Artificial Intelligence and the changing Cyber Security landscape in 2021

Cyber Security landscape in 2021

Artificial Intelligence and the changing Cyber Security landscape in 2021

Google Maps suggesting optimal commute to and from work and alerting about congestion on roads. Self-driving cars will significantly reduce the number of road accidents and keep commuters safe.

Email inboxes becoming smart enough to reply to emails on behalf of a person.

OCR software that deciphers handwritten cheques enabling people to deposit cheques via a smartphone app. A bank’s system detecting a transaction as possibly fraudulent and alerting the bank and the customer. Investing platforms that provide financial advice to consumers by collating and learning from best practices of investors and experts.

Social networking sites identifying friends and family in a photo and suggesting tagging them. Chat and instant messaging apps prompt textual or emoji responses to a received message.

Robotics Process Automation helping businesses increase productivity by automating everyday operations, handling exceptions, and resolving issues.
Asking a smart personal assistant, like Google, Alexa, Siri, Cortana, to search for something on the internet, or to set an alarm or reminder. Integrating Google and Alexa into homes, and shopping online, ordering food, calling, and speaking with your friends and family at the convenience of sitting anywhere in the house and not holding a smartphone.

Amazon displays product recommendations to a shopper on the website or app even if the shopper did not specifically search for the product. Content and streaming platforms like Netflix, Amazon Prime, or Disney shows a watcher what other content is popular based on something they watched in the past.

What’s Common in all The Situations Mentioned Above?

All of these have Artificial Intelligence (AI) and Machine Learning (ML) at play. It’s a wonder how technology has evolved, and the speed at which it has, that these accomplishments were made possible in the past decade. Application and adoption of AI increased exponentially during 2020 as the Covid-19 pandemic forced people, organisations, and governments to rethink everyday tasks.

It’s also a wonder that this is just scratching the surface of what AI and ML can achieve. Researchers, labs, and technology companies have innumerable applications of AI across all walks of life planned for the future.

Artificial Intelligence for Enhancing Cyber Security

Similar to how AI is enabling strides in all technology domains, it is also bringing about significant progress in the domain of cybersecurity to keep with information security controls in an advanced and intelligent world. With all the inevitable system integrations and data exchange that is bound to happen, securing systems, applications, personal and company data, and all other components will be more critical than ever.

In 2019, Capgemini published an excellent report that discusses in detail about AI in cybersecurity. This is a great resource for a company that wants to understand industry trends, to know how and where to incorporate AI, and the benefits that are achieved.

Following are some ways in which AI and ML are making a difference in advancing cyber security.

Identity and Access Management (IAM)

Usually, a password is the only barrier between hackers and users’ accounts. Most people do not create strong and effective passwords for everyday use. Moreover, they tend to use the same password across several different applications. This makes a hacker’s job easy to get access to multiple applications a person uses via techniques such as brute force attacks.

Biometric authentication helps to overcome the threat of weak passwords. While this has also been susceptible to attacks, AI algorithms have evolved to provide increased accuracy and prevent suspicious access.

AI has helped create a sophisticated biometric system in which a user’s face is recognised and authenticated by validating certain patterns and key correlations. This provides protection against a person’s facial photo being used to gain access. The success rate of accurately identifying an individual has also increased on low-light conditions, change of hairstyle, wearing glasses, etc.

User behavioural analysis

User behavioural analysis

AI and ML are also being applied to detect machine usage behaviour that is unlike a human action. The technology continuously monitors and analyses user activities on a machine such as typing and mouse movements which enables detecting is accounts have been compromised through suspicious user behaviour. This article by LogonBox gives more insight on Artificial Intelligence being applied effectively today, and in the future, in the areas of user/machine analysis and IAM.

Threat detection

There are hundreds of tools and applications available in the market for detecting threats. In addition to adopting these, companies have cybersecurity teams that continuously monitor and investigate threats to their systems, network, and architecture. The speed at which cyber attacks and threats are evolving requires an increasing number of cybersecurity professionals globally, however, there are not enough analysts and experts available.

AI and ML assist tremendously in this aspect by “lending a hand” and supplementing human efforts. They have the power to detect threats in real-time. The machine learning algorithms understand the detailed picture of a company’s infrastructure and network, and consequently the attack vectors that are associated with such setup. The algorithms can detect and process thousands of events every day, without getting tired; a level of analysis that is not solely humanely possible.

The algorithms understand different kinds of attacks and how to deal with each type in different situations. The best part is that they learn continuously, every day, by analysing any and every event, behaviour, and pattern. With this learning, the occurrence of false positives also reduces as the algorithm gets better at detecting real threats.
More information on AI and ML application in threat detection is available in this article on TechBeacon.

Fraud detection

Traditionally, fraud detection in online transactions has relied upon a team of analysts manually reviewing transactions and certain defined rules. These methods, while once considered the best, are not effective on their own in modern times – because they generate a large number of false negatives or false positives, are expensive to maintain, not scalable, cannot detect fraud in real time, and cannot keep up with how online frauds have evolved over time.

Enter Artificial Intelligence and Machine Learning. AI and ML can significantly enhance the capability of a business’ fraud detection strategy, and provide increasingly accurate outputs, all without a comparable increase in resources or costs. The key resource for ML is data. While large datasets in the traditional approach would have caused an impact to performance and productivity, ML algorithms thrive on datasets to continuously identify and analyse trends of normal and abnormal user behaviour.

ML is capable of analysing thousands of patterns of the journey of an individual’s online transactions in a day. Consequently, the accuracy of identifying possible fraud is heightened, and instances of false positives and negatives are greatly reduced.

AI and ML are the only available technology today that can help detect fraud in real-time and can block an abnormal-looking transaction from going through. They do the heavy lifting in terms of analysis of large volumes of data, and only flag items that need reviewing or decision making to analysts. ML algorithms learn from data continually, which is how they keep pace with the latest attack methods used by hackers to generate fraudulent transactions.

This article by Ravelin is an excellent read about how ML helps to achieve strides in real time fraud detection.

Malware detection

Malware detection

Did you know that malware is an umbrella category covering different kinds of threats like viruses, trojan, ransomware, and worm? Did you know that email is the most widely used method of spreading malware? You may have heard and read about few malware attacks like the WannaCry ransomware, CryptoLocker ransomware, MyDoom worm, and others, but did you also know about the CovidLock ransomware created by cybercriminals in 2020 to exploit the widespread fear of Covid-19 among people and use it to their benefit to make money?

Malware attacks are designed for attacking systems globally, causing damages in millions/billions of dollars in addition to significant damage to the reputation of individuals and organisations. Over time, these have evolved to be extremely sophisticated and hard to detect; and requiring significant investment in time and resources to detect and block.

On similar lines as fraud detection, AI and ML can help in detecting malware effectively and efficiently. Traditional approach to detect malware involved feature engineering where an ML algorithm is fed a base data set of “correct behaviour of a program”. The algorithm extracts and analyses the features of a program (for e.g., an executable program received via email) and compares these against the base data set to identify abnormalities.

This method helps differentiate between unharmful and harmful programs. While this method has been effective, it needs to evolve over time and be intelligent enough to fight against new forms of malware. This is where deep learning is now being utilised to create algorithms that analyse and compare the dynamic aspects of a program vs. the approach of static aspects. This new technique has shown to have improved accuracy at detecting malware over the previous approach.

VMWare has done good amount of research and development in malware detection using deep learning.

Conclusion

In this article, we have discussed a few of the critical areas of cybersecurity where Artificial Intelligence is transforming and supplementing traditional methods to keep systems, network, and data security. The list above is not exhaustive; AI is being applied across all aspects of information security and threat detection like endpoint protection, intrusion detection, scoring risks, bot spam, and much more.

While adopting the latest and improved cybersecurity measures for your organisation to protect you and your customers against cyber attacks is important, equally critical is periodical and continuous testing of the effectiveness of these measures. Contact us at Secure Triad to know how we can help you strengthen your cybersecurity defenses.