The impact of AI on the future of cybersecurity

As technology advances, so do the techniques and tools used by cyber attackers. Recently, AI and machine learning (ML) have emerged as preferred technologies for attackers, enabling them to create malicious payloads that evade detection and write customized phishing emails that are difficult to identify.

The recent multiyear breach at GoDaddy is a clear example of how cyber attackers use AI to carry out their attacks. The attack was designed to remain hidden within the company's infrastructure for years, evading detection by traditional security measures. The use of AI and ML in cyber attacks is a growing concern, as these technologies can increase the scale and sophistication of attacks while making them more difficult to detect and prevent.

To combat this growing threat, we need to focus on developing advanced AI and ML systems that can detect and mitigate attacks in real time. This requires collaboration between cybersecurity experts and data scientists to develop effective algorithms to detect and respond to attacks before they cause significant damage.

Double-edged sword

As AI and ML evolve, organizations must stay vigilant and implement robust security measures to protect against these attacks. The potential damage that AI-driven cyberattacks can cause is significant, and organizations need to take the necessary steps to protect themselves and their customers from this emerging threat.

The rapid pace at which new vulnerabilities are disclosed, combined with the ability of adversaries to operationalize exploits using AI and ML, has led to an exponential rise in cyberattacks. For example, cybercriminals actively use ChatGPT to develop and refine malware, personalize phishing emails, and steal privileged credentials. While it has been widely reported that malicious actors are testing the potential of ChatGPT, it is expected that this year, they will gain a deeper understanding of how to use it for their nefarious purposes.

Both cybersecurity professionals and hackers will continue to explore ways to utilize ChatGPT to their advantage. A recent survey by BlackBerry revealed that 51% of IT decision-makers anticipate a successful cyberattack attributed to ChatGPT within the year. As the sophistication of cyberattacks increases, it remains to be seen which side will be more effective in utilizing AI and ML technology.

How AI will improve cybersecurity

AI and ML are shaping the future of digital crime, with cybercriminal gangs and APT groups accelerating AI hacker-for-hire programs and ransomware-as-a-service while expanding their base of AI-enabled cloaking techniques and more. As a result, security teams are struggling to keep up in the AI arms race.

Despite this challenge, there is a growing sense of optimism around investment in AI for cybersecurity. Some of the most intriguing forecasts on this topic are listed below:

AI-based behavioral analytics

Real time visibility and monitoring of all activity across a network is a critical component of the zero-trust frameworks organizations are adopting today. AI-based behavioral analytics is essential in providing real time data on potentially malicious activity by identifying and responding to anomalies.

CISOs and their teams are leveraging AI-based behavioral analytics to set baselines for normal behavior by analyzing and understanding past behavior, thereby identifying anomalies in the data. This approach is proving effective in detecting potential threats in real time.

Leading cybersecurity vendors are leveraging AI and ML algorithms to personalize real time security roles or profiles for each user based on their behaviors and patterns. By analyzing multiple variables, including where and when users attempt to log in, device type, and configuration, among others, these systems can detect anomalies and identify potential threats in real time.

This approach to AI-based endpoint management reduces the risk of lost or stolen devices, protecting against device and app cloning and user impersonation. Enterprises can leverage this technique to analyze endpoint protection platforms (EPPs), endpoint detection and response (EDR), unified endpoint management (UEM), and transaction fraud detection, improving authentication accuracy.

Endpoint discovery and asset management

Recent research by IBM highlights the increasing adoption of AI and automation in cybersecurity to gain a more comprehensive understanding of digital environments.

The study reveals that 35% of enterprises leverage AI and automation to discover endpoints and improve asset management. This use case will grow by 50% over the next three years. Vulnerability and patch management is the second most common use case, with 34% of organizations adopting AI for this purpose and a predicted adoption rate of over 40% in three years. These findings suggest that more organizations are using AI to support zero-trust initiatives.

Vulnerability and patch management

Patching is a critical aspect of cybersecurity that requires a significant investment of time and resources. Despite having well-funded IT and security teams, organizations continue to struggle with the complexity of patching, as revealed in a recent Ivanti survey. With 71% of respondents finding patching overly complicated and time-consuming, it's clear that organizations need to prioritize risk-based patch management solutions that leverage automation to address vulnerabilities efficiently.

In particular, IT and security professionals spend a considerable amount of time organizing and prioritizing critical vulnerabilities, taking up more than half of their time, which is a significant challenge. A risk-based patch management solution that leverages automation can help identify and prioritize vulnerabilities, thereby reducing the workload and minimizing risk. Organizations must recognize the importance of patching and prioritize a comprehensive solution to stay protected in today's threat landscape.

Delivering business value through AI

According to Gartner, AI use cases are classified based on their feasibility and business value. Among these use cases, transaction fraud detection is considered the most feasible and also delivers significant business value. File-based malware detection is nearly as feasible and delivers strong business value.

Process behavioral analysis is another AI use case that offers substantial business value, with a medium feasibility level to implement. Lastly, abnormal system behavior detection is an AI solution that delivers high business value and feasibility, which Gartner believes can be successfully implemented in enterprises.

Detection is the name of the game for now

Integrating AI into a comprehensive zero-trust security framework that treats every identity as a new security perimeter is essential to unleashing the full potential of this technology in cybersecurity. The most successful cybersecurity AI and ML use cases began with clearly understanding the specific threat landscape the technology is designed to protect. These technologies have proven highly effective at scaling to secure each use case, whether it's a privileged access credential, a container, a device, or a supplier or contractor's laptop.

Detection is critical to many AI and ML use cases because CISOs and leading enterprises understand that becoming cyber-resilient is the most effective way to scale cybersecurity strategies. With the C-suite expecting measurable financial reductions in risk management, cyber-resilience is the clear path forward. By leveraging AI and ML to achieve cyber-resilience, organizations can improve their overall security posture, reduce the risk of costly cyberattacks, and increase their chances of successfully navigating an increasingly complex cybersecurity landscape.