AI and Cyber Security - the Future of Cyber Defence

Artificial intelligence (AI) is rapidly transforming cyber security. Integration with traditional controls and processes have resulted in more dynamic and effective defence for organisations. With increasingly sophisticated threats, complex digital environments, and vulnerabilities which are rapidly exploited by attackers, AI augmentation is pivotal for protecting digital assets.

Machine learning algorithms, a subset of AI, have been implemented effectively to detect deviations from normal behaviour patterns, perform real-time threat detection and response. AI's ability to analyse large datasets quickly and efficiently, provided a key advantage to handle the volume of threats that businesses face daily. All security information and event management (SIEM) tools actively leverage ML to provide a level of responsiveness and efficiency which cannot be matched by human security analysts.

Typically, potential security events and attacks are identified by the SIEM which then alerts security operations (SOC) analysts. Although many corrective actions are still done by human analysts, there is no doubt this will change as organisations get more exposure to and become more comfortable with generative AI (Gen AI) capabilities in the enterprise.

However, the use of AI in cyber security is not without challenges. AI systems require access to large quantities of data, there could be data privacy and ethical concerns. This is especially in view of the developing and somewhat disparate regulations for different jurisdictions for AI. For example, in the European Union, the General Data Protection Regulations (GDPR) sets tight limits on data usage and processing. This is complicated by the fact that attackers are increasingly leveraging AI, which will contribute to an even more dynamic offensive and defensive environment, in a continuous arms race.

Given the already active participation of AI in SOCs, which filter the majority of events before alerting human analysts, going forward, complete operational automation could be an issue of when, not if. In addition to redressing threats, AI could also predict and prevent future attacks across vast networks and cloud infrastructures.

There’s a drive for collaborative AI systems. The goal is to allow AI technologies to access threat intelligence information from different organisations in real time. Such collective action would provide collective defence and improve the organisation’s ability to defend against attacks. Many organisations share information regarding attacks or potential attacks with others, especially those within the same industry, in a well understood defence strategy and practice in the industry. With AI however, the speed and efficiency that huge volumes of data can be analysed, propelled by rapid progress in processor technology, would provide inferences and insights, including unintended, even from obfuscated information.

AI systems already have access to, and process large amounts of sensitive and personal identifiable information (PII). Indeed, automated processing of obfuscated information can be used to support alignment with data residency and processing regulations for multinationals.

Given the pace of development and investments of AI applications in every industry and sector, an understanding of tools available, underlying algorithms and processing that takes place will help organisations to make the best considered decisions on the best way to leverage the technology, including for cyber security. As AI technology continues to evolve, so too will the strategies employed to enhance and compromise digital security.