Technological progress has not only pleasing but also bad consequences. Together with the accelerated pace of corporate security systems development, new and more sophisticated types of cyber-attacks are emerging. According to the World Economic Forum, the protection measures taken by enterprises become outdated instantly. Over the previous year, the number of attacks increased by 30%, and this alarming trend continues. The market is short of about 2.72 million cybersecurity professionals to deal with the growing number of threats. This is where artificial intelligence can help businesses. Let's talk about six AI use cases in cybersecurity.
Statistics on AI use in cybersecurity
Researchers contributing to the 2022 Cybersecurity Almanac predict that spending on fighting cybercrimes will rise to $10.5 trillion. This is three times more than in 2015 ($3 trillion). Given the fact that the amount of global data is growing, it becomes more difficult to track and prevent vulnerabilities.
For example, 80% of telecommunications organizations are confident that they will not be able to respond to cyber-attacks without AI. The professional sector is a target for cyber villains (934 incidents were recorded in 2020). The public sector, manufacturing, and healthcare suffer from cyberattacks.
In 2020, AI in cybersecurity was worth more than $10 billion, and by 2027, the price will increase by almost 4.5 times. IBM estimates that companies that lack AI spend three times as much to mitigate cyberattacks as companies with deployed automated tracking systems. Nearly half of the managers surveyed by Capgemini say they use a smart algorithm to detect cyber threats. With its help, 34% of these professionals predict attacks and 18% respond to incidents.
Based on the above trends, Meticulous Research says that AI in cybersecurity will grow by 24% per year to reach $46 billion by 2027.
Six main AI use cases in cybersecurity
Imagine a campus that consists of several buildings. Getting inside is not difficult, because it is impossible to put a guard at each door. This is where AI helps: cameras read the faces of visitors and find those who “sit on someone’s tail” following employees with passes to enter buildings. This may be a worker who was too lazy to show a pass or a scammer. The larger the office, the higher the risk of intrusion, and the more useful AI systems for face recognition are. In a video, an algorithm singles out people who violate the security policy. An image of a person's face is compared with the database of staff members’ photographs; thus, the system defines if it is an employee or a stranger who decided to illegally enter the office.
If we consider the use of AI in a corporate network or on the Internet, we can talk about six main options for using a smart algorithm.
1. Detection of malicious code and malicious activity in corporate networks.
AI automatically classifies domains by analyzing DNS traffic to identify C&C, malicious, spam, phishing and clone domains, and so on. Previously, to manage this environment, it was enough to have good blacklists. They coped with their task albeit with regular updates and with large volumes. Today, domains are created in 1-2 minutes, used no more than 2-3 times within half an hour, and then criminals switch to other domains. To track them, blacklisting is not enough: you need to use AI technology. A smart algorithm learns to detect such domains and block them immediately.
2. Encrypted traffic analysis.
According to Cisco, more than 80% of Internet traffic is encrypted. It needs to be analyzed. You can apply the “government man in the middle” scheme or use AI technology, which, without encryption and decryption, allows you to identify the following issues by metadata and network packets and without analyzing the payload:
– malicious code;
– malware family;
– applications that are used;
– devices that work within the framework of an encrypted TLS session or SSL of one version or another.
These are technologies that work in practice and allow you to understand what is happening inside the encrypted traffic the volume of which is growing. And you needn’t invest much in it.
3. Detection of fake photos and substituted pictures.
An algorithm recognizes whether the face of a person in the photo has been replaced with someone else’s picture. This feature is particularly useful for remote biometric authentication in financial services. It prevents scammers from creating fake photos or videos and presenting themselves as legal citizens who could be granted a loan. Thus, they won’t steal the money of others.
4. Recognition of voice, language, and speech.
This AI feature is used to detect information leaks and read unstructured information in non-machine readable formats. This information enriches the data from firewalls, gateways, proxy systems, and other technical solutions that provide structured data. Thus, you will know who and when accessed the Internet and whether they used corporate or departmental networks. AI helps enrich this information with data from news, company newsletters, and so on.
5. Providing recommendations.
Based on statistics, AI makes recommendations on what protection tools to use or what settings need to be changed to automatically increase the security of a corporate network. For example, the Massachusetts Institute of Technology has created AI2, a system that detects unknown threats with a probability of up to 85%. The more analyses the system performs, the more accurately it gives the next estimate due to the feedback mechanism. Moreover, a smart algorithm does this on such a scale and at such a speed that human defenders would not be able to handle.
6. Automation of software vulnerability search.
A vulnerability is a bug in a program that allows someone to benefit from it (for example, extract data for sale, transfer money, steal private data from a phone, and so on). Thanks to AI, it has become possible to search for such errors automatically. AI looks for vulnerabilities in a program and examines the application interface. If it finds ransomware on a computer, it immediately disconnects its user from the network, thereby saving the rest of the company from dangerous infection.
AI in cybersecurity has great prospects. But it must be handled reasonably, like any other technology. It is not a silver bullet and having even the most advanced technology does not mean 100% protection. AI will not save you from serious attacks caused by neglecting basic cybersecurity rules. A smart algorithm should be implemented if a clear ecosystem that can adapt to a changing corporate network has been built. AI will be genuinely effective if it is developed, corrected, and tuned. This is time-consuming and difficult work, which will benefit if the technology is used carefully and not for the sake of being trendy.