Combining AI and Humans to Tackle Cyber Fraud
As cyber attacks become more diverse in nature and targets, it’s crucial that cyber security staff have the right visibility to determine how to solve vulnerabilities accordingly, and AI can help come up with solutions that its human colleagues can’t alone.
"Cyber security resembles a game of chess," said Greg Day, vice-president and global field CISO at Cybereason. "The adversary looks to outmanoeuvre the victim, the victim aims to stop and block the adversary’s attack. Data is the king and the ultimate prize."
"In 1996, an AI chess system, Deep Blue, won its first game against world champion, Garry Kasparov. It’s become clear that AI can both programmatically think broader, faster and further outside the norms, and that’s true of many of its applications in cyber security now too."
Working alongside staff
Day expanded on how AI can work alongside cyber security staff to keep the organization secure.
"We all know there aren’t enough cyber security staff in the market, so AI can help fill the gap," he said. "Machine learning, a form of AI, can read the input from SoC analysts and transpose it into a database, which becomes ever-expanding. The next time the SoC analyst enters similar symptoms they are presented with previous similar cases along with the solutions, based on both statistical analysis and the use of neural nets – reducing the human effort. If there’s no previous case, the AI can analyze the characteristics of the incident and suggest which SoC engineers would be the strongest team to solve the problem based on past experiences. All of this is effectively a bot, an automated process that combines human knowledge with digital learning to give a more effective hybrid solution."
Battling bots
According to Imperva research, over 40% of global Internet traffic is made up of bots, with the majority of cyber attack techniques such as account takeover being carried out by these machines. These have also proved prominent within fraud attacks.
"Businesses can’t fight automated threats with human responses alone. They must employ AI and machine learning if they’re serious about tackling the ‘bot problem’," said Mark Greenwood, chief technical architect at bot management specialists Netacea. "It’s necessary to ingest and analyze a vast amount of data and AI makes that possible, while taking a machine learning approach allows cyber security teams to adapt their technology to a constantly shifting landscape."
Endpoint protection
When considering certain aspects of cyber security that can benefit from the technology, Tim Brown, CISO at SolarWinds, says that AI can play a role in protecting endpoints. This is becoming increasingly important as the number of remote devices used for work rises.
"By following best practice advice and staying current with patches and other updates, an organization can be reactive and protect against threats," said Brown. "But AI may give IT and security professionals an advantage against cyber criminals. Antivirus (AV) versus AI-driven endpoint protection is one such example; AV solutions often work based on signatures, and it’s necessary to keep up with signature definitions to stay protected against the latest threats. If a new, previously unseen ransomware strain is used to attack a business, signature protection won’t be able to catch it. AI-driven endpoint protection takes a different tack, by establishing a baseline of behavior for the endpoint through a repeated training process. If something out of the ordinary occurs, AI can flag it and take action – whether that’s sending a notification to a technician or even reverting to a safe state after a ransomware attack. This provides proactive protection against threats, rather than waiting for signature updates."
Machine learning versus SMS scams
With flexible working between the office and home, and usage of personal devices to complete tasks and collaborate remaining common post-pandemic, it’s important to be wary of scams that are afoot within text messages.
"With malicious actors diversifying their attack vectors during the pandemic and beyond – using Covid-19 as bait in SMS phishing scams – organizations are under a lot of pressure to bolster their defenses," said Brian Foster, chief product officer at ReliaQuest. "To protect devices and data from these advanced attacks, the use of machine learning in mobile threat defence (MTD) and other forms of managed threat detection continues to evolve as a highly effective security approach. Machine learning models can be trained to instantly identify and protect against potentially harmful activity, including unknown and zero-day threats that other solutions can’t detect in time. Just as important, when machine learning-based MTD is deployed through a unified endpoint management (UEM) platform, it can augment the foundational security provided by UEM to support a layered enterprise mobile security strategy."
Hurdles to overcome
These use cases and more demonstrate the viability of AI and cyber security staff effectively uniting. However, Mike MacIntyre, vice-president of product at Panaseer, believes that the space still has hurdles to overcome in order for this to really come to fruition.
"AI certainly has a lot of promise, but as an industry we must be clear that its currently not a silver bullet that will alleviate all cyber security challenges and address the skills shortage," said MacIntyre. "This is because AI is currently just a term applied to a small subset of machine learning techniques. Much of the hype surrounding AI comes from how enterprise security products have adopted the term and the misconception (willful or otherwise) about what constitutes AI."
Conclusion
In conclusion, AI and cyber security staff can work together to tackle cyber fraud, protect endpoints, and battle bots. While there are still hurdles to overcome, the potential benefits of AI in cyber security are clear. As the industry continues to evolve, it will be important to stay up-to-date with the latest developments and best practices in AI and cyber security.
Frequently Asked Questions
- How can AI help in cyber security?
AI can help in cyber security by providing real-time threat detection, incident response, and threat hunting. - What are some of the challenges of implementing AI in cyber security?
One of the biggest challenges is ensuring that AI systems have access to high-quality training data, as well as addressing concerns around bias and fairness in AI decision-making. - Can AI replace human cyber security professionals?
No, AI is not a replacement for human cyber security professionals. AI can augment and assist human analysts, but it is not a replacement for their expertise and judgment.
