Is artificial intelligence a tool or a threat to cybersecurity?
Is artificial intelligence (AI) a tool or a threat to cybersecurity?
Artificial intelligence is going to be (and already is) a great tool to assist the almost one million cybersecurity professionals currently active. The first and most intuitive reason why AI is going to be critical in the battle against cyberattacks, is that it's going to reduce the workload of the cybersecurity workforce. IT professionals work up to 52 hours a week, but automation will assist them with many menial tasks, giving them some breathing room between one attack and the next.
Machine learning-based algorithms will also adapt to new threats faster than humans, as they can quickly spot the similarities between the new generation of malware and cyberattacks and other, more familiar threats. AI that has "learned" enough will be able, in due time, to detect and deal with the vast majority of relatively simple threats on its own, freeing up an enormous amount of time for tech employees.
Finally, AI-based analytics platforms that use structured and unstructured machine learning are more flexible and more efficient at correlating and understanding information detected by different tools at once. More than half of the cyber professionals, in fact, know very well that their tools often lack the cohesion and accuracy needed to provide them with reliable data they can trust.
The widespread use of AI comes with its own risks to cybersecurity, as a panel of 26 British and American experts explained in the 101 page-long report "The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation."
First, it's easy to understand how the same benefits that cybersecurity experts are going to enjoy from the introduction of machine learning algorithms are valid for hackers and scammers as well. Attackers can use automation to make the process of finding new vulnerabilities they can exploit easier and quicker, for example.
But AI can "level the playing field" for attackers who can usually rely on a much smaller workforce to coordinate their attacks. By alleviating the existing trade-off between the scale and efficacy of attacks through automation, labor-intensive attacks such as spear phishing will become more efficient and frequent. However, AI can provide some benefits that are specific to attackers only, such as exploiting using speech synthesis for impersonation, for example.
More in general, AI-based bots and malware can, right now, pose a much more significant threat to the average user than to the cybersecurity experts. AI can be used to steal users' data, coordinate large botnets and easily poke through the best VPNs that a user can hope to buy. The domino effect of exploiting these vulnerabilities of common people can be truly devastating as the recent VPNFilter malware attack that hacked over 500,000 routers worldwide just taught us.
The (Not So) Ugly Truth
The bottom line is that AI is going to forever change the cybersecurity scenario. It's neither "good" nor "evil," it's just a new weapon that, once it has been introduced and established, will revolutionize the field of battle. It's the equivalent of the introduction of rifles in warfare during the Renaissance: Things are never going to be the same.
It doesn't matter much whether it's more effective for attackers or defenders now. Eventually, all of cyberwarfare will evolve around it.
Have a question? Ask us here.
Written by Claudio Buttice
Dr. Claudio Butticè, Pharm.D., is a former clinical and hospital pharmacist who worked for several large public hospitals in Southern Italy, as well as for the humanitarian NGO Emergency.
He is an accomplished medicine and technology writer who wrote as an author in several encyclopedias, including The SAGE Encyclopedia of Cancer and Society (2015), The SAGE Encyclopedia of World Poverty (2015), and ABC-CLIO Encyclopedia of Science and Technology (in press). He’s also the author of research papers as well as other sociology and anthropology reference textbooks.
An expert freelance journalist, Dr. Butticè wrote for many online newspapers such as The Ring Of Fire, Digital Journal and Business Insider. During his career he also worked as a medical consultant and advisor for many international companies around the world, wrote and designed Continuing Medical Education (CME) courses and taught content writing techniques through webinars.Full Bio