In our modern and highly digitalized world, the fight against cyber-attacks has become more difficult and persistent than ever before. Hackers continuously improve their hacking techniques, forcing organization to constantly adapt and innovate their cybersecurity efforts. In addition, not only did their techniques improve, COVID-19 has also caused a shift to hybrid working, taking computers out of firms’ protected environments, increasing their vulnerability (Cisco, 2022; Dua et al., 2022). Artificial Intelligence (AI) could be one of the most revolutionizing weapons in this everlasting fight thanks to its capacity to examine massive databases, find anomalies, and quickly respond to those threats. Below I will further elaborate on just a couple of areas of cybersecurity, I found AI is a useful tool.
1. Behavioral analysis
Due to AI’s capabilities of analyzing and comparing vast amounts of data, Artificial Intelligence could be employed to constantly observe user and system behavior to identify and report suspicious behavior (VMware, 2023). Being able to identify suspicious behavior enables security teams to quickly respond to threats and identify new vulnerabilities.
2. Improving defense against phishing
Almost everyone has ever encountered phishing emails in its life as phishing is one of the most used methods used by cyber criminals (Cisco, 2023). The success of this technique relies heavily on human errors, which is a huge vulnerability for security matters. As hackers improve their phishing techniques, recognizing malicious emails becomes much harder. AI could be implemented in this field for thoroughly examining messages and blocking any harmful phishing attempts and informing users on suspicious details they might have missed (Visua, 2022).
3. Network surveillance
Network surveillance is the practice of monitoring computer networks for vulnerabilities such as unauthorized access or other suspicious behavior (Rouse, 2016). On this field of cyber security, AI could be used for continuously performing surveillance tasks such as packet sniffing, screening systems trying to access the network, and analyzing logs and flows. This is crucial for maintaining the security and integrity of corporate networks.
Bibliography
Cisco. (2022). How Modern Security Teams Fight Today’s Cyber Threats. In Cisco Umbrella. Retrieved October 13, 2023, from https://umbrella.cisco.com/info/ebook-how-modern-security-teams-fight-todays-cyber-threats
Cisco. (2023, October 5). What is a cyberattack? Cisco.com. Retrieved October 13, 2023, from https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html
Dua, A., Ellingrud, K., Kirschner, P., Kwok, A., Luby, R., Palter, R., & Pemberton, S. (2022). Americans are embracing flexible work—and they want more of it. McKinsey & Company. https://www.mckinsey.com/industries/real-estate/our-insights/americans-are-embracing-flexible-work-and-they-want-more-of-it
Rouse, M. (2016, March 16). Network Surveillance. Techopedia. Retrieved October 13, 2023, from https://www.techopedia.com/definition/31668/network-surveillance
Visua. (2022, October 27). Anti Phishing With Detection Powered By Visual-AI. VISUA. Retrieved October 13, 2023, from https://visua.com/use-case/anti-phishing-detection-with-visual-ai
VMware. (2023, April 9). What is Behavioral Analysis. VMware.com. Retrieved October 13, 2023, from https://www.vmware.com/topics/glossary/content/behavioral-analysis.html
Great posts and inisghtful examples. However, I was wondering about the possibility of Hackers using AI. I think that would then pretty much level the game again, as one AI tries to trick the other by making it believe its human. Do you perhaps have an opinion on that?
Thank you for your comment bringing up this perspective. Indeed as history has shown that inventions always have ‘good’ and ‘bad ways’ to be used the same applies for implementing AI in cyber security. For example, hacking systems requires a very good understanding of the targeted system (e.g. its structure, processes, connection points etc.) In this case AI could be used to analyze the target system and quickly find all the vulnerabilities hackers look for and maybe even propose a mode of attack.
So, good point you made, I do agree with you on the fact that hostile implementations might level the game again. I guess we’ll have to wait and see how this fight develops. These are some possibilities I can quickly think of:
A. The emergence of AI only intensifies the battlefield as it becomes more complex and increases the scale of attacks.
B. AI only improves security only on certain levels of security (e.g. the more simple attacks such as phishing or simple viruses)
Thank you for bringing this interesting blog to my attention. This is an extremely important topic because I constantly see data breaches, or even worse, companies that end up having their servers fully encrypted, which is obviously extremely damaging to a company. The interesting thing about implementing AI in cyber security is how you do it.
I see you mentioned behavioral analysis. But it is interesting here how you can teach AI what is right and wrong because every employee has his/her own style of working, for example, someone stays in the system until 2 AM whereas his colleagues close their computers at 6 PM (this could trigger a lot of unnecessary reports), that is just one example but there are many more.
I appreciate that you included the phishing topic; however, in this case, I believe that implementing an AI bot would be more efficient because you teach it directly how a message should look and provide some examples of phishing text. Furthermore, I believe that in order to combat phishing, you should connect the email database so that when a new person contacts you who is not in the database, the AI bot displays a message saying it’s a new contact and shows the matching name for an email in the database so you can directly check (instead of sales@amazon it is salesamazon@gmail) because most of the time you see Amazon and think it’s them when in reality it’s a hacker.
For network surveillance, I believe the most important factor is data flow. For example, if you know that every employee has a certain amount of data sent to the system, and one day it’s 100 times more because his/her account was stolen, the AI can send a report to the security team. This feature would be very useful in my opinion because it would shorten the reaction time and reduce the damage caused by cyber-attacks.
This topic is of great importance nowadays because even though security systems become more complex, hackers also get better and better. Therefore, an innovation like AI would be a way to solve it.