The artificial intelligence in the cybersecurity market was valued at 22.4 billion USD in 2023 and is expected to reach 60.6 billion by 2028.
From changes in job roles to increased cyber threat levels for businesses, it’s safe to say that advancements in AI have taken the digital sector by storm. Much more than just a fad that will ‘die down’ or get assimilated into regular workflows, AI is impacting businesses from both ends as a threat and support and will continue to do so for the foreseeable future.
What does AI mean for cybersecurity?
Whether we like it or not, artificial intelligence has well and truly begun to change the cybersecurity landscape at all levels. Key players, from cybersecurity professionals to businesses and consumers, are already being impacted by the capabilities of AI too.
But is AI a blessing or a curse for cybersecurity?
Just as the integration of AI is capable of producing some incredible opportunities for cybersecurity, it also has the potential to cause a great deal of harm, boasting both defensive and offensive abilities (based on its application). These two strands — what we’re calling the ‘opportunities’ and ‘challenges’ — contain many different examples as explored below.
Cybersecurity challenges posed by AI
As technology gets increasingly sophisticated and ‘capable’, owing to the advancements that come with AI, so too do the methods and attempts of cybercriminals. Gone are the days of wishful social engineering and opportunistic hacking. Now, more than ever before, cybercrime has been able to develop into a far more repetitive, targeted, and persistent activity — and with greater success rates too.
Let’s confront exactly which new threats artificial intelligence poses to businesses and the wider world of cybersecurity at large.
Elevation of traditional cybercrime methods
In recent years, AI has started to be used by cybercriminals in conjunction with their existing, more traditional methods. As an example, the fusion of AI with a traditional tool like a USB stick allows these outdated cybercrime methods to resurface with new impact, distributing malware in targeted attacks.
New methods: The malicious use of generative AI
You may well have seen tools like ChatGPT or DALL-E advertised online or in your newsfeed recently. These viral applications are examples of what’s known as ‘Generative AI’ — that is, tools which produce content or visual content instantly based on prompts and information given to them.
When used for good, generative AI technology is seriously impressive and can significantly reduce human labour, cutting down, for example, the time taken for an employee to write an email or a piece of code.
However, in the hands of cybercriminals, this technology can be used for ill intent, such as:
- Writing and sending phishing emails
- Keystroke monitoring malware
- Forging images or making scams appear more convincing
- Producing ransomware code
This means that it will be much harder for human employees to distinguish the difference between a regular email and a scam or phishing email as they will become more credible and seem more legitimate.
Deep fakes & social engineering
Generative AI has also been used to create ‘deep fakes’ and impersonate individuals on the internet to gain access to confidential or sensitive information.
Deep fakes are usually videos of a person that have been digitally altered so that they appear to be someone else, often used maliciously. This technology has been used by cybercriminals as a digital form of social engineering.
Machine learning to target data
AI operates via something called ‘machine learning’, one of the reasons why it is so successful and able to evolve and grow at such an alarming rate. Machine learning refers to the use of data and algorithms to imitate how humans learn — from patterns and anomalies — to get more and more accurate.
When harnessed by cyber criminals, this type of AI can be trained to spot weaknesses in systems, identify patterns in networks, and target specific data, gaining access to places they wouldn't have been able to infiltrate with regular, manual methods.
Automated cybercrime
One of the core benefits of AI is its ability to reduce workload for humans — cutting task time in half and preventing workers from having to do mundane, repetitive tasks manually. When it comes to cyber crime, the same applies. Thanks to core AI features such as automation, the creation of targeted, persistent, cyber attacks are much easier and have a much higher success rate.
Increased need for funding in cybersecurity strategy
All of the examples above illustrate perfectly the need for increased investment in IT security. It’s a basic principle: when the threat gets tougher, your defence has to level up as well.
This may come as a challenge for many businesses who are already spending a considerable amount on their cybersecurity strategies, or those who are going through tough times at the moment. Budgets will need to be rethought out to make scope for things like cybersecurity training for staff, greater investment in security, and perhaps even working with a managed service provider to ensure maximum levels of security.
