How Artificial Intelligence Is Improving Cybersecurity
August 29, 2022
Cyberthreats arrive at a volume and threat level beyond what cybersecurity professionals can manage on their own. Fortunately, AI handles the grunt work—and some high-end analytics as well.
Cybersecurity threats aren't just a moving target – they're thousands of moving targets, too many for any individual or team to hit. Businesses receive 10,000 alerts daily on average, with that number rocketing to 200,000 for midsized companies.
More than half of cybersecurity leaders surveyed in 2021 found the volume of alerts overwhelming, with a corresponding lack of confidence in their ability to prioritize and respond to them. Potential victims include corporations, government entities, and the military, with attackers demanding money, stealing personal data, or manipulating behavior. Ransomware attacks set a record in 2021. Cybersecurity Ventures estimated that global cyber crime costs doubled from $3 trillion in 2015 to $6 trillion in 2021, with an expected peak of $10.5 trillion by 2025. One expert likened the battle against cyberthreats to a game of Whack-A-Mole.
Artificial intelligence (AI) has become the mallet of choice to whack all those moles. AI does what humans can't, analyzing millions of events, identifying vulnerabilities, and learning as it goes. Humans don't have the bandwidth to find patterns in massive amounts of data, but machines do. Sometimes AI can knock out a threat directly. When it can't, AI helps humans narrow a flood of threats down to a manageable trickle. AI has become a multibillion dollar business in cybersecurity alone, with the market expected to reach $46.3 billion by 2027.
In this article, we discuss how artificial intelligence is improving cybersecurity. We'll discuss existing and emerging AI technologies to detect and prevent malicious activity. We'll address the questions:
- How is AI used to bolster cybersecurity?
- How is AI used by cyberattackers?
- Benefits of AI
- Limits of AI
- Advancing your AI cybersecurity career
How is AI used to bolster cybersecurity?
Ever had to find all the fire hydrants in a group of pictures to prove you aren't a robot? That's one of many ways AI does its job.
AI systems monitor online activities connected to a business, corporation, or government entity, authenticating users, analyzing data, crunching numbers to create reports, spotting malware, detecting intrusions, responding autonomously to minor threats, and sounding the alarm for major threats so human security teams can take action. Well-trained AI can stop attacks quickly and allow organizations to address threats in real-time without shutting down. Cybersecurity experts can even use predictive AI to illuminate potential attack routes into complex networks, providing opportunities to anticipate attacks and shore up defenses.
The larger the organization, the more vulnerable points it's likely to have–what experts call its "attack surface." That surface may include apps, ports, websites, servers, and code. It may also include thousands of individual devices (computers, phones, etc.), which have become more decentralized in the wake of the COVID pandemic. In 2020, attacks on home-based workers jumped from 12 to 60 percent during the first few weeks of the lockdown, Deloitte reports.
Back in the day, security systems relied on databases to look for telltale malware signatures. Now, according to Data Center Knowledge, AI can watch for suspicious malware behavior, such as software that masks itself or rapidly encrypts multiple files. AI can also look beyond an attack surface for signs of outside threats. For example, it could spot linguistic patterns in threats on the dark web and report them to analysts, according to Sagar Samtani in The Conversation.
How is AI used by cyberattackers?
One down side to AI: It's not just available to the good guys. AI can also be used to thwart security efforts and launch attacks. Some of the very things that make AI such an effective tool for fighting cyberattacks also make it an effective tool for launching them.
AI allows hackers to penetrate defenses and create malware that mutates to mask itself. It can be used to guess passwords and get malicious emails past security barriers. New kinds of cyberattacks hide by automating attack timing or target selection via AI. Cybercriminals and terrorists can use AI to accelerate, escalate, and better target attacks, with new threats on the horizon.
Benefits of AI
Let's face it: Poring over endless data streams for signs of a threat is a sure cure for insomnia. Even the most diligent analysts may get bored or complacent and leave an opening for an attack. That's one of many advantages to AI: It does the boring, repetitive work without ever nodding off, leaving higher-tier human analysts to tackle more compelling security challenges. And its algorithms can correct themselves by processing inputs and outputs simultaneously, a process called machine learning.
