Since their advent in the IT landscape, the concepts of artificial intelligence (AI) and more specifically Machine Learning (ML), have constantly animated the cybersecurity industry. After touting the potential of these game-changing technologies, experts question: is this really the panacea we expected or is it finally just one more tool in a already vast arsenal?
AI is on everyone’s . Presented by the Gartner as one of the top 10 data technology trends for 2019, it is nothing less than the “futur of cybersecurity ” for Forbes.
Such beliefs are rapidly gaining ground among cybersecurity professionals. A recent study of senior cybersecurity executives conducted by the Capgemini Research Institute reveals that:
- Faced with new cyber threats,two-thirds of businesses (69%) believe that they will not be en able to respond to cyber attacks without the help of artificial intelligence;
- 69% say that AI improves the accuracy of detecting security vulnerabilities, and 60% of them believe it enhances the effectiveness of the work of cybersecurity analysts, reducing time they devote to the analysis of false positives and improving productivity;
- Two out of three companies plan to deploy AI systems as early as 2020 to strengthen their .
Clearly, AI is an effective tool in implementing a cybersecurity strategy. . But are we en overestimating its potential?
What should we expect from Artificial Intelligence and Machine Learning?
AI and its associated fields, namely Machine Learning, natural language processing and automation of robotic processes, may be “trending” terms today, but the phenomenon has not nothing new in the world of cybersecurity..
The spam filter, for example, is one of the first occurrences of Machine Learning, dating back to the early 2000s. Over the years,the level of analysis of this tool has gone from filtering certain words to accurate analysis of URLs, domains, attachments,etc.
But it is the latest developments in AI that are attracting the attention of the sector. And for good reason. AI has made great strides, helping to defend a range of threat vectors such as fraud detection, malware, intrusions, risk calculation and analysis of user and machine behavior, being the top five use cases.. These uses are en becoming more en and more common: Capgemini’s research has shown that more than half of companies have already implemented at least five high-impact use.
However, is this tool as reliable as one might think? It is not a question of questioning the value of AI or ML en as a cyber tool, but rather of questioning the possible drawbacks of this “miracle” solution. While discussions in the upper echelons revolve around the deployment of AI for enhanced protection, there remains a risk of complacency regarding protection against new threat vectors.
For all its merits, AI is not the only sesame to use in the face of cyber threats.. Its ability to carry out in-depth analyses and in much shorter time frames than humans are not, however, a substitute for the importance of human intervention. It is crucial that we consider AI as a tool to help cybersecurity teams in their work and not as a replacement method – because that is when human and together that cyber defences are the most robust..
A recent study by the Massachusetts Institute of Technology (MIT)showed that a combination of human expertise and Machine Learning systems – called “Supervised Machine Learning” – is much more effective than humans or ML alone . The supervised model is even up to ten times more efficient than its equivalent in ML alone..
Man and machine: machine : a collaborative work alongside Artificial Intelligence
The MIT study looks at artificial intelligence as a strategic means of cyberdefence, defining it as a powerful enough tool to spot and stop a whole series of cyberattacks . However, when it comes to social engineering attacks, it is not enough on its own..
More than 99% of cyberattacks require human action to spread and one of the most common attacks is the compromise of professional emails, otherwise known as Business Email Compromise (BEC).
AI has great potential when it comes to identifying common threats, for example,an ML system may be able to identify and undo a threat contained in a malicious link or attachment. . On the other hand, when it is a BEC-type attack, it can only effectively defend itself against current cyber threats with the help of human assistance. .
For all its progress,the ML still does not have the capacity to analyze the nuances and peculiarities of human behavior and still misses out on crucial cyberattacks. .
This is without relying on the new techniques of hackers to redirect their angles of attack by focusing on people and no longer infrastructure: unintentionally, employees remain the point of vulnerability of and a people-centered approach to security is essential..
And just as AI and ML should not be seen as a substitute for human expertise, we should not expect them to replace current cybersecurity technologies. . Outside of ML, techniques such as static analysis, dynamic behavior analysis and l’analyse protocol analysis will continue to have their place.
Good cyber defence must be as broad and diverse as the current threat landscape. It is essential for each company to create a safety culture through employee training and education and equip teams with robust defense techniques while en providing them with the best possible protection. AI remains a powerful tool for strengthening cyber-defensive policies but cannot be considered the only remedy for all existing threats..
By Martin Mackay, VicePresident Europe at Proofpoint