The field of Cybersecurity has always been at the forefront of technology innovation, as certified Cybersecurity professionals deploy ever-more innovative tools to keep bad actors away from their critical corporate assets. Meanwhile, the field of artificial intelligence (AI) has been on a similarly high-flying trajectory for over a decade. Now, AI is crossing paths with the Cybersecurity world in a big way, and the intersection of the two segments will have profound global implications.
Cap Gemini reported last year that 63 percent of organizations plan to employ AI this year, and 69 percent believe they will not be able to respond to cyberattacks without AI. Accordingly, a report from Zion Market Research shows that the market for Cybersecurity-related AI will reach $30.9 billion by 2025, growing at about a 23 percent CAGR between 2019 and 2025.
Following are a few trends that are resulting from the intersection of these two sectors, and how they will impact everyday companies and their Cybersecurity professionals.
The Cybersecurity Skills Gap Drives AI Adoption
As fast as the Cybersecurity field is growing, there is still a shortage of qualified Cybersecurity professionals who can fill needed roles. Forbes recently reported that there would be 3.5 million Cybersecurity jobs left unfilled by companies in 2020. That’s more than three times the number that went unfilled just six years ago.
The growing skills gap will present an ongoing challenge to companies that are fighting to survive an onslaught of growing attacks from hackers and cybercriminals. With such a shortage of experienced Cybersecurity professionals and the volume and severity of attacks increasing, more companies are relying on cyber AI to automate the security initiatives that they already have in place. AI is becoming the trusted workhorse of many Cybersecurity activities, from threat detection to faster response.
Good Meets Bad in Adversarial AI
It’s not hard to forget that the Cybersecurity war is a two-way street, with cyber criminals doing their best to attack infrastructure and Cybersecurity champions working hard to keep the bad actors at bay. In what’s now known as “adversarial AI,” both sides are utilizing lightning-fast AI tools—one side utilizing it to sharpen their attacks, and the other using AI to defend the infrastructure.
More than 70 percent of organizations are currently testing use cases for AI Cybersecurity, including detecting potential fraud and intrusion, communicating risk assessments to management, and running behavioral analysis, among other tasks. AI can do it with higher speed and learn from its experiences to predict and prevent new attacks. The technology can even be an excellent tool for Certified Ethical Hackers (CEH), those who are trained in the ways of cybercriminals but do it for the benefit of stopping them.
And when it comes to identifying threats, AI is now being used to go beyond just alerting of impending attacks to taking a more intelligent “risk context” approach. This approach “combines data-classification, trust modeling, and security analytics to give a better contextual understanding of a threat and reduce the number of false positives.”
On the other hand, AI is making it easier for cybercriminals to execute their attacks, such as monitoring email correspondence en mass to compromise accounts and credentials (usually through phishing attacks) and conducting these attacks more quickly and efficiently. AI can also simulate behavioral patterns to bypass greater security controls and help penetrate corporate systems. The battle will continue to seesaw between good and bad actors for the foreseeable future.
The Battle for the Endpoint
As the world moves rapidly to embrace edge and endpoint computing, there is an unfortunate consequence—cybercriminals are well aware of their security vulnerabilities, mostly based on human error. Gartner predicts that more than 85 percent of successful attacks against user endpoints in the enterprise will come from exploiting configuration and user errors by 2025. As more devices such as mobile phones and IoT readers permeate the edge, they present an increasingly enticing target for hackers.
Fortunately, AI can help defend against automated attacks on endpoint devices. AI and machine learning can perform a wide range of defensive activities, including building risk scores based on users’ behavioral patterns, geo-location, and other important variables; supporting malware protection workflow all the way to servers, and using algorithms to determine when applications are at risk or unsafe (then moving those functions to more isolated systems).
Winning the Battle Depends on Developing Skills
The ongoing adversarial battle between cybercriminals and Cybersecurity professionals is getting more complex as it intersects with AI’s powerful capabilities. Your organization can win by nurturing the necessary skillsets, such as AI engineers who are trained to create practical applications using a wide range of intelligent agents, and machine learning experts who can master supervised and unsupervised learning, mathematical and heuristic techniques, and hands-on modeling. You should approach this intersection with caution, but taking the right steps to upskill will help you navigate it with confidence.