendor solutions are using AI or machine learning in ways that you can take advantage of. This is an easier way to start than developing your own proprietary AI algorithms.
Second, focus on employee education. While AI phishing and social engineering attacks are expected to get a lot better and hard to detect, employees who know what to look for can still avoid getting caught in these traps.
Third, protect your access points. Don’t let cybercriminals into your systems. Ensure you have access solutions in place that follow the principles of least access to ensure only the right employees have access to the apps required for their role.
Overall, the best thing you can do is stay up-to-date with the threat landscape and how AI can help.