AI Is Changing the Threat Landscape
AI Is Changing the Threat Landscape
Vendors are beginning to incorporate artificial intelligence (AI) and machine learning (ML) capabilities into their cybersecurity tools, enabling those tools to do everything, from automating aspects of penetration testing to monitoring behavioral analytics. At the same time, malicious hackers are using those same capabilities in malicious software to accelerate attacks and make them more difficult to detect.
To understand the potential threat AI-powered attacks pose, it’s useful to look at how security experts are employing AI and ML to protect organizational infrastructure and assets. AI systems parse enormous amounts of data. They can monitor network activity, monitor outputs from security tools, look for unusual patterns, and correlate events—all in real time, far exceeding the average human’s ability to perform such tasks manually. These capabilities are critical, especially in complex IT infrastructures. As Arun DeSouza, chief information security officer at Nexteer Automotive, explains, “AI and ML are critical components of an adaptive, proactive cyber defense strategy to diminish the organization’s attack surface and better protect the extended enterprise in this era of exponential increases in business risk and rampant proliferation of globally connected devices.”
An important benefit of AI is its ability to extend the capabilities of overwhelmed security teams. “The shortage of cybersecurity professionals is significant, both for enterprises and for embedded systems, and that shortage is not going to disappear,” says Charles Parker, a cybersecurity engineer and security architect at Aptiv. “ML and AI have the unique ability to help these experts through automation and deeper, faster analysis. These tools have been and will be used to expand the knowledge base we presently have to meet the challenge attackers pose.” Javier Avila, a cybersecurity analyst for AGS Alpama Global Services, agrees, noting that these tools can do what humans cannot. “Monitoring a complex environment requires expertise in many areas. These tools improve the detection of threats and provide better information to security operations center teams, enabling them to focus their attention where it is needed most.”
So, what risk does malicious AI pose, and how can you address that risk? Jayshree Pandya, founder and chief executive officer of Risk Group, describes the simple realities of today’s environment when she says, “AI is on its way to weaponizing cyberspace. Reports are emerging that autonomous warfare in cyberspace has already begun. As a result, developing autonomous cyber defense and offense capabilities will be necessary for the protection of complex IT environments.” She explains how cyber criminals are already using ML to automate cyberattacks: “From data gathering and analysis to vulnerability assessments and target determination for cyberattacks, the entire process is becoming automated. Moreover, cyber criminals could use ML to change and corrupt code so that security systems cannot detect the intrusion. Automation is on its way to becoming a core component of both cybercrime and cybersecurity.” DeSouza expects that attackers will be able to probe for weaknesses in a system far more effectively. He says, “Bad actors will use AI and ML to probe weaknesses in operating systems security, leading to an increase in ‘zero-day’ attacks, and exploit poorly managed privileged access accounts.”
Parker agrees that the threats are very real. In many ways, it is simply moving the contest to a new level on both sides. “These new technologies will complicate defensive measures,” he says. “They will produce more of the cat-and-mouse game that we presently have: Attackers create malware, cybersecurity professionals create a method to detect and remove that malware, the attackers then create new or differentiated malware, and the cycle begins again.” He says that to prepare for this new level of cyberattack, security teams need to think outside of the box; they cannot be limited by prior methods. “This is a brave new world and should be treated as such.”
Avila notes the importance of keeping an eye on the fundamentals, even in the face of emerging threats. “Threats are becoming more complex every day,” he says. “You have to maintain the necessary controls so that you can mitigate and control them. You must adjust your solutions to use correct logging, monitoring, and policy formation.” Both Pandya and DeSouza underscore the importance of education and information sharing to stay ahead of advanced threats. To protect their environments, DeSouza recommends that cybersecurity professionals “educate themselves about these areas and build coalitions to collaborate with fellow professionals and organizations. People need to share best practices and develop proactive strategies for their mutual benefit.” He also emphasizes the importance of using the most advanced technologies to counter new threats, saying, “Use real-time security analytics as well as AI and ML. Be early adopters of quantum computing technology, which can help power adaptive response strategies.”
- AI and ML are critical components of an adaptive, proactive cyber defense strategy.
- Bad actors will use AI and ML to probe weaknesses in operating systems security.
- AI is on its way to weaponizing cyberspace. Reports are emerging that autonomous warfare in cyberspace has already begun. As a result, developing autonomous cyber defense and offense capabilities will be necessary for the protection of complex IT environments.
- To defend against AI-powered attacks, expect the unexpected; maintain good monitoring and controls; share best practices and proactive strategies for mutual benefit; and use the most advanced technologies, including AI and quantum computing, to power adaptive response strategies.