After much fanfare and promise in 2018 and 2019, AI’s role in cybersecurity seemed to fly under the radar in 2020. But AI didn’t go anywhere, and we expect to hear much more about it in 2021. A couple of factors were at play in 2020 that may have made it seem like AI’s buzz had faded.
First, COVID-19 upended virtually every industry. Some businesses (think grocers and Zoom) saw business increase because of the pandemic. Other sectors, like tourism and hospitality, were devastated. Implementing new AI tools wasn’t a priority for many businesses; simply surviving became the mantra.
Secondly, even if businesses were innovating with AI, we didn’t hear about it. Most of the attention in the media was, understandably so, focused on COVID and its impacts. With an election and civil unrest, there was little room for other coverage.
With the new year arriving soon, AI is stepping back into the spotlight, albeit gingerly, and MSPs that haven’t embraced it should be thinking about how, or whether, to implement because its role will grow. This appetite for AI is outlined in new data from ResearchandMarkets, which projects the widening role AI will play in cybersecurity in the years ahead. The global artificial intelligence market is expected to grow from $28.42 billion in 2019 to $40.74 billion in 2020. By 2023, that market is expected to reach $99.94 billion.
Far from disappearing during COVID-19, AI has been harnessed to fuel new technologies and innovations which we’ll be hearing more and more about in the years ahead.
The one caution flag with AI is that it isn’t just for the good guys. For every advance in AI made by security-conscious vendors and university research labs, there are equal gains by cybercriminals who are trying to leverage AI’s algorithmic processing power. So far, the good guys appear to have the upper hand, but bad actors can commandeer AI. A recent article in Entrepreneur summarized the danger:
Cybercriminals are building advanced attacks using AI techniques to automate attacks and bypass the existing security infrastructure. With the flourishing culture of sharing and open-source technologies, bad actors can access the latest technologies that bring them head-to-head or even provide them with an edge over the host’s defense mechanism.
For every advance in #AI made by vendors and research labs, there are equal gains by cybercriminals who are trying to leverage AI’s algorithmic processing power. #cybersecurity
However, companies large and small are working to keep AI in the hands of the “good guys.”
SmarterMSP caught up with one of them, Karim Ganame, to get his thoughts on the AI landscape and which threats loom largest right now.
Ganame is a cybersecurity expert in Montreal and the founder of StreamScan, a start-up that uses AI to detect anomalies and new-generation cyber threats targeting computer networks. These cyber-threats are then blocked to minimize or eliminate the impact of security incidents.
The biggest cybersecurity threat right now?
The world has been roiled by data breaches and malware of all types in 2020, but the most ominous threat, Ganame says, is posed by the continuing proliferation of ransomware.
Ganame adds that where AI holds promise is in its used of algorithms to model ransomware behavior and then detect similar behavior in real-time.
Streamscan runs several ransomware programs, for instance, and captures information about the program’s behavior. This includes processes created, communication with external hosts, files downloaded, register critical updates, API calls, and Powershell activity. For that, relevant features are extracted to help characterize them.
“With this information, we train our machine learning model,” Ganame states.
After this is done, similar malicious traffic can be detected. Ganame recommends a two-part solution: 1) detecting ransomware on network flows; and 2) detecting ransomware on endpoints.
Ransomware, Ganame advises, doesn’t discriminate, targeting businesses of all sizes and types. It can be a manufacturing, healthcare, education facility, or a retail operation. “All industries are targeted,” he says.
Ganame’s recommendations for deterrence include what should be mainstays of the MSP playbook:
- “Backup, backup, backup,” Ganame asserts and test the backups to be sure they will work if needed.
- Establish user awareness. Education is always the most powerful – and cheapest – weapon MSPs have.
- Implement products like antivirus, intrusion detection system, and malware detection tools.
- Monitor network security. “Most of the attacks make noise but companies don’t detect them because they don’t monitor the security of their network,” Ganame adds.
With AI’s ability to process and analyze billions of bits of data almost instantaneously, it’s value will only grow. The manufacturing floor is being transformed by AI and cloud security will notice the presence. MSPs are increasingly onboard with AI, but there is plenty of room for growth.
In LogicMonitor’s recent report, “Future of the MSP Industry”, only a quarter of MSPs were planning to invest more money in AI over the next year. As COVID-19 is (hopefully) contained in 2021, look for the emergence of AI in a big way, and MSPs need to be ready.
Photo: metamorworks / Shutterstock