UnitedHealth Says BlackCat Behind Change Healthcare Cyber Attack
This article was written by esteemed tech analyst Chester Avey.
Cybersecurity has never been more important. With businesses of all sizes and even governmental organisations facing unprecedented levels of cyber-attacks and data breaches, it is unsurprising that company leaders and IT specialists are looking for the best possible ways to defend themselves.
This has led to a lot of talk around the possibility that artificial intelligence (AI) could have an enormous role to play. Former DoD security analyst Sam Bocetta has predicted that “thanks to the quickening pace of natural language capability development, artificial intelligence will likely be at the forefront of the next wave of cybersecurity tools”.
So, perhaps there is good reason to think that AI could be the future of cybersecurity. Here we take a look at the current of AI in cybersecurity and how this could be likely to change in the future.
The Limits of Traditional Defences
Traditionally, we have relied on software to do a lot of the work of cybersecurity for us. Firewalls and antivirus software, for example, work on the simple basis of understanding how to detect known cyberattacks. This comes with a number of problems, however.
Firstly, these types of software can only provide defence against known issues - leaving them vulnerable to types of attacks they have never seen before. Additionally, there are many types of cybercrime that are perpetrated not by pieces of software but by the determined work of hackers. The software can do little against this type of attack.
How AI is Influencing Cybersecurity
A good example of an area where we have seen AI working in conjunction with cybersecurity is in security information and event management (SIEM). This is a modern form of cybersecurity that makes use of machine learning.
SIEM solutions collect information from a company’s computer system over a period of time. This allows it to establish a baseline of normal behaviour within a company’s system. It is through AI that it is able to understand what constitutes normal behaviour.
Once it has this baseline, SIEM is able to recognise unusual behaviour or events. This could be something like a user logging in from an unfamiliar location - an event that could have a completely innocent explanation, or one that could be the result of a hacker taking control of the account and using it to access the system.
The SIEM software flags this event as something that needs to be investigated. It can then be handed over to a cybersecurity professional who will take a closer look and understand if it is innocuous or dangerous.
The Human Factor
We can see in the example above that despite the powerful use of AI in a cybersecurity solution, the human factor was still vital.
Of course, while it is true that AI clearly has a massive role to play in the future of cybersecurity, we can’t expect the entirety of web defences to be AI-based. Indeed, part of what makes cybersecurity such a growing challenge is the nature of constant evolution driven by cybercriminals.
And just as it has taken human ingenuity to grow the sophistication of cybercrime, there are some aspects of cybersecurity that require that same level of human ingenuity.
Ethical hacking is a part of cybersecurity that is growing in its importance. According to cybersecurity specialists Redscan, ethical hacking professionals, “don’t rely on automated scanning applications. To detect hidden and complex vulnerabilities, they leverage a range of open source and commercial pen testing tools to manually perform tasks such as network and asset discovery, attack surface mapping and exploitation”.
This shows that the human factor is still going to be an important part of cybersecurity as time goes on.
AI is important in not only maximising the potential of cybersecurity services, but also in helping to predict or understand an attack is happening as soon as possible. However, that doesn’t mean that AI can be solely considered the ‘future of cybersecurity’.
In fact, it is necessary to take a far more holistic approach, utilising the knowledge of cybersecurity specialists, automated tools, background software and much more to help in the fight against cybercrime. The worst thing that any business can do is assume that there will be a silver bullet to deal with all forms of cybercrime - in fact, it requires ongoing attention.