Artificial intelligence is not just enhancing threats, it’s providing organisations with a smart line of agile and detectable defence, says Richard Frost, Head of Consulting at Armata Cyber Security
AI security tools are moving beyond traditional signature-based approaches and can now identify subtle patterns in digital behaviours. These systems are capable of continuously learning from network traffic, users, systems and applications to establish behavioural baselines. Then, when anomalies occur – like an employee suddenly accessing a database at unusual hours, irregular login patterns or anomalous application behaviours – AI flags these deviations in real-time.
Moreover, these solutions detect poor security behaviours and protect both businesses and users. An employee sending a spreadsheet of names and personal information to the wrong person or emails coming into the organisation from an unknown address are examples of situations that AI can detect quickly, alerting the relevant people to the potential risk. AI will alert the sender to the fact that the spreadsheet they’ve attached doesn’t have any relevance to the content of the email. It will flag an email coming in from an unknown address so the user approaches it with caution. In both instances, AI offers a rapid solution to a possible problem.
The solution is not invasive. It’s an alert. It’s a warning system which gives people the chance to relook the content they send and receive and ensure they are not about to make an expensive mistake. The technology is designed to minimise the risk of identity fraud, phishing, and ransomware through intelligent detection and alerts.
Cyber-resilience
The World Economic Forum (WEF) defines cyber-resilience as an integral part of an organisation’s operations, culture and teams. The organisation’s Cyber Resilience Index revealed that 81% of companies were struggling to stay ahead of the threats, and that 88% are worried about the resilience of the small to medium (SME) companies within their networks. As the ecosystems defined by the relationships between suppliers and enterprises become increasingly interconnected, cyber-resilience is falling behind, and putting everyone at risk. The WEF also highlights the importance of leveraging artificial intelligence (AI) and machine learning (ML) tools to help companies build this resilience and respond to threats more effectively.
Machine learning algorithms are then used to correlate seemingly unrelated events across multiple systems, identifying a potential attack chain that a human analyst may miss. For example, a combination of failed login attempts followed by a successful login from a new IP address alongside unusual system file activity could flag a compromise in progress. AI has the ability to adapt and refine its understanding of normal versus suspicious behaviours and this makes it increasingly difficult for bad actors to slip through the security nets.
Of course, the threat actors are creating their own AI-powered solutions designed to combat the measures put in place by the business, but the tools used by security companies are catching them. And they are catching them quickly.
For example, a threat detected in Australia was remediated and protection released before South African companies came online. Active feeds monitored by AI were flagged, the solution developed, and systems updated at a speed that was unheard of in the past. This capability not only flags the value that AI provides in terms of how rapidly it can help companies and security organisations protect against attacks, but how it is always-on and always vigilant. Humans need to sleep, AI does not. One of the biggest advantages offered by AI-empowered security systems is their ability to take global threats and provide local relevance.
While AI is in use by threat actors to orchestrate increasingly sophisticated attacks, security solutions are doing the same – and in ingenious ways. Today, the organisation can thrive despite these threats because of the richness of AI-enhanced solutions. It is challenging to remain resilient with AI faking voices, interviews and access, but resilience comes standard with the right tools and security partner.
