In February this year, hackers managed to steal $81 million from the central bank of Bangladesh after exploiting vulnerabilities with a sophisticated malware. In January this year, press reports highlighted how highly destructive malware infected three regional power utility service providers in Ukraine, which led to a power failure. In June last year, CNN reported how hackers successfully managed to ground 1400 passengers, as Poland’s national carrier was forced to cancel 20 flights due to an attack on its IT systems.
In an age of connected machines, these incidents show how hackers can cause irreparable damage. Despite putting in place the best IT infrastructure, some of the biggest firms have got hacked, as vulnerabilities exist in every enterprise and hackers only need one loophole to sneak in an enterprise and steal data.
This is set to become more complex, as connected machines are on the rise. For example, Gartner has predicted that in 2016, 5.5 million new things will get connected every year. With an exponential rise in smartphone adoption and the concept of work from anywhere becoming the norm, there is no perimeter for security. At the same time, with millions of security threats that are being detected every day, most existing information security systems are playing a catch up game. Given the increasing volume and sophistication of cyber attacks, human security analysts are overwhelmed by the sheer volume of data they have to handle.
That said, a ray of hope lies with the rise of a number of firms looking at using artificial intelligence in boosting security. Artificial Intelligence (AI) systems seek to address the gap between humans and machines. For example, human analyst based solutions are rule-based, which leaves them open to attacks which do not match the rules, such as say, zero-day attacks. On the other hand, automated systems place too much importance on any change in behaviour, which tends to create many false positives. AI systems merge these two worlds, by constantly learning and combining data from multiple points to look at the bigger picture.
A glimpse of the future of security shaped by artificial intelligence systems was revealed by MIT researchers, as they developed a system that predicted 85 percent of cyber attacks. Once an event is deemed suspicious by the AI system, it presents this analysis to human security analysts who then confirm if the event is an actual attack. This learning is incorporated into the system, which keeps on improving, as more data is fed into the system. This system was approximately three times better than previous benchmarks, and also succeeded in reducing the number of false positives by a factor of five.
More recently, IBM announced a cloud-based version of Watson for Cyber Security. The system will use Watson’s ability to reason and learn from unstructured data, which can be in the form of data on Internet that traditional security tools cannot process, including blogs, articles, videos, reports or alerts.
Unlike existing systems, AI-based systems search for subtle changes in behavior of users, key applications and the network, to detect an attack. For example, if an employee logs onto a system that is beyond his normal working hours, and logs on to a system that he seldom logs in, and proceeds to download and mail information, then the AI system can flag this off as an exception, as it can look at the chain of events and understand the bigger picture.
Over time, while human security analysts will continue to remain valuable, expect virtual security intelligence analysts to do the grunt work of combing through massive volumes of data and build accurate predictive models by continually learning from each incident.