Cybersecurity is a strategic challenge for global enterprises today. The rapid digitization, accelerated by the pandemic, has brought forth an expansion in the attack surface thereby stressing on the need for more autonomous cybersecurity defenses. Many CISOs are making a fundamental shift to an interconnected and perimeter-less ecosystem. They are moving from siloed point solutions to standardized reference architectures including enterprise-wide security platforms, open protocols, improved visibility, and self-learning capabilities to increasingly automate the cybersecurity defenses.
The significant pace in the rise of vulnerabilities (more than 50 CVEs logged each day in 2021), exploited by new age cyberattacks, is adding stress to the cybersecurity community. This exponential increase in cyberattacks, led by the zero-day attacks, has rendered the static rules and signature-based algorithms ineffective. Further, the adoption of cloud, IoT, and 5G are leading to increasingly complex business environments and the expansion of attack surfaces. This builds a credible opportunity for effective adoption of Artificial Intelligence (AI) to secure the ecosystem and build a cyber resilient relationship with the end users. Statistical study shows that 62% of attacks were recognized after they have caused significant damages to the cyber systems.
AI, including machine learning and deep learning, supports the following types of algorithms to strengthen cybersecurity related use cases:
- Supervised learning- includes algorithms based on an input dataset from which the output to be obtained is already known. For example, classification of spam emails, account reputation scoring, preventing fake account creation, threat hunting etc.
- Unsupervised learning- includes algorithms which classify the data independently, without an established prior classification/ expected output. For example, zero-day attack detection or user fraudulent activity detection.
- Deep reinforcement learning- includes integrated with deep learning techniques to create autonomous cyber defense controls which can take actions without prior knowledge of the environment. For example, security in autonomous vehicle systems, defense against AI adversarial attacks, automated URL based phishing detection, false data injection, infiltration attack, DoS/ DDoS attack, cloud-based polymorphic malware detection and more.
- Thus, with the support of AI technologies, cyber security experts can analyze huge volumes of data/information, identify key events of interest, and focus on the priority events in defending against cyber-attacks. This also helps in shifting from ‘human-in-the-loop’ model to ‘human-on-the-loop’ model for a futuristic human-AI machine integrated cyber security framework.
As cyberattacks get increasingly sophisticated, defense strategies need to be equally equipped at the large-scales and provide agility of integration across cloud (and hybrid) infrastructure, SaaS applications, zero-trust environments, OT/ IOT devices, network systems etc. Considering this, enterprises should adopt a multi-pronged approach for effective use of AI techniques in becoming cyber resilient. This includes:
- Prioritization of cyber imperatives for AI augmentation:
Enterprises should prioritize their business risks mapped with cyber strategy to identify areas which can be augmented with AI. For example, AI-based predictive analytics establish hidden patterns, detection of threats/ anomalies etc, in latent space across structured and unstructured data sources from heterogenous systems. A well-defined strategy must identify areas where AI should be implemented for best securing the interests of the enterprise. This strategy should prioritize areas of immediate focus versus those which can be gradually integrated with AI-based controls and the risk fabric of the enterprise.
- Establish reference architecture for unified AI-enabled cyber defense across enterprise landscape:
The cyber security strategy should establish a core reference architecture which integrates the disparate cyber security systems, policies, and processes. The reference architecture pattern should integrate AI and non-AI based controls to monitor, detect and respond to perceived cyber threats. The effectiveness of the reference technology blueprint of cyber security controls must be continuously mapped with the enterprise cyber security strategy.
- Identify and baseline AI risks related to cyber security:
Enterprises should execute risk analysis as part of the initial AI control design for cyber security, including access management, dataset collection, and AI process governance. Thus, identification of adversarial events generated from AI must be outlined and risk-mitigation plan should be baselined. The key risks that need to be considered for AI include- privacy, adversarial cybersecurity, fairness, transparency, safety and third-party risks.
- Invest in aggregated cybersecurity, AI and automation skillsets:
Appropriate investments should be66 made on building talent related to cybersecurity, AI techniques and automation as cyber attackers will continue to use AI-enabled technologies. Experts who can understand the nuances of cybersecurity domains and the AI-enabled algorithms to defend against the cyberattacks are critical for deriving positive outcomes from AI integrated techniques.
In conclusion, the rational intersection of cybersecurity and AI has a larger applicability for managing the cybersecurity posture of an enterprise. However, the application of AI to CyberSecurity is a learning-based research area and not free from problems. In fact, studies have classified AI as a double-edged sword requiring enterprises to have a systematic approach in identification and prioritization of AI risks and implement mitigation controls against such adversaries.
The article has been written by Kumar MSSRRM, AVP and Delivery Head at Infosys Cybersecurity