Byline: Neil Kell, Director of Evolve Security Solutions, part of the CSI
As digital footprints widen and the value of data increases, so too does the risk for organisations. The latest Cyber Security Breaches survey reported that 43 per cent of UK businesses experienced a breach in the previous 12 months. This figure rises to 65 per cent in medium to large businesses.
No sector is immune from cyber attacks and the increasing level of sophistication means that they present some of the most the most strategically significant risks to business today. Cyber security is driven by the need to remain one step ahead of the attacker. As a business transforms digitally by harnessing artificial intelligence and machine learning, its cyber weaponry needs to transform with it if it is to have a perpetual edge on cyber threats.
Awareness of the threat
In 2017, the WannaCry ransomware attack marked the beginning of a new era in cyber attack sophistication. The speed of the attack paralysed systems as it moved laterally through an organisation in a matter of seconds, affecting some 150 countries around the world. The incident has already inspired multiple other copycat attacks.
And this cycle of dark cyber innovation will only continue. Sophisticated threat actors can now maintain a long-term presence in their target environments for months at a time before they’re detected. They move slowly and with caution, evading traditional security controls and are often targeted to specific individuals and organisations.
As a result, cyber security is changing and CISO’s need access to a growing repertoire and sophistication of tools at their disposal. When it comes to prevention, nothing else offers the same level of sophistication as artificial intelligence – or AI-based threat protection.
How does AI threat detection work?
While traditional anti-virus software uses a signature methodology, detecting and responding to attacks once the bomb has gone off, artificial intelligence methods involve machine learning, prediction and prevention so that the bomb can be stopped from going off in the first place.
In the early 1990s there were 400 new threats each month, so updating signature-based systems was maintainable and manageable. In 2019 there are now a reported 400,000 new threats every twenty-four hours so updating signatures takes too long – enter AI.
There are some six million common characteristics within malware files that have been identified. Now, AI-based cyber security can use this information within core algorithms to produce a predictive model that can identify good and bad traits of a file even if a signature changes. Traditional signature-based methods offer 60–70% protection against known and unknown threats but using these new AI-based security tools that learn as they go along, protection can be increased to 99.7%.
As well as detecting the threat, AI-based security can include automated quarantining and orchestration as well as advanced reporting, which can lead to remediation strategies. For example, by identifying how a threat came into the network, where it came from and what it did across the system, the machine learning model is constantly learning and evolving to improve protection levels. It can then automatically update endpoints with the relevant protection.
Obtaining a perpetual edge on threats
One of Europe’s largest medical testing companies uses AI-based threat protection to identify tell-tale patterns before they become attacks. The company operates in a high-stakes, round-the-clock environment where a breach that affects the availability of compute can have life and death consequences for patients.
The transmitting of sensitive patient data to clinicians needs to be reliable, immediate and above all secure. With some tests performed while patients are mid-operation, its goal was to reduce the threat of cyber-related outages to near zero.
The company brought in a scalable AI-threat solution that can expand as a threat escalates. As a result, it had advanced warning about the WannaCry malware two days before it was widely reported, and was fully protected against the threat, as well as the follow-up Petya attack. Other organisations working in this sector were not so well prepared.
AI boosts productivity
As AI looks at the characteristics of malware, there is no need to update the signature files daily which reduces the overhead on endpoint devices by 11-13% with traditional protection to around 1-2% resulting in an extra 10% of compute power to use elsewhere.
This also helps eliminate false positives, aiding the processing of suspicious files as it avoids flooding IT teams with alerts. Instead, the role of humans is augmented, taking some of the ‘heavy lifting’ away from them, which is better suited to a machine and improving productivity in the process.
What is the future of cyber security?
Continuing advances in AI-enabled tools will take security from a reactive operation to a predictive one, greatly reducing the risks of advancing threats. With the introduction of AI, time is finally on the side of the defender as it can often help predict an attack before it occurs. When the malware does turn up, the enterpriseis already protected.
As AI tools advance, their use will expand from prevention to also cover remediation, testing the capabilities of AI to see if this process can also be done much quicker. This will be the next step in AI and machine learning in the application of cyber security.
However, it’s important to remember that as security professionals advance machine learning defensively, attackers will adopt the latest AI and machine learning techniques for the dark web. Whether DDoS attacks, ransomware or some other kind of malware, a threat actor can use AI to spread the threats faster and target more vulnerable machines through automation. The only way to combat the malicious use of AI is with AI itself. Therefore, adopting AI as part of a business’ toolkit is essential as the technology advances.