The unseen AI wars

Posted on 09 August 2021

​In November 2008, as the extent of the financial crisis became clear, the Queen, on a visit to the London School of Economics, famously asked why no one saw it coming. The general public might well be asking the same about some of the cyber security attacks that are reported on a seemingly daily basis by businesses and the government. That, as anyone who works in cyber security knows, is not entirely fair…

There are, of course, many very clever people who are working very hard to try to prevent these attacks (with almost no publicity for all the times they succeed), but, as we know, their goal is not just to prevent those who wish us harm from carrying out their nefarious activities, but also for them to stop doing so in the first place. That last desire, seemingly unachievable at present, involves the heady and potentially combustible mix of geopolitics and technology. That makes it extremely difficult, but it’s a goal that we ought to strive for if we wish the best for our planet and its people. One simple statistic ought to be enough to explain how important this is, namely that the impact of cyber-crime is massive: estimated losses last year were US$1trillion. Think of all the good things that could be done with that money…

On the dark side of the fence, as Accenture noted some two years ago, the criminals have learned how to use AI to their advantage, exploiting machine learning models to attack the most vulnerable points of access. The fightback against these people is getting tougher every day.

Increasingly in the forefront of this fightback is artificial intelligence. The ability of AI tech rapidly to analyse millions of data sets and track a wide range of threats makes it an invaluable tool and increasingly an integral part of our defences and counter-attacks. Typically, AI plays a key role in detecting new threats, as well as analysing behavioural patterns of bots (to distinguish the good ones from the bad) and also predicting how and where organisations are likely to be compromised so that they can plan and allocate resources to protect their most vulnerable areas. In addition, and especially with much of the business community WFH in the last year, the number of devices used for working remotely has grown substantially and AI can play a crucial role in securing all those endpoints.

Furthermore, the use of AI to build up a picture of the normal activities and events on a company’s systems allows it to identify irregularities caused, say, by an employee clicking on a malicious url. Consequently, we see advances being made in machine learning and AI in the form of intrusion detection systems, malware analysis, interpretation, and detection; as well as being deployed to help systems respond to attacks. Crucially, AI helps cyber security specialists to classify attacks in an increasingly intelligent manner i.e. differentiating trojans from, say, worms and viruses, and it is especially useful in SIEMs (Security Information & Event Management) solutions, both in helping classify attacks and in helping systems to learn how to respond successfully to them.

Constant improvements in the development of new cyber security systems place AI firmly at the heart of our attempts to keep up with those who would steal our secrets and disrupt our businesses, healthcare, and general way of life. However, for all the pen testers, bug hunters, and security researchers out there, does this mean that AI will eventually take their jobs? Well, the honest answer is that in the longer run, AI will take a lot of jobs in every sector (possibly – hopefully! - including some of the more tediously mechanical aspects of recruitment resourcing) and, according to HackerSploit, AI is getting – and will continue to get – a bigger slice of the cyber security pie going forward. Integrating AI into cyber security over the next few years is going to be a fundamental requirement for CSOs, but there are still many aspects that require human input – specifically a human eye to be cast over them and a human brain to evaluate them. For all those currently working in cyber security, the advice is that lifelong learning is essential. Over the next five years, things will continue to move at a breakneck pace and those who don’t keep up will be left behind. With my recruiter’s hat on, I know this will have a big impact on hiring: firms will be seeking those who have maintained and enhanced their skills rather than those who have not kept up to speed. Cyber security is a growing and important area of IT recruitment and those who have the requisite knowledge of AI, plus the necessary attitude and experience, are going to become very valuable assets for their employers in the years ahead.

Adam Bahadur, Director, Cedar Cyber

Share this article