AI – cybersecurity friend or foe?

The ever-expanding influence of artificial intelligence (AI) in today’s environment extends into the realm of cybersecurity. International Data Corporation (IDC) estimates that the impact of AI in the cybersecurity market is growing at the rate of 23.6% annually and will reach a market value of about $46.3 billion by 2027. But is this impact positive or negative? Is AI a useful tool to help protect us from malware, ransomware and other criminal threats? Or is it part of the problem?

AI as a friend

Despite attempts to maintain the effectiveness of constantly-evolving cybersecurity measures, the sophistication, frequency and severity of cyber-attacks is increasing all the time. But AI can help in the battle; it has the capacity to assist with pinpointing and providing protection against the latest cybersecurity threats. Significantly, AI does this faster and with greater accuracy than ever before – which can make an important difference when trying to prevent or deal with a cyber-attack.

According to cybersecurity expert Chuck Brookes (in a Forbes article entitled ‘Cybersecurity trends and statistics for 2023; what you need to know’), “AI and ML (machine learning) can provide a faster means to identify new attacks, draw statistical inferences and push that information to endpoint security platforms.”

AI is also a useful ally in cyber-defence because the huge spike in cyber-threats and cyber-attacks means that there are simply not enough humans with the necessary skills to act as defenders. According to a recent study by IBM, the ‘good guys’ are completely outnumbered, with 68% of responders to cybersecurity incidents often having to deal with multiple cyber-threats or attack incidents at the same time.

AI is able to detect suspicious behaviour by system users across various diverse datasets. As an example: an employee mistakenly clicks on an emailed ‘phishing’ link and opens their company to a malicious cyber-attack. The threat actor introduced to the system tries to bypass all security measures while tracking down weaknesses to exploit, such as searching for compromised passwords or opening protocols to deploy ransomware, facilitating the seizure of the company’s critical systems to use as leverage against the business.

This is when AI comes to the rescue. It will immediately notice that the ‘employee’ who opened the link (now the threat actor) is behaving strangely. It will pick up changes in the supposed user’s process, such as their interaction with systems that they don’t usually interact with. AI will analyse this unusual behaviour and act on it, something that a static security feature couldn’t/wouldn’t do.

AI may also help human defenders speed up their investigation and response by automatically investigating and accessing data across systems for other evidence related to the incident.

In addition, AI capabilities have been honed to extent that they can be trusted to automatically respond to threats in an orchestrated response without human intervention. According to IBM (as published in MIT Technology Review), “IBM’s managed security services team used these AI capabilities to automate 70% of alert closures and speed up their threat management timeline by more than 50% within the first year of use … The more AI is leveraged across security, the faster it will drive security teams’ ability to perform and the cybersecurity industry’s resilience and readiness to adapt to whatever lies ahead”.

What is phishing?

Phishing is an extremely popular method of deception used by hackers. According to Brookes, “Phishing is commonly defined as a technique of hackers to exfiltrate your valuable data, or to spread malware. Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization, or a website you may frequent”.

Hackers use readily-available digital graphics, apply social engineering data, and have a vast array of phishing tools including some automated by ML, to create authentic-looking emails.

Phishing is often accompanied by ransomware and is a tactic for hackers to target company leadership or specific groups (known as spear-phishing) because they usually have better access to valuable data and are decision-makers.

Statistics based on data analytics from over 210 million devices, 175 million apps, and four million URLs daily indicate that 2022 saw the highest rate ever of mobile phone phishing, with 50% of the world’s mobile phone users exposed to a phishing attack every quarter.

Non-email phishing attacks are also on the rise, with vishing (voice phishing), smishing (SMS phishing), and quishing (QR code phishing) increasing sevenfold in the second quarter of 2022.

Cybercriminals use globally-trusted, well-known brand names to add credibility to their efforts. Most-abused is Microsoft, with more than 30 million messages using its branding or mentioning products like Office or OneDrive circulated globally to date. Other companies are also frequently impersonated by cybercriminals, including Amazon (mentioned in 6.5 million attacks); DocuSign (3.5 million); Google (2.6 million); DHL (2 million); and Adobe (1.5 million).

AI as foe

Unfortunately, AI is also being harnessed by cyber-criminals, with specialist designers being recruited to develop malware that is capable of evading the latest threat-detection systems. According to VentureBeat, “AI and ML are defining the future of e-crime”.

AI and ML are being used for multiple infiltration tactics, from designing malicious payloads to writing specially-tailored phishing emails customised to appeal to intended victims and fine-tuning algorithms that steal access credentials and passwords. The most skilled cyber-criminals use valid credentials sourced by identity theft to gain access (and survive unnoticed) in the victim’s system. Some of these cyberattacks are so safe from detection by standard security measures that they could lurk undetected in a company’s infrastructure for years.

In response to the increasing threat posed by criminals using AI and ML, leading cybersecurity vendors such as Amazon Web Services, CrowdStrike, Google, IBM, Microsoft, and Palo Alto Networks have made major investments in research and development to try to stop the onslaught. But will it be enough? Today more than ever, increased and constantly-updated cyber-resilience is the only option for vast corporates, small enterprises and private individuals alike.