Putting all that together, it becomes clear that AI poses a very real and expensive threat to cybersecurity.
AI & cybersecurity: The opportunities
But it isn’t all doom and gloom, though.
On the other side of the same coin, AI’s integration into cybersecurity has produced some really exciting opportunities for consumers, IT professionals, and businesses across the world. Just as much as AI’s time-saving, data-handling, and automating capabilities can be used for bad, they can also be harnessed for positive results.
Malware detection
Malware is usually detected by traditional antivirus software which relies on signature-based detection to identify variants of malware. While this method is highly effective, it only works on malware that is already known and listed on the database. So, should a modified malware variant be created, with this method, it could easily evade detection.
However, AI uses machine learning to help detect — and respond to — both known and unknown malware threats. Thanks to AI’s ability to analyse vast quantities of data in a short period of time, patterns and anomalies (otherwise extremely difficult for humans to identify) can be spotted quickly.
In essence, then, AI allows us to defend our systems against threats we may not even know exist until they've been deflected.
Phishing detection
Similarly, the common cyber attack tactic known as ‘phishing’ can be handled much more effectively and thoroughly by AI.
Traditionally, phishing detection relied upon rule-based filtering to block any emails from known phishing sources. However, this is quite a reactive response. With AI, machine learning can be used to analyse the content and format of emails and quickly identify any emails likely to be part of a phishing attempt.
Enhanced network protection
AI algorithms can also be trained to monitor networks - keeping a close eye out for any suspicious activity; this can be anything from unauthorised devices to unusual traffic patterns.
As part of its machine learning capabilities, AI can quickly analyse historical data from the network and gain a sense of what constitutes ‘normal’. From here, it is able to instantly flag when anomalous behaviour arises (EG: traffic from a suspicious IP address or unusual port of protocol usage).
Endpoint security
As our last example, AI is able to improve endpoint security levels through smart learning and detection. Devices known as endpoints (laptops, smartphones, tablets) are often the target of criminal cyber activity. Should a device on your system become infected with malware, AI can detect this and quarantine any suspicious files.
What's more, AI-based endpoint security is also capable of blocking unauthorised access attempts to these devices, preventing malicious individuals from gaining access to any sensitive or confidential data that may be stored there.
All of the examples above demonstrate how malleable AI can be when applied to a cybersecurity context, strengthening defence systems and even learning while doing so to constantly improve in the future.
Changing job specs
Another one of the core opportunities facilitated by AI’s integration into the cybersecurity realm is job specifications. We’ve already mentioned how, in order for IT professionals to keep up with this new technology, more research, testing, and training will need to be done. However, this can be seen as an exciting opportunity as opposed to a difficult undertaking.
IT security teams will have to do far less of the heavy lifting thanks to AI and the automation of mundane, repetitive tasks. Instead of focusing their efforts on constant monitoring and data analysis, AI can do this for them, freeing them up to apply this brain power, time, and energy elsewhere in more important tasks at higher levels.
AI & cybersecurity: The verdict
To risk stating the obvious, artificial intelligence has some impressive applications that get results unlike anything seen before in the digital sphere. The question we must ask ourselves remains: to what end.
While, in the hands of enthusiastic IT professionals, AI is capable of propelling industry forward and making great strides when it comes to efficiency, in the wrong hands, and if put to use for malicious intent, AI is just as capable of causing chaos.
The core things to remember are as follows:
- Like any new form of technology, AI brings with it a whole host of new challenges for cybersecurity professionals and should be regarded seriously.
- But, on the other hand, advancements in AI have the potential to facilitate some of the most significant improvements in cybersecurity (technology and the industry) that we have seen for a very long time.
- The more AI’s varying impact on cybersecurity is understood, the better.
Keep your cybersecurity strong
If you have any questions about AI and cybersecurity, get in touch with our team of experts who can point you in the right direction. If you know your business needs to up its cybersecurity strategy, ITRM’s IT security offering can help you too.
In the meantime, keep your finger on the pulse of AI and cybersecurity by following the ITRM blog.