AI has taken the cybersecurity industry by storm — but it’s used by defenders and attackers alike. When analysts improve defensive measures, hackers find smarter ways to attack. Both have found new ways to use AI to help their causes; but while AI is currently helping defenders more than hurting them, only a commitment to continual innovation can prevent hackers from taking the lead.
SwissCognitive Guest Blogger: Zachary Amos – “AI in Cybersecurity: Do Defenders or Attackers Benefit More?”
Cybersecurity analysts and hackers alike want to take advantage of artificial intelligence. With AI’s ever-increasing suite of capabilities and infinite well of incoming data, defenders and attackers could manipulate it to their advantage – but what does that look like?
As cybersecurity becomes an even greater worldwide priority, hackers rise to the challenge of dismantling defenders’ efforts. How is each side of the battle using AI, and is one side using it more advantageously than the other? AI is inherently unbiased, but users can manipulate it to serve their purposes. Are hackers or analysts more creative and effective with their AI deployments?
How Do Analysts Utilize AI?
When it comes to threat detection, human analysts do a great job, but AI can do even better. By constantly analyzing data and trends while becoming aware of current threats in the news, AI threat detection may have a wider breadth of red flags than humans can detect. AI has this advantage because it consumes information faster than humans can comprehend.
Similarly, AI improves visibility into a company’s data systems. Often, businesses with less emphasis on organization and regulation may not even know the breadth of their attack surfaces, and you can’t stop an attack if you don’t know where it’s coming from. AI can provide insights into any potential attack surfaces, allowing businesses to be more knowledgeable about their weaknesses and in turn tighten their security.
A constantly updating library of cybersecurity information also helps with a medley of other defensive services, including:
- Updating software like antivirus and malware
- Authenticating access and identifying fraud
- Assessing compliance and network visibility for added oversight
- Protecting data
- Backing up data to hard drives or cloud services automatically
- Analyzing user behaviors and trends
AI can perform these tasks with greater accuracy and efficiency, wading through large databases faster than human operations. Because humans can automate tasks using AI, remediation after threat detection could also become more streamlined. Plus, advancements in AI, like artificial neural networks (ANNs), will increase the capability of AI to perform in ways more akin to human cognition.
How Do Hackers Utilize AI?
The first way hackers use AI to their advantage is by upgrading manual tasks, like writing phishing emails. Phishing emails written by AI have a higher chance of being opened than emails written by humans. AI could fashion other tools for hackers, too, like ever-changing malware for detection avoidance, botnets, or false credentials – including CAPTCHA spoofing – for bypassing security protocols.
They can also use them to find trends and vulnerabilities, like analysts performing penetration testing. Once they breach a network, attackers could feed the defending AI false information to alter the accuracy of its algorithm.
Finding vulnerabilities in software or user behavior is as simple as automating AI to deliver information. That insight could be the catalyst for a hacker’s next initiative, as they have an equal opportunity to analyze user behavior as much as analysts do.
However, not everyone can use AI for malicious intent. Though AI is self-learning, not everybody can navigate its complexity, unlike cybersecurity analysts with certifications and years of training in one of the most competitive job markets in the modern age. Therefore, the average hacker wouldn’t be able to utilize AI because of the subject-matter expertise required and possible financial barriers.
Who Uses AI Better?
Because both sides can use AI for offensive and defensive purposes, who is coming out on top? AI is an invaluable resource for both, but analysts arguably have the advantage – they can use it for offense and defense when hackers only want offense. Analysts can use AI to detect threats and begin recovery faster than ever, giving them the upper hand in the fight.
Additionally, every breach attempt makes defenses more capable of fighting future attacks. Attackers must consider every failed attempt a waste of resources and a boost to the defender’s walls.
A bonus for analysts is that AI often makes their operations less expensive over time, whereas implementing AI for criminal purposes could cost an already struggling cybercriminal outfit lots of money. Defenders are incentivized to invest in AI because a significant breach could cost millions more.
The most prominent way analysts use AI is to reduce human error. Human error causes 95% of breaches, and AI drastically reduces that number. For attackers, it gives them less surface area to mess with when the most noteworthy cause of their success decreases in frequency.
The Future of AI in Cybersecurity
AI is becoming more intelligent as machine learning and other tools feed it. Hackers invent new ways to tear them down as cybersecurity analysts rally to provide more digital safeguards.
Though AI may help defenders more, this push and pull will be the dynamic of AI in cybersecurity for the foreseeable future. Cybersecurity analysts can use AI to keep digital property and personal information even safer as time passes, but not without hackers keeping them on their toes.
About the Author:
Zachary Amos is the Features Editor at ReHack where he writes about artificial intelligence, cybersecurity and other technology-related topics.