By Joyce Rodriguez
The use of Artificial Intelligence (AI) through various technologies has proven to be a boon and bane to the world of cyber security in many ways. At an individual level, we see the use of AI to deceive, steal or defraud people by generating deep-fake data. At enterprises, we see a rise in the misuse of AI technologies to carry out sophisticated cyber-attacks through social engineering, launching large-scale DOS (Denial of Service) attacks or creating self-managed malware that can evade detection. These amongst several other malicious attack techniques are beginning to cost enterprises significantly. On the world stage, we see the use of advanced technologies in modern warfare to fight geo-political issues.
While on one hand AI-based technologies have become a cause for concern, the same, if rightly put into use, can help fight cybercrime. There are three areas where the use of AI needs deeper embedding to improve our overall cybersecurity strategies.
- AI-enhanced tools for cyber security: Today, AI can be embedded within almost any security product like in firewalls, content filtering, intrusion prevention/detection systems, deception technology, endpoint protection tools, SIEM, DLP, etc., the list goes on. The branches of AI like Machine Learning (ML), Deep Learning (DL) and Natural Language Processing (NLP) within these products has improved the number of use cases, the types of built-in responses to anomaly detection and the accuracy of detection remarkably. Finding rare anomalies that could also be a zero-day vulnerability, analysing complex behavioral patterns to find the minutest risk or building predictive intelligence through data scrapping are some of the uses that have evolved more recently. Further advancements in this space requires the right investments in research and testing to maximise the benefits of enhancing tools with AI.
- AI-driven automation for security and regulatory compliance: While there are uses of AI to work in the unknown identifying new threats, vulnerabilities, or behaviors, over time, the mitigating strategies to these risks become known and have a routine solution. AI-driven automation tools or AI embedded within existing automation tools can help execute these mitigating responses without or with little human intervention. The use of AI-driven automation within specific tools like the Security Orchestration, Automation and Response (SOAR) are already automating threat responses that involve low-skilled triage. Apart from SOAR systems, Robotic Process Automation (RPA) platforms can now help automate compliance processes and IT operational tasks that help in preventive security. AI-powered automation software is now easier to use through low-code / no-code platforms and is proving to improve the efficiency of IT and Cyber teams in managing the growing security and regulatory compliance requirements for enterprises.
- AI-based security use cases embedded in business software or enterprise infrastructure systems: We see the use of AI components like ML, DL, NLP, speech recognition and image processing in business applications. Likewise, we also see AI being embedded in IT infrastructure like SD-WAN, Edge Computing, etc. Many of these solutions are stepping out of the classic enterprise architecture, and therefore, will not benefit from traditional security approaches. The key to securing new technologies is to identify potential abuse use cases and build-in native protection capabilities within the solutions.
Organisations evaluating their security strategies to mitigate the current and emerging threat landscape need to consider a balance in their investments across the above three categories to attain a more holistic and future-proof security posture. One of the first challenges, enterprises face here is making the upfront investment, as the cost to implement these technologies would seem high till you start seeing the returns. The other big challenge we will have to deal with as a security community is the shortage of skills in this space.
The author is partner, risk advisory, Deloitte India
Follow us on Twitter, Facebook, LinkedIn