A.I. Could Be Double-Edged Sword for Cybersecurity Industry in 2018


It’s no secret that artificial intelligence is becoming increasingly influential in cybersecurity—on both sides of the battlefield. And while it’s no secret, it should also be no surprise.

Although, in many ways, A.I. is still in its infancy, with nearly every industry investing in the space and many companies already benefiting from automation and business intelligence use cases today. From accountants automatically analyzing expenses and identifying efficiencies with minimal effort, to marketers personalizing content for consumers on the fly, the early benefits are obvious.

That said, it’s clear to me that in cybersecurity, A.I. will play its most important role. In fact, A.I. is already transforming the industry, and I expect that 2018 will see a number of trends come to a head, forever reshaping how we think about security in the coming years.

Although the A.I. discussion continues to focus on the far future—such as the replacement of human workers by robots—and consumer integrations like Alexa and smart homes, it is in cybersecurity this year where we will see the most significant impact from A.I. technologies. It is realistic that we will see A.I. applied to cybersecurity defenses, avoiding potentially billions of dollars in damages from breaches—and at the same time, see criminals and nation states leveraging innovative A.I. attacks to do serious harm to everything from companies’ reputations to critical infrastructure.

This is the double-edged sword of A.I. in cybersecurity, and without rapid adoption, the balance may be swinging in the attackers’ favor. Let’s break it down:

—Defenders: A.I. will help SOC teams be smarter and faster.

As a security professional, perhaps the most exciting trend I see with A.I. is how security teams are using it to level-up their existing efforts. Today’s security analysts are under incredible and ever-increasing pressure to respond quicker and better defend against a rising number of attacks. They must be vigilant against internal and external attacks, which may span any number of endpoints and systems across a network.

The net result is that security analysts are expected to be able to defend against, and identify, a myriad of possible breach scenarios—while also managing costs and staff resources. Although companies are investing in hiring more security professionals, it’s often not enough to keep pace with escalating attacks.

Luckily, A.I. is making analysts’ lives easier on two fronts.

SOC (Security Operations Center) teams can now use A.I.’s ability to rapidly deal with large data sets to automate red team/blue team testing scenarios, automatically test and defend against different types of attack techniques, and identify vulnerabilities analysts had no idea existed. This isn’t the stuff of science fiction; the 2016 DARPA Cyber Grand Challenge showed that A.I. is more than capable of discovering and exploiting bugs, as well as patching them.

Aside from identifying known and unknown vulnerabilities, A.I. will help automate and streamline incident responses when a breach does occur. Security teams have already started to use platforms like Microsoft’s Advanced Threat Protection and others to improve their breach detection and response. There is also the ability to use A.I. to create more ways to query data and take actions using natural language. The idea is an analyst can then focus less on administration, research, and reporting, and more quickly identify and act on breaches.

—Attackers: A.I. will help hackers attack at scale.

While A.I. will significantly enhance SOC teams’ capabilities this year, the unfortunate truth is that attackers will probably find similar return on investment in A.I. Attacking is less costly than defending—this paradigm will only become more extreme as adversaries deploy automated attacks at scale.

The cat and mouse game between attackers and defenders will increase in pace as A.I. is able to learn ways around defenses to exploit systems. Many organizations’ defenses are built around being able to distinguish the good from the bad network traffic. Rather than having to manually work out how to disguise an attack as good traffic, A.I. can automate the process and evolve attacks in real time to combat counter measures.

On an individual level, this becomes even more daunting. There is huge investment in the marketing sector into using A.I. to better target users and be able to mine data from social media to create personalized content. From the attacker’s view, this can be leveraged for phishing campaigns. One great example is using social media analysis to send a user a targeted tweet that appears to relate to a topic they are interested in. These types of attacks have a high chance of success and are very hard to spot.

—We must use A.I. to address attackers’ scale advantage.

A.I. in general is technology which will have transformative effects across almost all industries. One of the greatest impacts it will have in the near future is in cybersecurity. A.I.-empowered attacks have the potential to disrupt or even destroy infrastructure and organizations globally. While these A.I. technologies also offer significant advantages to defenders, unless we ensure we are moving at the same pace as the attackers, the industry should be pretty worried about what 2018 will bring.

[Editor’s note: This is part of a series of posts sharing thoughts from technology leaders about 2017 trends and 2018 forecasts.]

James Maude is a senior security engineer with endpoint security company Avecto. Maude is based in the company’s headquarters in Manchester, U.K. The firm’s U.S. headquarters are in Somerville, MA. Follow @

Trending on Xconomy