It seemed simple enough: in 2014 the California Public Utilities Commission (CPUC) directed the State’s three largest utilities to come up with a program to address the threat of wildfires. As reported in the new book, California Burning, Pacific Gas & Electric (PG&E) which provides electric and natural gas service throughout most of Northern and Central California, found the task daunting. The company realized there was no way they could clear every tree from every line. To alleviate the problem an attempt was made to identify the areas at highest risk of causing fires. According to the book, one company slide read… “it’s not about the 50,000,000 potential threats… it’s about the 5,000 real threats to our facilities.”
For firms facing ongoing cyber attacks, the analogy is similar. How do they pursue the real dangerous attacks that can take down their network, versus intrusions while problematic, will not take down the whole organization.
According to several studies, security operations center (SOC) analysts are overwhelmed by security alerts that come in every day, many of them false alarms. Much of their time gets directed to routine work and not enough on the big problems – or they miss those attacks altogether.
“All vendors have to use AI and ML today, just to handle the volume of threats and the sophistication of threats,” according to Etay Maor, cybersecurity professor at Boston College and senior director of security strategy at Cato.
In a Trend Micro survey of IT security and SOC decision-makers released last May, 51% said their teams were overwhelmed by the volume of alerts and 55% said they weren’t confident in their ability to prioritize and respond to them. In addition, the survey indicated respondents spent up to 27% of their time dealing with false alarms.
This means that actual problems or big problems can be missed. According to a survey of SOC professionals by Critical Start, nearly half the respondents admitted turning off high-volume alerting features when there are too many alerts to process. There were over 900 attacks per organization per week in the fourth quarter of last year, an all-time high, according to a Check Point report released last month. Education/Research and Government/Military facilities were at the top of the attack chart. The overall number of attacks on corporate networks was up 50% in 2021, compared to 2020.
According to Verizon’s data breach investigation report, most breaches were discovered in days, however 20% of breaches could take months or more before organizations realized something was amiss.
AI is definitely the latest weapon in the cybersecurity war. The trend is definitely moving to security vendors who integrate AI into their product offerings. Looking at suspicious events quickly inside a corporate environment and figuring out which ones indicate an actual threat is something that artificial intelligence can do well. Partner that with the critical shortage of skilled cybersecurity workers (discussed in the July and August CYRIN newsletters) and some believe that given the potential capabilities and broad reach of AI, the industry will eventually “automate” some jobs to solve the problem of scarce cyber talent.
This may reduce the need for people to physically complete particular tasks in the cybersecurity world, but this scenario is unlikely to come to fruition in the short term. AI still has problems when things change too quickly, and incidents fall outside its area of knowledge. Also, someone will need to monitor the AI to continue to measure its effectiveness. That said, great strides in AI will be made within the next decade, building on the progress of the last five years.
According to most accounts, the modern version of Artificial Intelligence, or AI, wasn't formally founded until 1956, at a conference at Dartmouth College, in Hanover, New Hampshire, where the term "artificial intelligence" was coined. Many consider John McCarthy, a professor emeritus of computer science at Stanford, as the dean of AI and the man who persuaded the attendees to accept "Artificial Intelligence" as the name of the field. McCarthy subsequently went on to become one of the major principals in the field for more than five decades.
By most definitions, artificial intelligence is a type of intelligence displayed by machines, as opposed to the natural intelligence displayed by humans and other animals. AI applications can analyze data and make decisions on their own, without human intervention. As AI becomes more and more prevalent in society, it is also making its way into the world of cybersecurity. AI can be used in several ways to help improve cybersecurity, including automatically detecting and responding to threats, improving network efficiency, and helping to identify vulnerabilities.
The cyberattack surface in modern environments is massive, and it’s continuing to grow rapidly. This means that analyzing and improving an organization’s cybersecurity posture needs more than mere human intervention.
AI and machine learning are now becoming essential to information security, as these technologies are capable of swiftly analyzing millions of data sets and tracking down a wide variety of cyber threats — from malware menaces to shady behavior that might result in a phishing attack. These technologies continually learn and improve, drawing data from past experiences and present to pinpoint new varieties of attacks that can occur today or tomorrow.
Without huge volumes of data and events, AI systems can render incorrect results and/or false positives. AI-based products operate within dynamic systems where the flows of information change constantly. So, getting inaccurate data from unreliable sources can backfire.
It’s possible that AI will misinterpret inputs into the system and behave in a way that’s favorable to the attacker. For example, an iPhone’s “FaceID” access feature uses neural networks to recognize faces, making it susceptible to adversarial AI attacks. Hackers could construct adversarial images to bypass the Face ID security features and easily continue their attack without drawing attention.
Although AI may still be seen as somewhat of a “niche market,” that is going to change dramatically in the next decade. It’s no surprise that companies are investing research and resources into AI and that the technology has moved to the front and center of organizations. According to Grand View Research in its latest report on the global market, “Artificial Intelligence Market Size 2022-2030,” the worldwide AI market size was valued at $93.5 billion in 2021, with an anticipated growth rate of 38.1% from 2022 to 2030.
In the cybersecurity space, as the world continues to experience data breaches and cyber threats from in country and overseas, there will be a continuing need for companies and organizations to use AI to safeguard sensitive information. Today, AI is playing a key role in helping organizations like HSBC and Cisco power various applications. Some of these hot spots of potential information breaches are in identity, anti-money laundering investigations, and the use of AI analytics to detect a threat in encrypted traffic.
The increasing number of mobile users, as well as the continued adoption of cloud-based services, will contribute to the growth of the AI market for security due to the increased ease of attack. Companies are increasingly placing their trust in AI to stop hackers and others.
These all seem like obvious pros in terms of AI taking over the management of crucial systems. That said, how will the AI create negative competition, for example, between countries? As much as cybersecurity professionals have become expert at building defenses, will the offense have different and more advanced tools? Will our AI end up fighting their AI? Will everybody face off with their doomsday applications.
It will take all hands-on deck in the coming years to deal with cyber threats. According to many experts, including CYRIN’s own Kevin Cardwell, you still have to do the “fundamentals.” In the near term, shiny objects or no one product will take over the basic tenets of cybersecurity. That means human intervention combined with “intelligent” uses of AI and increased training in all sectors will still be the key.
CYRIN’s online interactive virtual training platform is designed to be “always available” 24/7 to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 60 interactive labs, courses, exercises and attacks where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks.
To meet the test, CYRIN is continuously evolving to stay abreast of the cyber “arms” race. We constantly add new exercises and courses and our collaboration with partners like the Rochester Institute of Technology (RIT) help us add new tools to meet the existing challenges and new threats as they emerge.
But don’t take our word for it. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!