Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Artificial Intelligence: The New Cybersecurity Sheriff?

February 14, 2019

Forbes published an intriguing story about the capacity of AI to serve as a kind of cybersecurity sheriff. Published on February 6, the story stated that AI has already displayed limitless potential in applications across different industries. That much is certainly true. It goes on to say that deploying AI for cybersecurity solutions will help protect organizations from existing cyber threats and help identify newer malware types too. Additionally, AI-powered cybersecurity systems can ensure effective security standards and help in the creation of better prevention and recovery strategies. Using AI for cybersecurity will give rise to data-driven security models.

Many cybersecurity experts believe that passwords are vulnerable to cyber attacks and users’ personal information, credit card information and social security numbers can be easily compromised. Therefore, deploying AI for cybersecurity has introduced biometric login techniques for secure logins. AI systems can scan fingerprints, retina and palm prints accurately. Such biometric logins can be used in combination with passwords that are already in use with devices like smartphones.

Conventional cybersecurity systems utilize Advanced Threat Prevention to detect cyber threats and protect against them. However, 845.37 million pieces of malware were created in 2018 and approximately 10 million new pieces of malware have been created every month this year. Traditional cybersecurity systems are inefficient in handling new varieties of malware. AI can help.

Cybersecurity firms are training AI systems to detect malware and viruses with the help of several datasets that include algorithms and codes. Using such data, AI can perform pattern recognition that helps identify malicious behavior in software. Moreover, AI and machine learning can play a crucial role in online security. Machine learning can analyze path traversals of websites to detect whether a website navigates to malicious domains. Likewise, AI-based systems can recognize malicious files, like web shell, and preemptively isolate them from the system. AI systems can be trained to analyze micro-behavior of ransomware attacks to recognize ransomware before it encrypts a system. Furthermore, AI systems can use predictive analytics that will be quicker and more effective than a manual approach.

One of the most significant reasons to use AI for cybersecurity is the potential of Natural Language Processing. AI-powered systems can automatically collect data for reference by scanning articles, studies and news on cyber threats. AI systems use Natural Language Processing for selecting useful information from the scanned data. Such information will provide insight into cyber attacks, anomalies, mitigation and prevention strategies. Using the analyzed information, cybersecurity firms can identify timescales, calculate risks, harvest data and make predictions.

Organizations generally use authentication models to secure vital data from intruders. If an employee or business leader with higher authentication privileges is accessing such data remotely, then the system can be compromised using the network. In such cases, traditional authentication models prove to be less effective. Using AI for cybersecurity will help create a dynamic, real-time and global authentication framework that alters access privileges based on location or network.

AI systems can use Multi-Factor Authentication for this purpose. With this approach, the system will collect user information to analyze the behavior of the user, application, device, network, data and location. Using such information, the AI-powered system can automatically change any user’s access privileges to ensure data security on remote networks.

Although there are many benefits of deploying AI for cybersecurity, the limitations of AI are obstructing the mainstream adoption of the technology. Building and maintaining an AI-based system requires a tremendous amount of resources, such as memory, computing power and data. Since AI systems are trained with data, cybersecurity firms need to feed new datasets of malicious codes and non-malicious codes regularly to help AI learn. Besides, the data used for training needs to be accurate, as inaccurate data will lead to inefficient (and sometimes wrong) outcomes. Finding and collecting precise datasets can be a tedious and time-consuming task.

Black hat hackers can use AI to test their own malware. With constant testing, hackers can develop advanced malware or perhaps even AI-proof malware strains. Considering the malware risks we face today, one can only imagine how destructive AI-proof malware could be. Using the same principles, hackers can develop their own AI system that can outsmart AI-powered cybersecurity systems. Such systems can learn from the existing AI systems and that might lead to even more advanced cyber attacks.

Organizations need to understand that AI has a long way to go before it becomes a standalone cybersecurity solution. Until then, using AI for cybersecurity along with the traditional techniques is the best option. Hence, organizations can follow these guidelines to maintain effective security standards:

  • Hire experienced cybersecurity professionals with niche skills.
  • Cybersecurity professionals can test systems and networks for vulnerabilities and fix them preemptively.
  • Use URL filtering and reputation-based security services to block malicious links that may contain viruses or malware.
  • Implement firewalls and malware scanners to block malware and viruses. Further, hackers constantly redesign malware to avoid being detected by traditional signature-based systems. Hence, using advanced persistent threat protection and AI for cybersecurity can help detect malware based on malware behavior.
  • Organizations must pay close attention to the outgoing traffic and apply egress filters to restrict the outgoing traffic.
  • Analyze cyber threats and security protocols to gain informative insights that would help create a more secure approach toward cyber attacks.
  • Update existing systems in the organization to integrate modern technologies such as AI and machine learning.
  • Conducting regular audits of hardware and software to monitor the health of the systems must be among the top priorities.
  • Organizations should consider training employees and educating them about cyber attacks.
  • Incentivize and promote the development of innovative applications.

Encrypting all the organizational data will help buy some time for the cybersecurity experts to stop an attack in case of an intrusion.
Organizations need to set up alerts for outgoing data. Such alerts can notify the organization if their data is being compromised.
Hackers can control systems and networks with malware-based communication systems. Hence, cybersecurity professionals should block outgoing command and control connections to stop any outgoing malware communication.

Research and development in AI is helping the technology grow exponentially. Applications that use AI for cybersecurity will become mainstream soon too. Additionally, AI will be integrated with other advanced technologies such as Blockchain to ensure better security protocols. As the article predicts, maybe AI will then become our new cybersecurity sheriff!

My own take is that whatever good we find for AI to do in cybersecurity, the bad guys will find even more evil.

Hat tip to Dave Ries.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson