Double-edged AI: An Arms Race Between Defenders and Attackers

Whether artificial intelligence (AI) is beneficial to humanity or a threat to existence is an ongoing debate. And the business world seems just as uncertain. While companies deploy AI to speed up business processes, their competitors are too, and cybercriminals also leverage the technology to steal sensitive and proprietary information.

As organizations realize the need to build their defenses, AI has quickly become a pivotal cybersecurity domain in the arms race between defenders and attackers. It has become a double-edged sword, a blessing and a curse. About 60 percent of organizations that adopt AI see the security risks that the technology can generate.

Cybersecurity Spending Grows

Cybercriminals don’t just target businesses but also users and third parties. In 2019, security experts discovered more than 20,000 new security vulnerabilities, an 18 percent increase from the previous year. And businesses are increasing spending in cybersecurity, expecting to hit $150 billion in 2021, with cloud security topping at 41 percent growth, followed by data security (17%), infrastructure protection (16%), and identity access management (15%).

AI could be the gamechanger in cybersecurity, as it analyzes massive amounts of data faster, quickens responses to threats, and augments human operations. But although 36 percent of AI adoption goes to data security, bad actors have weaponized the technology. AI as a security threat is not only stuff of science fiction. It has become real.

Offensive AI

Hackers use AI to design and conduct attacks. Offensive AI or AI-powered cyberattacks are increasingly trending. Eighty-eight percent of security leaders see the inevitability of offensive AI. While 77 percent expect its weaponization, 75 percent worry about the disruption it creates. But the majority agree that thwarting offensive AI requires increasing the sophistication of a company’s cybersecurity posture.

Integrating AI in enterprise security can be critical to an organization. But it has its own set of challenges as the attack surface expands, from IoT devices and cloud systems to traffic and signals of multiple networks. Due to the volume of data, an enterprise-level attack could cost north of $4 million, with more than six months of recovery.

AI Could Improve Security

But AI could help save the day in enterprise cybersecurity, as it can process, analyze, and assess millions of datasets to predict risks of a breach. It provides visibility across IT/OT environments and a deeper assessment of the situation. It can also track assets while creating a self-learning system for thwarting future attacks.

With an AI system in place, it is possible to efficiently identify security gaps in complex networks or gain control over configuration settings. Responding to breach incidents and explaining their root causes for future reference will be a lot easier and faster, too.

Outsmarting Cybercriminals

Hackers target information technology (IT) and operational technology (OT) networks. They are getting smarter with better tools. Cybercriminals employ hacking tactics, like espionage and deception through social engineering, to steal credentials, penetrate the IT network, and move into the OT system. And they know how to avoid being detected and observed.

Both unorganized and organized hackers target data and rip through defenses with self-replicating malware that could potentially overwhelm AI systems. They could use AI systems as attack vectors for data poisoning or injecting information into the algorithm. As a result, a company’s AI systems could deliver incorrect data classification and inaccurate predictions of threats that can be disastrous to an organization.

But the defenders, the cybersecurity professionals, are increasingly becoming more sophisticated. They leverage AI to outsmart cybercriminals seeking to infiltrate IT/OT and third-party systems. Using AI/ML to analyze large datasets that spot anomalies in the behavior of physical processes, networks, applications, and endpoints, defenders are slowly regaining the upper hand.

Cybersecurity, a Team Effort

Although some cybercriminals work individually, most of them work as a group, and others are well-organized by government or state entities.

The work of data protection is a combination of hardware, software, and personnel, ensuring that they’re in tune with each other. People, processes, and technology always remain the critical factors in cybersecurity. They are the building blocks in setting up, applying, and maintaining defense mechanisms against internal and external threats.

Thus, it requires a team to combat various data security threats, including AI.

Advantages of AI in Cybersecurity

If the game cybercriminals play is using advanced technologies to infiltrate defenses without being detected, cybersecurity professionals can leverage AI and ML to limit the attack surface and build security defenses.

AI for cybersecurity offers these advantages:

  • deliver real-time threat predictions and efficient response to breaches
  • identify risks, detect malware, and anticipate attacks before they occur
  • hunt threats proactively than by analyzing network traffic and monitoring endpoints for malicious behavior
  • assess and manage vulnerabilities in users, assets, and networks
  • gain control over configuration tools and processes, including network updates
  • perform humanly impossible tasks, like processing event logs and millions of data points, to augment teams working to improve data security
  • replicate cognitive capabilities in task automation and continue to get smarter as it learns from experience
  • explain breach incidents and make recommendations to improve security resilience

A Costly, Ongoing Battle

With the sheer size of enterprise data assets, improving a company’s security posture takes time. But with AI — a data-driven technology that can understand, learn, and act — the time to analyze data could be dramatically reduced. But adopting AI can be costly, requiring investments in technology and talent, and it also takes time.

Data security is more about people — people who devise different hacking techniques to penetrate networks and data systems, and people who defend their IT infrastructure from cyber attackers. Cybersecurity is an ongoing battle as long as cybercriminals are compromising and stealing corporate data.

And it’s a race between the two camps to see who can take full advantage of AI/ML technologies. Like any other tool, AI depends on humans for their use, whether for good or bad.

Perhaps combining AI and a zero trust approach to data security could be the best defense.