SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
AI, machine learning effective in cyber defence, but can also present challenges
Thu, 28th Jan 2021
FYI, this story is more than a year old

Artificial Intelligence can play an effective part in a cyber defence strategy, but can also present challenges to the user, according to Oliver Paterson, product expert at VIPRE Security Awareness Training and SafeSend.

The cybersecurity landscape is continuing to evolve as cyber criminals become ever more sophisticated, and digital security tools are accelerating to mitigate the risks as much as possible.

Paterson says 2020 presented even more opportunities for hackers to strike.

"For example, using email phishing scams such as purporting to be authentic PPE providers, or from HMRC to dupe unsuspecting victims. More recently we have seen how phishers are now using the vaccine rollout to trick people into paying for fake vaccines," he says.

Artificial Intelligence and Machine learning have been heralded as innovative technologies to help thwart evolving exploits and are a key part of any cyber security arsenal.

But Paterson says AI is not necessarily the right tool for every job.

"Humans are still able to perform intricate decision making far better than machines, especially when it comes to determining what data is safe to send outside of the organisation.

"As such, relying on AI for this decision making can cause issues, or worse, lead to leaked data if the AI is not mature enough to fully grasp what is sensitive and what is not," he says.

Spotting similarities

According to Paterson, one of the primary challenges for AI to mitigate the risk from accidental insider breaches is being able to spot similarities between documents or knowing if it is ok to send a particular document to a specific person.

"Company templates such as invoices appear to be very similar each time they are sent, with minor differences that typically Machine learning and AI fail to pick up," Paterson says.

"The technology will register the document as it usually would, despite there being very few differences in the numbers or words used, and would typically allow the user to send the attachment. Whereas in this example, a human would know which invoice or sales quote should be sent to which customer or prospect," he explains.

Deploying AI for this purpose in a large corporation would likely only stop a small proportion of emails from being sent.

"But even when the AI detects an issue to flag, it will alert the administration team rather than the user," Paterson says.

"This is because if the AI believes that the email shouldn't be sent, it doesn't want the user to override it and send the email anyway. This can therefore become an additional burden for the admin team and cause frustration for the user at the same time."

Data storage

"AI can also be very data-intensive when used for this defence strategy. This is due to the fact that in this setup, every email must be sent to an external system, off-site, to be analysed," Paterson says.

"Especially for industries that deal with highly sensitive information, the fact that their data is going somewhere else to be scanned is a concern.

"Moreover, with Machine learning, the technology has to keep a part of this sensitive information in order to learn rules from it and use it again and again, to make an accurate decision the next time," he says.

"Given the Machine learning nature of these types of solutions, they cannot work straight off the shelf, but have a learning phase that lasts a few months, and therefore cannot provide instant security controls."

Paterson says a lot of companies, especially at enterprise-level, are not comfortable with their sensitive data being sent elsewhere.

"The last thing they want is it being stored off-site, even if it is just for analysis. AI, therefore, adds an unnecessary and unwanted element of risk to sensitive material."

The role of AI in cybersecurity

Paterson says AI does have a critical role to play in many elements of a business' cyber defence strategy.

"Antivirus technology, for example, operates a strict ‘yes or no' policy as to whether a file is potentially malicious or not. It's not subjective, through a strict level of parameters, something is either considered a threat, or not." he says.

"The AI can quickly determine whether it's going to crash the device, lock the machine, take down the network and as such, it is either removed or allowed.

"It is important to note that VIPRE uses AI and ML as key components in their email and endpoint security services for example as part of their email security attachment sandboxing solution where an email attachment is opened and tested by AI in an isolated environment away from a customer's network," Paterson adds.

"So while AI might not be an ideal method for preventing accidental data leakage through email, it does have an important part to play in specific areas such as virus detection, sandboxing and threat analysis."

Paterson says with so much reliance on email within business practices, accidental data leakage is an inevitable risk.

"The implications of reputational impact, compliance breach and associated financial damage can be devastating. A cyber-aware culture with continuous training is essential, and so is the right technology," he says.

According to Paterson, providing a technology that alerts users when they are potentially about to make a mistake – either by sending an email to the wrong person or sharing sensitive data about the company, its customers or staff – not only minimises errors, it helps to create a better email culture.

"Mistakes are easily made in a fast-paced, pressured working environment – especially with the increase in home working not providing the immediate peer review that many are used to," he says.

"But rather than leaving this responsibility to Artificial Intelligence, this type of technology, combined with trained human insight, can enable users to make more informed decisions about the nature and legitimacy of their email before acting on it.

"Ultimately, supporting organisations to mitigate against this high-risk element of business, and reinforcing compliance credentials through a cyber-aware culture."