Can Artificial Intelligence Make Us More Cyber Secure?

In 2023, at a World Economic Forum meeting, cybersecurity was top of mind, with artificial intelligence (AI) described as a new tool that could be critical in dealing with the complex and rapidly evolving level of threats from relentless bad actors and nation-states whose activities included sophisticated volleys of phishing attacks, ransomware and breach attempts. Since 2023, AI Large Language Models (LLMs), neural networks and machine learning (ML) have arrived in force, and what they are bringing to cybersecurity is significant.

Pros and Cons of Using AI for Cybersecurity

Just as cyber threats have evolved, so too have the ways we protect companies and organizations. One of those ways is using AI-based systems, which are being integrated into cybersecurity solutions to provide enhanced protection, more timely breach detection, and more efficient security processes. Like all technologies, however, AI has pros and cons. In this post, we point out first the pros and then the cons.

AI Advantages for Cybersecurity Protection

Enhanced Threat Detection

AI is good at finding patterns and anomalies in massive data sets, so it is also an effective way to spot potential cyber threats. Most old-school cybersecurity solutions are rule and signature-based, detecting malware or dodgy behaviour based on well-defined rules and signatures. AI, however, is ready to analyze massive quantities of data in real time and identify emerging threats, and it does so even when such threats have never been seen before.

AI can detect anomalous activity in network traffic, user actions, and file manipulations, which may point to a security threat. This skill is advantageous over traditional approaches. 

Faster Response Times

AI can automate much of the threat detection and response process to minimize the time to discover and resolve cyberattacks. AI-powered systems are much faster than human analysts at information processing, pattern spotting, and eliciting responses.

AI can instantly launch pre-determined defensive steps when detecting a threat, such as cutting off access to sensitive and privileged files, isolating compromised systems, and sequestering malware without human intervention. This is especially important when dealing with ransomware.

Learning and Adapting Over Time

AI security learns and evolves to keep up with emerging threats. The more data it processes, the better it gets at recognizing new attack patterns and refining defences. Machine learning (ML) plays a critical role in improving threat detection with the system learning from prior cyberattacks and, therefore, getting better at predicting and detecting future ones.

Reducing Human Error

Security teams are sometimes drowned by alerts, leading to missed threats or delayed responses. Offloading repetitive tasks to AI makes for more effective security operations and decision-making. The tasks the AI can do include monitoring network traffic, parsing log files, and hunting for malware. The security team can concentrate on more advanced concerns that require strategic decision-making, ethical judgment, and complex problem-solving.

AI Drawbacks for Cybersecurity Protection

Dependence on Quality Data

AI algorithms need big data to work well. Ultimately, AI is only as good as the data fed to it. If the AI only sees partial information or is fed faulty data, it can be exploited, leaving a system open to cyberattacks. Similarly, if the AI is trained using biased datasets, it may not recognize a real-world threat. AIs fed poor data will miss key vulnerabilities or label benign behaviour as malicious, leading to false positives.

Robustness to Adversarial Attacks

AI is a potent tool for spotting malicious cyber activity, but it can also be vulnerable to these attacks. Adversarial attack methods that insert false data can impact AI systems negatively, leading to wrong decisions. AI jujitsu refers to “data poisoning” tactics which change how AI algorithms detect and respond to malicious activities. Cyberattackers can take advantage of these types of AI flaws to make the security monitoring less effective.

High Costs and Complexity

AI-based cybersecurity solutions can be expensive to implement and maintain. It can take a lot of expertise and work to ­ construct, train, and refine an AI cyber defence system. As a result, smaller and mid-sized businesses may find AI cybersecurity too expensive to deploy. In addition, AI cybersecurity solutions can require a company to make significant investments in high-performance computing and high-priced expertise for governance.

Over-reliance on Automation

While AI can improve the efficiency of security systems, a dependence on automation can also be dangerous. AI systems aren’t foolproof and often can miss little telltales during a cyberattack that only a human analyst would notice. Becoming overly dependent on AI, therefore, can give a company a false sense of security and create complacency. That’s why the human element of cybersecurity needs to be retained to minimize the risk of AI missing an imminent or ongoing attack.

AI’s Cybersecurity Future

AI is already transforming the cybersecurity landscape. It is transforming the cybercriminal world as well. What can we expect in the future?

• Cybercriminals will use AI to create adaptive malware, making phishing emails harder to detect and making threats even more sophisticated. The countering response will be developing AI defenders with more advanced real-time anomaly and threat detection.
• Cybercriminals will move from databases to unstructured data such as text, images and video in the future. This requires a new generation of AI cybersecurity tools that can protect these types of digital assets.
• Perimeter-based security will increasingly be under threat with companies deploying multi-layered, zero-trust architecture requiring continuous verification of all users and devices. This is something already underway.
• When quantum computing technology goes mainstream, it will be capable of breaking current encryption methods. As a result, the security industry will need to develop and adopt quantum-resistant algorithms.

The future of cybersecurity will require all of the above, where AI algorithms will combine with effective governance and constant adaptation to counter every cybercriminal threat, whether human or AI. The preferred strategy for AI cyberthreat deployment will be to automate detection wherever possible and use human cyber defences to manage investigations and determine the best response to any cyber threats.