Threat actors are improving their attacks by leveraging artificial intelligence (AI) in every way. AI makes every attack from deepfakes to credential stuffing cheaper, better, and faster. The good news is that the security industry also has access to AI capabilities, and AI-enhanced security solutions have been available for years. Generative AI (GenAI) and Large Language Models (LLMs) like ChatGPT are subsets of AI that have made AI capabilities available to a larger consumer group. You no longer have to work in technology to use AI. Now you can create images, write stories, conduct research, and even play some old-school role-playing games using ChatGPT. This democratization of AI via consumer-grade applications has elevated the concept of artificial intelligence into a mainstream issue. One of the most discussed issues is the role of AI in the workforce. Can some AI-enhanced machine take your job? How many workers will AI displace?
Welcoming AI
The role of artificial intelligence alongside human labor can be a controversial subject, but in the realm of cybersecurity, AI is most welcome. Machine learning and other types of AI are already baked into most security solutions that protect us today. All Barracuda security and data protection solutions have multiple functions with integrated machine learning and other types of AI. Evaluating and acting on all the data and events generated by hundreds of thousands of deployments is impossible. Recognizing patterns within all that data is impossible for most humans. AI improves automation and security readiness by keeping pace with advanced and emerging threats more effectively than a team of security professionals.
AI can ease the burden on security teams, but despite all its promise, AI cannot replace human experts. Security analysts and other technologists are necessary to find the meaning behind AI output, drive progress on AI development, and help stakeholders understand threat activities and security posture.
With that in mind, Barracuda experts have identified five areas they believe will benefit the most from AI enhancement in the next few years. Our new e-book, “Securing tomorrow: A CISO’s guide to the role of AI in cybersecurity,” has more details on these topics.
Adaptive threat detection
When we speak of threat detection in cybersecurity, we’re referring to the process of identifying security threats and malicious activities. AI-enhanced threat detection monitors activities and analyzes the data and events generated by the relevant systems. Pattern recognition capabilities can identify these activities faster than humans, and AI-driven threat intelligence can inform the system of emerging threats. Threat actors will find new ways to advance their AI-enhanced attacks, and AI-powered defenses will meet them wherever they are. Threat actors and cybersecurity professionals train their AI models against each other. We covered this type of training in our post on malware generation.
AI-driven autonomous security systems
These systems use AI to detect, analyze, and respond to cyber threats without human intervention. They have contributed significantly to the field of security and incident response because they simulate the decision-making processes of human analysts. By leveraging machine learning, deep learning, and other AI technologies, these systems can continuously monitor and protect IT environments in real time.
Experts predict that autonomous security systems will become more common because of the growing complexity of cyberthreats. Advanced AI solutions are the only defense against the volume and sophistication of cyberattacks.
Federated learning for threat intelligence
Federated learning is a machine learning technique where multiple decentralized entities train a shared model collaboratively without exchanging local data. Training occurs on each local dataset, and the entity only shares the model updates with the central server. This ensures sensitive data remains on the user’s device, and the central server never stores much raw data. The following image illustrates the difference between centralized and federated learning systems:
Federated learning also uses advanced encryption techniques to ensure that the data remains secure.
Sharing threat intelligence across the security community improves detection and response times and helps companies allocate resources according to the most relevant threat. The adoption of federated learning will continue to grow as companies seek to reduce the risks associated with the sharing and transmission of data.
Behavioral biometrics for authentication
Behavioral biometrics use AI and machine learning to analyze patterns in human behavior to identify or authenticate users. This technology focuses on how users interact with devices and systems, such as keystroke dynamics, mouse movements, and touchscreen interactions. Unlike fingerprint authentication or facial recognition, behavioral biometrics continuously monitors user behavior in the background without user interaction.
This technology continues to advance, but there are some challenges to widespread adoption. There are no industry-wide standards or clear guidelines on the collection and use of behavioral biometric data. End users may also be reluctant to use behavioral biometric authentication because of the privacy implications. Despite the potential hurdles, this type of authentication will continue to grow. Behavioral patterns are extremely difficult to steal or replicate, which makes behavioral biometrics authentication a powerful defense mechanism against unauthorized access and fraud.
Cybersecurity skills shortage improvement
There is a significant gap between the demand for qualified cybersecurity professionals and the qualified, available workforce. Cybersecurity Ventures expects the global cyber workforce shortfall to be approximately 3.5 million by 2025. This shortage affects organizations across all economic sectors and critical infrastructure. It is challenging for many companies to staff security teams that can fully protect the organization.
Getting the most from AI in cybersecurity requires integrating AI and human expertise. AI technologies can increase the productivity, accuracy, and capacity of security teams and cybersecurity. It cannot fill the skills gap, but it can support the current workforce while improving defenses. Human analysts provide an understanding of the broader context, considering factors like company operations or attacker motivations into account. Security analysts are also responsible for ensuring that AI-driven activity complies with applicable regulations and the company’s values and directives.
Did you know…
According to a recent report from Barracuda and the Ponemon Institute, 50% of IT pros expect to see an increase in attacks because of AI. Get the details on this and a lot more in our new e-book, Securing tomorrow: A CISO’s guide to the role of AI in cybersecurity. This e-book explores security risks and exposes the vulnerabilities that cybercriminals exploit with AI to scale up their attacks and improve their success rates. Get your free copy of the e-book right now and see all the latest threats, data, analysis, and solutions for yourself.
Originally published on Journey Notes.
Photo: Sarayut Sridee / Shutterstock