AI offers a number of other advantages, including:
- Learning over time: As Balbix notes, AI can assemble profiles of assets, networks, and users, learning norms and spotting deviations. That knowledge can help spot and shut down financial fraud and other threats.
- Handling large quantities of data: In an era where terabytes of flowing data have become the norm, AI can keep an eye on things in ways that no human could.
- Lightning-fast reflexes: AI can spot and respond instantly to many threats, making evaluations and decisions at a rate 10 to 15 times faster than traditional methods. Al Dillon of Sapper Labs predicts that rate will increase to 50 times faster by the middle of this decade.
- Identifying previously unknown threats: AI can watch for anomalies that may indicate new means of attack.
- Gatekeeping: Authenticating users via CAPTCHA, facial recognition, and other means helps keep valid users in and unwanted intruders out.
- Keeping up with trends: AI systems can monitor and report on the latest cyberattack trends, both universal and specific to a particular industry.
- Keeping up with assets: The bigger the organization, the more apps, users, and devices it has. AI can keep tabs on them all. And, as Data Center Knowledge notes, an AI system can disconnect a device from its network if it spots a threat, such as ransomware.
- Saving money: AI can show the most effective ways to deploy resources, saving money in the long run. SailPoint reports that AI can help organizations lower their costs from 12 to 15 percent.
- Risk assessment: AI can help organizations analyze past threats, pointing to vulnerable sectors and helping to prioritize deployment of defensive resources.
The limits of AI
As powerful a tool as AI can be, it's not the total package. AI still needs human guidance to know what to monitor and how to address threats. Questions of "bias, fairness, transparency, and ethics" remain to be answered when it comes to AI-based cybersecurity systems, says Sagar Samtani, assistant professor of Operations and Decision Technologies at Indiana University.
And while AI can narrow down the events that merit attention, the scale of modern data may still leave analysts overwhelmed. A company could face 300 billion events in a day, with only a handful posing serious threats, says Nash Borges, vice president of engineering and data science at SecureWorks. "So even if you had an amazing detector that was 99.999 percent accurate, you would be searching for those dozen true positives in a sea of three million false positives every day," he told Data Center Knowledge.
Advancing your AI cybersecurity career
Looking for a safe career bet? How does zero-percent unemployment sound? Cybersecurity is one of the surest things around, with professionals never more in demand. The United States had almost 500,000 open cybersecurity jobs in 2021, with four million open worldwide. One study found a 94 percent increase in cybersecurity job listings in six years.
Cybersecurity jobs now make up 13 percent of all IT positions. Entry-level U.S. candidates with 0 to 2 years of cybersecurity experience earn between $64,300 and $97,700. The average entry-level salary averages around $81,400.
Employers look for well-rounded, creative people who can see the big picture, work well under pressure, have empathy, enjoy the thrill of the chase, and, of course, shine when it comes to troubleshooting and investigative work. To tap into this lucrative market, you'll want to earn a bachelor's degree in computer science, computer information systems or a related field, if possible. While jobs are available for people with associate degrees, those with bachelor's degrees earn $20,000 more per year, according to Payscale.
The federal government recently gave budding tech sleuths a boost when President Biden signed the Cyber Security Opportunity Act into law, funding a cybersecurity grant education program at historically black colleges and universities (HBCU). A master's or Ph.D. can bring opportunities for professional advancement and higher salaries.
Master's cybersecurity programs are available coast to coast, such as the online offering from the University of Tulsa. Experienced cybersecurity professionals with greater responsibility earn well into six figures. Cybersecurity architects earn between $132,000 and $173,000 annually, while chief information security officers (CISO) make $224,305 a year, on average.
Looking to improve your skills without committing to the time and expense of grad school? Consider a bootcamp, MOOC or certificate program like the ones offered by San Diego State University. While they aren't likely to boost your career as much as an advanced degree can, they can give you a competitive edge. Cybersecurity bootcamps usually take 12 to 15 weeks at an average cost of $15,000. A MOOC program (massive online open course) like the one offered by CompTIA offers the opportunity to update your skills or earn a certificate.
Questions or feedback? Email email@example.com