By Susan Hoffman
Working in the cybersecurity field offers constant challenges. New threats from both internal and external sources emerge on a regular basis. Consequently, employees charged with protecting valuable assets like customers’ Social Security numbers and proprietary company documents must stay up to date on new developments in cybersecurity.
Learn more from our latest magazine, Preventing a Cyberattack: A Guide to Cyber Readiness. Download it now.
However, hackers also follow this pattern of constant learning to stay abreast of new ways to hack into organizations. Now, attackers are taking advantage of machine learning and artificial intelligence (AI) to increase the effectiveness of their cyberattacks.
How Hackers Utilize AI
According to Reuters writer Joseph Menn, hackers are using AI to build customized programs capable of getting past a company’s defenses. Menn notes, “State-of-the-art defenses generally rely on examining what the attack software is doing, rather than the more commonplace technique of analyzing software code for danger signs. But the new generation of AI-driven programs can be trained to stay dormant until they reach a very specific target, making them exceptionally hard to stop.”
George Dvorsky of Gizmodo agrees, noting that artificial intelligence could be used as a phishing weapon. Dvorsky cited a study from Maryland security company ZeroFOX, which conducted an experiment to see whether a human attacker or an AI program was better at composing and distributing phishing tweets on Twitter. The AI program had “a substantially better conversion rate,” according to Dvorsky.
What Companies Can Do to Defend Themselves
With attackers utilizing AI for more sophisticated intrusions, how can companies protect their valuable informational assets? To start, education should be a priority. Information technology (IT) professionals should teach their coworkers about AI-based attacks and how to recognize them.
Brian Hill of CDW notes that cybersecurity professionals can also use AI tools to defend their organizations from attackers. He says, “Content screening mechanisms can scan incoming email and other content for signs of malicious activity. AI-based behavior monitoring tools can develop models of a user’s normal behavior and then detect deviations from those norms.”
Hackers using AI for cyberattacks is a technique that requires close monitoring by cybersecurity professionals and business owners. Aimee Laurence of CPO Magazine recommends that companies utilize a mix of AI and traditional security techniques, such as conducting security audits, installing firewalls, filtering URLs, and monitoring incoming and outgoing traffic.
Defending organizations from data breaches and sophisticated attackers is a never-ending task requiring agility, adaptability, and good communication between cybersecurity vendors and organizations. As Tony Karam of RSA observes: “We must work together in order to beat our adversaries in this high-stakes cyber arms race.”