How will Artificial Intelligence and Machine Learning Affect Cybersecurity?

With all the hype around artificial intelligence (AI), should there be more focus on getting the fundamentals of security right first?

There’s no escaping the buzz around artificial intelligence (AI). Along with other emerging technologies such as machine learning (ML) and Robotic Process Automation (RPA), it is being touted as a game-changer for businesses.

AI is increasingly present in devices, applications and services throughout any organization with a digital offering. But nowhere has AI’s potential for disruption been more evident than in cybersecurity, with the technology quickly gaining traction within enterprise businesses – particularly around automated threat prevention, detection and response.

It is an increasingly popular option as it enables businesses to be more proactive in their defence strategies and detect more threats before they can do serious damage to their organization or their web security. One study published in January 2019 shows that 86 percent of businesses have explored Machine Learning and Artificial Intelligence solutions, with almost half (48 percent) pointing to quicker response times and better web security as their primary drivers.

Fighting fire with fire

Nevertheless, for every company leveraging AI cybersecurity within their website security strategy, you can be certain that criminals will be using that same technology to launch increasingly sophisticated attacks of their own.

Criminals can leverage AI to:

• Automate attacks and improve evasion capabilities against detection systems
• Increase the scale and reach of the threats
• Improve current digital attack tools to make them more harmful and difficult to detect
• Automatically breach defences and generate more sophisticated phishing attacks from information scraped from websites

According to a recent report by Riot Research, “an arms race will develop around Artificial Intelligence and Machine Learning as major cybercriminal gangs and rogue nation states adopt these to launch increasingly sophisticated cyberattacks, pushing spending on countermeasures.”

No magic bullet

CIOs questioned for Gartner’s 2019 CIO Agenda, predicted AI would be the most disruptive technology for their businesses. Thirty-seven percent responded that they have already deployed AI technology or that deployment was in short-term planning. In terms of implementation, AI came in second place – behind cybersecurity.

What we can take from this is that there is great potential for the application of Artificial Intelligence security and other disruptive technologies within the realm of cybersecurity. But it is important to remember that these technologies don’t work in isolation, and they are not a ‘magic bullet’ for your cybersecurity needs.

Multi-layered approach to website and data security

Next-generation technologies such as AI should be implemented in tandem with other website security solutions, because, while cyberattacks today are increasingly complex and targeted, it is still important organizations don’t overlook some of the most common attack vectors.

This includes website security, which offers unique points of vulnerability for organizations. For example, hackers using formjacking or digital payment card skimming to steal customers’ credit card details rose sharply in 2018. Elsewhere, cryptojacking – where criminals use browser-based JavaScript code to mine for cryptocurrencies whenever a user visits the website – affected ten times more organizations last year than ransomware.

Many of these attacks on websites take advantage of third-party technologies which run on the sites, providing a backdoor, through which criminals can access your customers’ personal and payment data. Even with this in mind, 67 percent of organizations are yet to implement marketing security for their website, putting both their customers and the future of their business at risk.

With the many advances being made with new disruptive technologies like AI it is important to invest in getting the fundamentals right, which means including marketing security as part of your holistic approach to cyber defense. Get in contact to learn more.