With the proliferation of Artificial Intelligence across a range of industry sectors, it remains to be seen what impact will be felt in the online security world, and who will benefit more from advanced machine learning – hackers or defensive organisational players.
Like any shift in a tactical warfare situation, there will be a period of upheaval and adjustment while opposing sides look to capitalise on the potential of AI. Until now, the use of AI for defensive cyber security purposes has been limited. Most companies are predictably reluctant to hand their entire online protection over to machines. There has been minor utilisation on products such as email filters and malware identification tools, but widespread solutions are yet to emerge.
Future applications may centre on the analysis of the behaviour of hackers to identify patterns, which can help defenders mount counter measures. AI also has potential to assist defenders identify false positives, thus saving them significant time and resources. Identifying true attacks will facilitate quicker response times and provide analysts with valuable tools that streamline their role.
On the flip side of the equation, hackers can use AI to probe for defensive patterns and weaknesses to exploit. Hackers can also use AI to scale up their attacks, sending out greater volumes of phishing emails for example. Security experts have noted that phishing emails that have AI input are more likely to be opened than those made solely by human hand. Hackers also utilise AI to constantly change malware signatures and bypass static defensive measures such as firewalls and perimeter protection systems.
AI enhanced malware has greater capabilities to sit within a network, collecting data and monitoring human behaviour, until being ready to launch its attack. As a counter measure, this enhancement is driving the wider adoption of Zero Trust systems that constantly challenge and verify users at multiple levels to ensure their good intentions.
So, who will benefit most from the looming rise of AI? Given the economics involved, and that it costs significantly less to launch an attack than defend one, many within the cyber security industry predict that AI will be of more use to hackers than the good guys. On a human resources front, the role of the analyst is in no immediate danger as the personal aspect of detection remains a vital component of comprehensive security protection.
The prospect of an entirely driven AI cyber battlefield is not yet within immediate view. The race is on to see which army can best deploy this developing weapon. Small time hackers might be hard pressed to unlock its potential, while state sponsored malicious actors, with their virtually unlimited resources, might be the biggest winners in the rush toward the next phase of the cyber security war. As is often the case, law enforcement and its equivalent private players, might be forced to play catch-up.