As we are reaching a new frontier with various kinds of technologies, more and more of our personal information is being sent and kept online, sometimes even without us knowing. Therefore, forms of hacking and phishing has become incredibly catastrophic because more and more extremely sensitive information are being obtained by each hack. In the past couple of years, cybersecurity has become a critical issue that all businesses and governments are talking about. Especially in the era of big data, artificial intelligence (AI), and machine learning (ML), cybersecurity is becoming a very hopeful yet worrisome field that is challenging many scientists, administrators and more.
“Cybercriminals need to get it right only once. Cybersecurity needs to get it right every single time.” This is the most important rule that the whole cybersecurity industry abides by. If you wait until the hackers to break through your firewall to react, it would be your organization’s worst nightmare. Although we hear about scandals of data leakage all the time on the news, many companies and organizations are still lagging on their cybersecurity systems. In a 2018 survey sponsored by Tripwire, a IT company specializing in security and compliance automation, only 11% of respondents believe their organization tracks all hardware devices on their networks, and only 21% say their organization track more than 90% of their software, while 56% track less than 70%. Many of the organizations also have constant problems with enforcing configuration settings, requiring changing default passwords, and deploying cybersecurity benchmarks such as CIS (Center for Internet Security) or DISA (Defense Information Systems Agency) guidelines.
However, cybersecurity is becoming a more frequently discussed topic at many companies with the rise of AI and ML. By feeding a huge amount of data of both legitimate and malicious files into the computers, the machines can come up with an algorithm that can distinguish hackers and phishing sites using the data about that file or the URL of the access endpoint. In doing so, organizations can avoid the mistake of neglecting potential threats that human analysts might make. A distinct characteristic of hackers is their ever-changing means of attack. What AI can do is to keep developing new algorithms that have been perfected through never-ending streams of data. Another popular technology in the making is called learning-based log processing. It is a multilayered approach to threat assessment, based on a file’s static attributes, dynamic behaviors, and its relationships with other files. Basically, through machine learning, computers can be taught to discern abnormalities in data instead of simply (though not so simply) following a developed algorithm.
A recent acquisition of Cylance Inc. (a private artificial intelligence and cybersecurity company based in Irvine, CA) by BlackBerry proves the importance of cybersecurity as an industry and the important role that AI plays in it. Nowadays, security is not a plus, but a must. As explained by John Chen, the CEO of BlackBerry, securing endpoints and the data that flows between them is absolutely critical in today’s hyper-connected world. By adding Cylance’s AI technology to BlackBerry’s cybersecurity solutions, it will be able to accelerate the development of BlackBerry Spark (the IoT platform for secure communications) and better connect, protect, and build secure endpoints that users can trust.
Unfortunately, with the wider deployment of AI in security systems, cybercriminals also saw the potential in ML-based technologies. By reinventing and improving previously seen automation used to generate new variant of older malware, the attackers can create new malware that consists of a mix of old and new variants which makes it harder to be detected. Also, they can create new spam and phishing content using ML to mimic previous successful campaigns. Just like how organizations can used AI technologies to enforce stronger security measures, the hackers can do the exact same to their own infrastructure to prevent their malware from being detected and hijacked. In the worst case when it does get caught, the ML-based malware can even automatically activate its self-destruct mechanism, thus avoiding detection and rendering further analysis impossible for organizations. The malicious possibilities using ML is almost countless, with many other examples such as mimicking legitimate network, increasing the speed of the attack etcs.
A familiar example of the use of AI in cyberattacks is spam emails/messages. For the past many years, English was the only language that had spam with decent grammar and style. Spam in most other languages looks like the work of a child, with broken sentences and contexts that didn’t make any sense. However, with the “help” of ML, these emails look not much less professional than any of the invoices you get from your clients, which can steal your confidential information in a matter of seconds.
While it is still unclear if there will be a more positive or negative impact of integrating AI technologies into cybersecurity systems, this new ML-based mechanism definitely opens up new possibilities for organizations to strengthen their defense in think big data era. By educating themselves, companies can begin to explore the countless opportunities in AI and possibly be benefitted immensely by acting fast in protect their organizations.