In March 2019, Norsk Hydro, a Norwegian renewable energy and aluminum manufacturing company, faced a ransomware attack. Rather than paying the ransom, a cybersecurity team used artificial intelligence to identify the corruption in the computer system and rebuild the operations in an uncorrupted parallel system. LockerGoga ransomware was eventually identified as the culprit, which spread via Windows-based systems. While Norsk avoided paying the ransom, the attack still forced it to operate without computer systems for an extended period of time (weeks to months), while the security team isolated and scanned thousands of employee accounts for malicious activity.
Signature-based detection is an approach in which a unique identifier is established about a known threat so that it can be identified in the future. However, signature-based approaches require continuous updates that take time and effort to maintain. Next-generation artificial intelligence (AI) products learn proactively and identify changes in the networks, users, and databases through what is called data drift to adapt to specific threats as they evolve.
AI products are the linchpin of a multifaceted defense system that can be utilized in the background prophylactically, especially against unknown threats. Cyberattacks that make the evening news are usually the ones that end in disaster; it is hardly ever reported how AI could have prevented those attacks in the first place. In addition, cyberattacks that are contained or thwarted on a daily basis, while AI is ubiquitously at work, are almost never reported in the news because they happen so frequently.
Unfortunately, as a result of the lack of coverage on these “non-events” in public forums, most people don’t understand how AI makes an effective cyber defense achievable and not just theoretical. Here is what you should know.
Deep-Learning Next-Generation AI Tools
Data drift is a term used to measure changes in underlying data patterns. A typical example would be if an e-commerce business launched a new payment gateway to sell furniture. In this instance, BECS direct deposit might be a new financial term introduced in the business workflow. BECS, or Bulk Electronic Clearing System, governs how direct debits, automatic payments, bill payments, and direct credits work and how a range of bulk electronic transaction types are made between its participants.
Deep-learning AI models can detect the term and, with minimal human assistance, classify it as a financial transaction. Next-generation AI then can monitor financial transaction data flows and correlate the data accordingly, associating it with financial context and sensitivity.
The financial data monitoring can involve, for example, an application programming interface while the user checks out via online shopping cart or even general business flow. The advantage of the auto-detection approach is that a security team doesn’t need to be on the lookout for new vulnerability patches for these terms. Instead, the security team can rely on AI to recommend new data patterns and self-patch accordingly.
A successful effort to thwart phishing attacks that endangered Stanford University can be used as an illustration. WannaCry ransomware threatened campus systems, but the university’s self-patching AI software, in addition to its firewall protections and email security solutions, prevented the threats from successfully escalating.
Data transformers are one of the AI tools used to auto-discover and classify data patterns. A transformer model memorizes and tracks relationships between changes in data attributes to create contextual insights. It is similar in many ways to how a human brain works when reading a book. Although you often do not understand a character’s role in the story or their relationships with the other characters when they first appear, you gain that knowledge as the story develops.
Data transformers use attention-based mechanisms constantly learning in the same way to gain a greater understanding of networks, files, emails, etc., and how the content of data relate to and interact with each other to identify and classify malicious changes. The text is represented by mathematical datasets, which derive data representations that can be later used to quantify the changes in data as it is being processed by a transformer.
Deep-learning models can also be used for behavioral purpose classification, which assist security teams with efficiently identifying sensitive or harmful content. An AI transformer model uses its understanding of natural language to analyze email data it has never been exposed to, such as credit offers, lottery ticket promotions, employment offers, or COVID test results, in order to classify and identify malicious content. Similar mechanisms can be used to identify malicious content in documents containing employee health information even though the AI model had never analyzed any kind of healthcare data before. The transfer model proactively alerted security teams regarding the sharing of sensitive data before a breach occurred.
What This Means for Your Business
Not only is it important to ensure that cybersecurity systems are in place to defend against and prevent threats, but it’s also important to have the right one that synthesizes with your business’s needs. Manual document classification for documents, emails, and text messages is complex and requires technical expertise. Deep-learning transformers simplify those tasks, and if done right, can be leveraged efficiently to save costs and effort.
However, an AI model with incorrect settings can result in false positives, and in turn, generate too many alerts, creating headaches for security teams. As a result, one should always seek expert advice when selecting products with AI components. The next-gen AI tools will be able to automate your business processes with minimal setup, human intervention, rules, and policies.