AI for cybersecurity: will smart be ‘smart enough’ in the future?
VP Technology Solutions, Amentum
In recent decades, as our world became increasingly connected and complex, cybersecurity and Artificial Intelligence (AI) experienced accelerated growth and innovation. These two disciplines are now being applied to various products and services to make them more resilient and insightful. When we look at the interplay between the two, the application of AI for cybersecurity has touched many aspects of our daily lives, sometimes even without us realizing it. For example, if you made a credit card transaction and received a notification prompting you to confirm that the activity was legitimate, you experienced the application of AI for cybersecurity. If you received an email and it was flagged as potentially malicious asking for your caution, it was again the application of AI for cybersecurity.
If AI attempts to be the augmented brain of this interconnected world, then cybersecurity plays the role of its armor. Cybercriminals rely on the fact that it is difficult to defend against unknown threats. What makes AI, and specifically machine learning, ideal to help is that machine learning is well-suited to solve fuzzy, dynamically changing problems. While all of this sounds good, is this good really ‘good enough’ in this interconnected world? The term smart is typically used to refer to the intelligence that AI brings. The question is: will smart be ‘smart enough’?
Additional challenges in a connected world
Based on current projections, there could be between 40 and 70 billion Internet of Things (IoT) devices online in the next 5 to 7 years. According to International Data Corporation, while IoT spending slowed down in 2020 due to the pandemic, it still grew 8.2 percent year over year to $742 billion in 2020 and is expected to return to double-digit growth rates in 2021. Machine learning techniques rely on troves of data from IoT sensors, network traffic, web, social media, biometrics and human interactions to discern patterns, identify anomalies and ultimately detect malicious behaviors. Given the number and types of devices, the sheer volumes and nature of datasets that the AI applications will have to utilize will be staggering. The same types of datasets as well as open source codebases will be easily accessible to cybercriminals who are highly motivated to construct smarter cyberattacks. Also, the very nature of connected devices means that the data is transferred between multiple devices and can move from the edge to the cloud to mobile rapidly, posing additional challenges for speed and nimbleness on the AI-based counterattacks.
Finally, looking at the innovation within the industry, AI-powered approaches largely fall in the categories of monitoring, characterizing or detecting anomalies, risk profiling, threat response, and presenting a common operating picture for (human) analysts to react to. In some cases, they take a proactive approach of predicting or even hunting for threats. These remain to be somewhat siloed approaches that apply techniques and technologies within the single domain of AI.
Potential solutions for a future world
Connected devices will continue to be a top cyber threat in the near future. These challenges will and should bring collaborators from different disciplines together to collectively stretch the boundaries of what is possible. As we take up the challenges of the interconnected world, it is the ingenuity, collaboration and empathy of the human mind that will help us build this better and safer future together. While this topic deserves its own in-depth exploration, here are a few potential areas that solutions could expand into:
- Building in resilience and agility. AI-powered approaches should continue to be dynamic to respond to new scenarios at a speed required to mitigate the different types of threats.
- Conducting risk and impact analysis based on a shared understanding. AI approaches should consider a holistic view of which threats are significant, their impact as well as tolerance level. There are many threat taxonomies developed that establish a common understanding and vocabulary around this. They will have to continue to expand to cover new threat types, security and privacy issues around IoT devices so that the solutions can utilize them as foundations to base mitigations upon.
- Tapping into the human and non-human aspects of cybercrime. The power of AI is currently applied to understand behaviors in situations such as insider threats. User and Entity Behavior Analytics (UEBA) is becoming a core component of modern security operation centers. These approaches can be further enhanced to understand the psyche of hackers as well as their motivations, which in turn can help devise solutions with dynamic, customized responses as well as negotiation tactics.
- Planning for futurist jobs. Solutions for tomorrow will benefit from re-skilling and future jobs that keep pace with an evolving world. Futurist Thomas Frey talks about a variety of jobs of the future including robot sherpas, sensor system architects and IoT elocutionists. Let’s add a few more into the mix such as cybercrime negotiators and AI-enhanced cybersecurity coaches.
At Amentum, we explore and develop solutions using technologies in the areas of analytics/AI, robotic process automation, cybersecurity and other Industry4.0 techniques. Stay tuned for more on this topic when we discuss the intersection of these technologies in a connected and increasingly automated world. Reach out to us at [email protected].com if you are interested in learning more.