The correlation between artificial intelligence (AI) and cybersecurity in the current IT landscape is divisive. Some cybersecurity experts and analysts believe AI will improve security and privacy for many, especially in the enterprise world. Others predict exactly the opposite: It will harm the industry, making it easier for hackers and the unscrupulous to carry out attacks. You cannot fully understand either side of this argument, however, without delving further into their supporting points.
The Argument for Artificial Intelligence in Cybersecurity
Regardless of how you feel about AI and automation, there’s one thing we can all agree on: The cybersecurity industry, in general, is not prepared for the rising demand. The workforce currently supporting the industry is finding it increasingly tougher to keep up, day in and day out.
There are many reasons for this, but the more important point is that this demand gap will grow, maybe even out of control. By 2021, experts estimate there will be 3.5 million unfilled cybersecurity opportunities globally. Those currently in the industry will have to pick up the slack either by working harder, working longer hours or running themselves into the ground — which isn’t reasonable. They need help, and they need it soon.
The average IT professional currently works about 52 hours a week, well more than the 40 hours of full-time employment most jobs expect. But how does this relate to cybersecurity? It’s simple. More necessary work, with fewer employees to handle it, results in an increasing gap in true security and higher risks for all businesses. A vulnerability hackers discover and exploit, for example, cannot be closed or protected if there are no professionals to handle the work.
Modern AI systems using advanced algorithms and machine learning techniques can respond to cybersecurity risks, not just quickly, but automatically over time. Imagine a system that continues to evolve and learn, becoming more powerful, more useful and more protective.
AI also offers the benefit of freed-up resources and time for industry professionals. With an automated system handling the tedious, rote tasks you would normally be doing, you have more time to invest elsewhere. Technology won’t make cybersecurity experts obsolete, but it will lessen the demand for larger teams.
The Argument Against Artificial Intelligence in CyberSecurity
Artificial intelligence and machine learning tools have amazing potential on the positive side of the spectrum, but they can be dastardly in the wrong hands. Imagine a system set up to analyze and predict keystrokes, stealing passwords and financial data. Alternatively, envision a system that embeds itself in a hidden directory and auto-runs a crypto-miner to leverage commercial hardware to extract popular crypto-currencies.
Phishing is another popular form of modern attack AI could revolutionize and automate. According to Dave Palmer, the director of technology at Darktrace, “spear phishing” will soon be “really, really good when machine learning is incorporated […] on the attacking side.”
An estimated 91 percent of cyber-attacks start with phishing. So it’s not a leap to believe that AI and machine learning will soon help improve these attacks, making them harder to detect and more lucrative to hackers.
One company even used an AI bot to troll email scammers, which provided some hilarious results. While lighthearted, and warranted in this case, imagine if the same sort of system was used to attack others via email, as opposed to offering some entertainment?
There Is No Winning Side
As it stands, both sides of this argument make valid points. It is concerning that the same technologies that will improve and enhance cybersecurity in the industry can also thwart it. Only time will tell which point is more accurate — or more influential.