The New Frontier of Cyber Defense Is AI and Machine Learning

Anshul Mohan Gupta
Published 09/13/2024
Share this on:

Cyber Defense Is AI and Machine LearningArtificial intelligence (AI) and machine learning (ML) are critical in threat detection and cyber defense, in an ongoing mandate to enhance traditional security measures. They identify unusual usage to detect potential threats and analyze vast amounts of data in real time to recognize patterns and indicators of compromise (IOCs) associated with known and unknown threats. The incident response process can be automated using AI-powered systems to reduce response time and improve efficiency. Organizations are responsible for protecting employee and customer data, and these systems provide confidence that their personal information is safe.

 

New cybersecurity landscape


Today, data is king; it’s a major source of value to most organizations and cybercriminals. Data from Statista shows that between 2020 and 2023, the amount of data created, captured, copied, and consumed nearly doubled from 64 to 120 zettabytes. As the volume of data generated has grown, so has the risk and frequency of cyberattacks.

According to a 2023 report from BlueVoyant, the average number of supply chain attacks targeting third-party vendors that negatively impacted an organization’s operation increased by 22 percent over the previous year. As internet-connected devices have increased, so have Internet of Things (IoT) attacks, growing by 400 percent between 2022 and 2024. Attacks targeting open-source software are also increasingly common. Cybercriminals inject malicious code into open-source software, which is then unknowingly deployed on various systems, as in the attack detected in March 2024 on Xz, a data-compression tool incorporated into versions of the Linux OS. Rather than exploiting an organization’s data, some attackers encrypt customer data and hold the decryption key as ransom. In its “Cyber Security Forecast 2024,” Google identified these ransomware and extortion attacks as the most impactful type of cybercrime, noting that an increase in these attacks also increases the number of organizations willing to pay a significant amount to get their data back.

 

Widespread risk


Perhaps the most significant error organizations can make is to think they are not vulnerable to cyberattacks. Aviva, a U.K.-based multinational insurance company, reports that one in five U.K. businesses experienced a cyberattack in 2023. A study from Wakefield Research and Rubrik Zero Labs showed that a staggering 94 percent of IT and security leaders surveyed had experienced a significant cyberattack at their organization.

Two recent attacks on major companies illustrate how widespread the risk is. In January 2024, a group called Midnight Blizzard attacked Microsoft. The company first reported that the group had accessed employees’ email accounts, including some of the members of the senior leadership, cybersecurity, and legal teams, using stolen credentials and supply chain attacks. In March, it was revealed that the attackers had also gained access to some source code and emails between customers and Microsoft.

In February 2024, UnitedHealth Group, one of the largest insurers by market share, reported a potential patient data breach through its subsidiary’s IT systems. The president and CEO of the American Hospital Association called the attack “the most significant and consequential incident of its kind against the U.S. healthcare system in history.” If businesses like Microsoft and UnitedHealth aren’t safe from a potential cyberattack, no organization is.

 

Staying one step ahead


As computing power has become more affordable to businesses, and with advances in hardware capable of processing immense volumes of data, implementing these tools has also become easier and more accessible. For cybersecurity, AI and ML are increasingly critical for countering attacks. Cybercriminals will not hesitate to use technologies like AI and ML to their benefit, and it’s imperative for every industry to keep up.

Unfortunately, a serious skills gap has plagued the cybersecurity field for years. In its annual Cybersecurity Workforce Study, ISC2, a member association for the profession, reported that the gap between workforce supply and demand grew from 3.4 million in 2022 to 4 million in 2023. Increased automation with AI and ML strategies is one way to help address this issue. AI and ML algorithms can be trained on large datasets and once deployed, help detect past or current cyberthreats and identify unusual behavior within the organization. Systems that leverage AI with continuous, end-to-end threat monitoring and detection can notify infosec teams in real time so they can take preemptive action.

Still, it’s critical for organizations that use AI and ML as part of their threat detection strategy to be careful to avoid an over-reliance on these technologies. It’s important to ensure that the algorithms organizations use are, to the best of their ability, trained with minimal biases to maintain accuracy and efficacy. Additionally, results from automated AI systems should not be blindly trusted. Instead, a capable infosec team will validate flagged incidents to ensure legitimate changes or updates are not being falsely identified as an attack. Organizations can include accuracy metrics in their cybersecurity key performance indicators (KPIs) and track the rate of false negatives and positives.

Continued investment in infosec and cybersecurity is critical. Ensure that employees are aware and trained on the potential risk of ransomware, phishing, or malware attacks and follow the proper processes and procedures. Consistent and regular security training can help confirm that employees’ activities aren’t a potential threat to their colleagues or the workplace.

Leadership is crucial in setting the organizational tone and culture regarding cybersecurity. In addition to guaranteeing that employees are educated and aware of risks, leaders are also responsible for cybersecurity investments and staffing issues. One of the best steps organizations can take to address the skills gap is investing in upskilling and training their employees. While 57 percent of workers surveyed by the ICS2 reported that workforce shortages put their organization at significant risk, the report also identifies training and education initiatives as key to overcoming skills or staff shortages.

Developing and maintaining effective cybersecurity is a constant battle. Cybercriminals will always look for ways to exploit vulnerabilities and leverage new technologies to access organizations’ data. Perhaps the most crucial step in any infosec strategy is understanding that no one is safe; attacks and compromises can happen to any organization at any time. Cyber defense strategies require regular investment and maintenance, and successful and safe organizations will embrace emerging technologies to protect themselves and their customers from risk.

 

About the Author


Anshul Gupta headshotAnshul Mohan Gupta is a staff engineer with over 13 years of technical and leadership experience. He specializes in cloud data management, data security, cyber resilience solutions, API development, and developing highly scalable and fault-tolerant applications and services. Mr. Gupta holds a master’s degree in computer science and engineering from the University at Buffalo, N.Y. For more information, contact anshulmo@buffalo.edu. Disclaimer requested by author: The views, information, and opinions expressed in this article are the author’s and do not necessarily represent those of his employer.

 

Disclaimer: The author is completely responsible for the content of this article. The opinions expressed are their own and do not represent IEEE’s position nor that of the Computer Society nor its Leadership.