The growing role of AI and ML in cybersecurity

As cyber threats are evolving more every day, it has now become necessary to look at Artificial Intelligence (AI) and Machine Learning (ML) to protect systems and give organizations the best security possible.

AI is slowly growing and is starting to be used in many sectors, such as the medical industry or the car industry. It is time that AI helps fight against cyber-attacks. With the advancements of technology and the lockdown, cybersecurity needs to be the top priority for businesses. Now, more than ever, organizations from technology companies to social media websites, have started to use AI in order to stop cyber-attacks.

By implementing AI within security systems, businesses can learn from the data collected and use it to their advantage. AI, alongside ML and security platforms, can become a really powerful tool to prevent hackers and cybercriminals from stealing private data and information.

In order to shed light on this topic, I have discussed the future of AI and ML in cybersecurity with some experts in the industry.


What can AI bring to cybersecurity?

While cybercriminals are getting more and more skilled at infiltrating and hacking new systems, AI can quickly analyse situations and behaviours and spot the threat before it even occurs.

Evan Elliott, Senior Data Scientist at BMT, points out that one of the main benefits of using AI in cybersecurity is the speed with which it can process data and create predictions. Indeed, AI can do that much faster than any human thus, making the business gain time and money.

Another benefit, he continues, is AI’s ability to make reasoned decisions in highly complex data environments, which is another area where humans can fall behind. AI and ML have the ability to change when they gather new data. Hence, they can find hidden figures without being specifically programmed where to look, making it easier for organizations to adapt their security systems as technology evolves.

Moreover, Humayun Qureshi, Co-Founder at Digital Bucket Company, underlines that both AI and ML can be used to identify potential flaws in the system, as well as identify unauthorised users and provide real-time feedback on users. Overall, implementing AI would provide much better detection of potential cyber risks.

‘The benefits of AI and ML in cybersecurity are multifaceted depending on its application’.

Yet, Humayun stresses that the cyber environment is evolving constantly as is technology and many cyber penetrations are only realised after some weeks after the attack has happened. Unfortunately, there are currently no risk assessment tools that successfully recognise


Can AI help fight cybercrimes?

Evan is positive that AI is already being used to fight cybercrimes.

According to him, AI and ML can use anomaly detection (unsupervised learning) in cybersecurity, where anomalies indicate suspicious behaviour. Indeed, they could then detect suspicious behaviour from unrecognised devices joining a network, unusual network traffic, or even host-based anomalies, such as excessive CPU utilisation, possibly indicating the presence of malware. Unsupervised learning is effective in cybersecurity as it is able to detect attacks that have not been seen before.

However, it does have its limitations as this can only work if it is trained on an uncompromised network.

Humayun gives the example of The Digital Bucket Company, which already successfully uses ML modules to identify weakness within an organization’s IT infrastructure. AI and ML systems can thus provide a layer of resilience to cyber-attacks by providing predictive capabilities.

Moreover, Evan also believes that AI could prevent cyber-attacks before they even happen. Indeed, attacks can be avoided by reducing the attack surface, which means hardening any vulnerabilities. ‘Therefore, if AI can survey all of the hardware and software versions, etc, it can correlate with known vulnerabilities and recommend patches to prevent certain types of attack.’

Besides, he adds, ‘since most attacks follow a typical path, if AI can help us detect attacks in their infancy, it gives more time for the remediation to be done before any actual damage occurs.’ Hence, this could possibly be a possible enabler for preventing attacks.

Yet, Humayun doesn’t share his idea. According to him, despite the sophistication of AI and the rapid evolution of technology, hackers seem to always be one step ahead.

As Humayun warns, there are indeed lots of ways that hackers could use AI in their favour…


What are the threats?


With cybersecurity evolving, cybercriminals are learning to adapt. Ever since the beginning of the pandemic, hackers have been stronger than ever, using new tools and new techniques to exploit systems and infrastructures. It wouldn’t be surprising if they started using AI, in turn, to go through the cyber defences in place.

Evan mentioned adversarial AI, such as GANs, which are creating deep fakes that are then used for social engineering. Indeed, GANs (Generative adversarial networks) are one of the most advanced examples of neural networks that are brought by deep learning in cybersecurity. If not used for legitimate purposes, GANs can be exploited to violate these procedures and become extremely dangerous in the wrong hands.

Another way cybercriminals could use AI for their attacks, he continues, is by developing sophisticated malware. As larger organizations are using more sophisticated solutions to get a better understanding of threats and ultimately increase their detection and protection mechanisms, cybercriminals built and develop more sophisticated malware as well. By using tools even more developed than some enterprises, hackers can quickly become dangerous threats to anyone.

Hence, as technology evolves, the questions of whether or not automation will replace humans comes to mind.


Could AI replace human security processionals?


Losing a job due to automated robots is a scary concept, however, a widely spoken one, Evan points out. For him, AI and ML will replace certain aspects of job roles – the tasks where AI outperforms humans -, however, there will be aspects that humans will be best such as using intuition or knowledge that has not yet been codified in data. Besides, AI will also create more demands for human jobs in software development, assurance, deployment, monitoring, debugging, among others.

Hence, instead of seeing it as a job loss, we should see it as a shift in skill set requirements towards computer programming and software engineering.

Moreover, Humayun doesn’t think that AI could ever replace human security professionals. He highlights the fact that there will always be a human element involved in security. Although AI and ML will certainly be used, it still wouldn’t provide the adaptable solution needed for the changing nature of cyber-attacks.

What is the future of AI in cybersecurity?

AI and ML will definitely play a major role in every sector in the near future. In cybersecurity, it will certainly allow organisations to be better protected, although they should remain on the lookout for advanced cyberattacks.

Humayun thinks that early recognition system with capabilities to identify cyber-attacks early on will be a key part of cybersecurity. ‘Although’, he says, ‘just as AI and ML technologies are becoming more sophisticated, the cyber-attacks are also becoming sophisticated’. One of the most complicated challenges will be to find a risk framework that is flexible enough to assess cyber risks. Indeed, it will need to be aligned with any legislation and insurance policies so that a sustainable solution is found.

Evan adds that in the future, AI and ML will be even more widely used. It will become a tool to help go through massive amounts of data in order to detect malicious activity.

With more devices coming online, such as IoT, there will be a wider array of vulnerabilities and even more network traffic. As many more businesses will go through digital transformation, this will give ‘greater opportunity for cybercrime and even greater need for cybersecurity’.

‘AI & ML will continue to be used as a tool by both sides, by security professionals and adversaries’.


Thanks to Evan Elliott and Humayun Qureshi for their insight on the topic!