Did you know that 99% of the exploited vulnerabilities in a network are mostly know to us,and what do we do to protect ourselves from it,we tend to rely on firewalls as a defence, but for a determined hacker we need to up our game as, for the time being it’s just humans who try to anticipate what the other human might do before they actually do it. Through an extensive report by Capgemini,” Reinventing Cybersecurity with A.I”,it was found that 61% of enterprises surveyed said that they cannot detect breach attempts today without the use of AI technologies and that 48% of the survey respondents feel that their budgets for AI in cybersecurity will increase by an average of 29% in Fiscal Year (FY) 2020.According to breach attempts in 2018 were around seven trillion threats on behalf of their customers. It was also found in the report that as there is a growth in the digital businesses, their risk of cyber attacks also increase exponentially. A whopping 21% said their organization experienced a cybersecurity breach leading to unauthorized access in the last year. Organisations are paying a heavyprice for cybersecurity breaches to the extent that 1 in 5 respondents in the sample reported losses amounting to more than $50 million. Another very recent survey conducted by Centrify,”PrivilegedAccess Management in the Modern Threatscape, found that almost three quarter of all breaches involved access to a privileged account as privileged access credentials are hackers’ most popular technique for initiating a breach and doing away with valuable data from enterprise systems for a myriad of consequences.
So how does Artificial Intelligence (AI) help us mitigate such a scenario as this? AI can prove to be a valuable and loyal friend when it comes to defending our networks against hackers. It can be trained to constantly learn from patterns inorder to identify any deviation by a user in it, much like how we human do.Machine learning, an integral part of AI, applies existing data to constantly improve its functions and strategies over a given period of time. The unique thing about is that It learns and understands normal user behaviour and is capable of identifying the slightest deviation from that pattern. But apart from gathering data to detect and identify various threats, AI can be used to improve its own functions and strategies as well. Its proof lies in the fact that according to the report by Capgemini,51% of the executives are developing extensive AI for cyber threat detection, outpacing prediction, and response by a wide margin.These executives are concentrating their budgets and time on detecting cyber threats using AI to predict and respond to internal as well as external threats. As enterprises increase their use and adoption of AI as part of their cyber security efforts, prediction and response will correspondingly increase. AI tools are also getting better at processing data sets of different types, increasing the relevance of such a technology by manifold.
Why the Capgemini report is so valid for our study is the very wide and extremely diverse sample they had taken up for study and, among the many conclusions was that 64% say that AI lowers the cost in detecting and responding tobreaches and reduces the overall time that it takes to detect threats and breaches by up to 12%. This reduction in costs for a majority of enterprises ranges from 1% – 15% (with an average of 12%). With the aid of AI, the overall time taken to detect threats and breaches is also reduced by up to 12%, thereby saving valuable data from being siphoned off. There has also be a noticeable change in the Dwell time which is the amount of time threat actors remain undetected reduced by 11% with the introduction of AI .This time reduction is achieved by continuously scanning the network for all known or unknown anomalies that show some form of a threat pattern emerging.
The Next step by A.I in securing our networks.
While we analyse this, it is highly recommended we do not jump to conclusion as we learn how we can observe our user behaviour and create an even more powerful predictions that lead to correct.
alarms and secure networks. AI will need to move the focus from the way a machine or an algorithm, identified by an IP or MAC address, is behaving, and places the focus on the way the human user is acting in each scenario. What is being proposed here is the observation and analysis of the pattern of life, on how users interact with the network on a daily basis within a prolonged time frame. The selector that indicates the human will not be an IP or MAC address but instead is likely to be some form of a biometric identification.The technology for this is available, but expensive. Adoption will be a slow process due to several factors. Digital privacy will be the biggest point against the motion. But certainly to be overshadowed by the convenience of using biometrics. But the cost vs benefit of ditching current SIEM products in favour of a user tracking will help ease the burden. The biggest positive factor will be the immediate incremental return on investment.
The disappearance of high-risk threats like credential-stealing scams when A.I becomes an integral part of the cyber security process will not be a very far fetched idea. Internal threats shall be thwarted, corporate intellectual property threats shall be contained and a perpetual dwindling of cyber insurance costs to bearable levels, may be the few benefits of an A.I. enabled cybersecurity scenario. The not so positive aspects of this user-based AI system shall be overshadow by the clear positive impact on the bottom line of the organisation. An advanced artificial intelligence system that tracks users not machines could be the goal that every CISO strives towards to reduce risks and keep the business running smooth and efficient.
In the end, and,quoted from the Sensors Tech Forum.com.,”My message to companies who think they have not been attacked, is, “You are not looking hard enough”’.