Both cyber attackers and defenders are leveraging AI tools
An estimated nine billion data records worldwide were compromised or stolen in 2018, based on projections by digital security firm Gemalto. That doesn’t include breaches that went unreported or undetected.
Data theft is on the rise, thanks to criminal organizations, and even some nation-states, which have invested substantial resources into developing better hacking tools. These groups have increasingly sophisticated capabilities for circumventing digital security defenses. A big part of their success is due to artificial intelligence (AI).
“Criminals are using AI to make their attacks stronger and more direct,” said Paul Mazzucco, chief security officer for TierPoint, who spoke during TierPoint’s data security webcast Advanced Methodologies for Data Protection: Harnessing Artificial Intelligence & Emerging Technologies for Data Security. In response, data security providers are also turning to AI to protect their customers.
In his webcast, Mazzucco explained the role that AI technologies play in cyber-crime and data security.
For instance, he noted that AI can locate the high-value data in a network or identify the vulnerabilities in a target IT system. Many of these vulnerabilities are common ones that could have been fixed by staying on top of security patches and secure configuration. A 2016 survey found that 80 percent of companies that suffered a breach could have avoided it if they had used an available software patch or configuration change.
The emergence of machine learning–AI that uses algorithms to mimic human thought—is also playing a part in cyber-crime.
“They’re using AI to learn their environment and create custom attacks based on the victim,” said Mazzucco. “Are you a hospital? They can create custom attacks based on looking for information on health insurance. Or a credit card processor? They’ll do custom attacks using algorithms looking for credit card information”
AI and machine learning can also help hackers to craft phishing campaigns aimed at personnel with the best access to the targeted payload, such as financial records, research, or IT administration credentials. AI can mine information about the individual and create highly personalized emails to trick the victim into sharing data or opening a malware attachment camouflaged as a legitimate file.
How AI Helps the Good Guys Improve Data Security
Fortunately, AI is also helping IT security experts to improve data security. Managed security services providers, such as TierPoint, are adopting AI and machine learning technologies in their products and infrastructure. For instance, an AI-based network traffic analysis application can quickly spot the signs of a possible malware attack or in-progress breach, and automatically trigger a defensive response.
Near real-time analysis of thousands of network events every day isn’t possible for a human operator. It’s also impossible for humans to identify widely disparate events as symptoms of a single multi-layered attack. Only AI can do that.
“It’s a challenge to take random events, some that may have occurred 30, 60 or 90 days ago, and make a correlation,” explained Mazzucco. “We can automate that process using AI.”
Service providers have the advantage of getting traffic from multiple points of presence, so they can analyze patterns on a national or global scale, as well as partner with other security and cloud service providers to share traffic analysis.
“You start with a lot of data. We want to learn what kind of data coming into our infrastructure is just white noise and what the traffic patterns are trying to tell us,” said Mazzucco.
With the addition of machine learning, service providers can create networks of algorithms or “neural networks” that get better at identifying cyber-crime over time.
Other ways in which AI can improve cyber-security include:
- Real-time detection of suspicious behavior by applications or end-users
- Identify traffic patterns within specific time periods
- Find interdependencies between attack variables
- Speed the forensics analysis of past attacks
AI is an invaluable tool in digital security. However, it works best in collaboration with humans, said Mazzucco. AI requires a human perspective to give context to results, to tell the software which categories of data (out of dozens or hundreds) to monitor or how to analyze it. Humans understand context – such as the culture or business priorities of their organization – that can’t yet be programmed into an algorithm.
To learn more about the role of AI in digital security, watch Advanced Methodologies for Data Protection: Harnessing Artificial Intelligence & Emerging Technologies for Data Security.