Adopting AI for cybersecurity

As hybrid work setups, digital transformation, and AI (artificial intelligence) continue in 2023, the risk of cyberattacks remains high. And while these technological trends keep pushing forward, the amount of data created also soars exponentially. Cyber attackers see this transitory period as an opportunity to wreak havoc on computer networks, particularly targeting small- and medium-sized organizations.

Cyberattacks are getting more advanced and sophisticated. To improve an organization’s cybersecurity posture, we need more than human intervention. Organizations now need to leverage technologies that learn and improve, like AI, by analyzing historical data to identify new and future attacks. It can also help keep up with cybercriminals, automate threat detection, and respond more effectively and in a timely manner — better than conventional software or human intervention.

According to International Standards Organization ISO/IEC 27032:2012, cyberspace is a complex environment that results from the interaction between emerging technologies such as AI, people, and internet services, which are supported by physical and information communication technology (ICT) and connected networks that are distributed worldwide.

Today, a significant portion of internet traffic consists of dangerous bots, causing anything from account takeovers using stolen credentials to phone account creation and data fraud. Automated threats cannot be countered solely through manual responses, though. But with the aid of AI and machine learning, it is possible to differentiate between good bots (such as search engine crawlers) and bad bots, as well as between humans and website visitors.

Sophisticated algorithms are designed to detect malware, run pattern recognition, scan behavior analytics, and detect the lateral movements of malware before it enters a computer system. AI amplifies predictive analytics with natural language processing, which organizes data by scraping cyber threats from the internet. This provides intelligence on new anomalies, cyberattacks, and prevention strategies for combating cyberattacks.

Artificial intelligence-based cybersecurity systems offer the most updated information on regional and sector-specific threats, helping prioritize important decisions based not only on what can be used to attack systems, but also on what are most likely to do so. They can monitor network traffic and user activity in real time to detect malicious activity and act quickly. They also assist in compiling an IT asset inventory, which is a precise and thorough list of all the devices, users, and applications with various levels of access to different systems.

The algorithm is also able to forecast how and where you are most likely to be compromised, so resources can be directed to areas with the greatest vulnerabilities. Processes and controls can be set up and enhanced to strengthen cyber resilience, with the help of prescriptive analytics from an AI-based analysis. There are essential instruments for information and cyber security available on the market. One illustration is a system powered by artificial intelligence that reveals hidden data, normalized data volume, eliminates segregated visibility of security issues, and enhances analytics efficacy. When we look at AI-driven endpoint protection, it significantly adopts a different strategy by establishing the baseline behavior through a repeated training process.

And this is where AI comes in: anytime something strange happens, the AI systems notify users and take the necessary action, such as sending a warning to security operation analysts or even wiping the device clean after a malware attack.

These are four ways how AI operates in cybersecurity to secure your business:

1. Improved network security. Traditional network security has two time-intensive aspects: creating security policies and understanding the network topography of an organization. AI improves network security by learning network traffic patterns and recommending functional groupings for workloads and security policies.

2. Detection of cyberattacks. While traditional vulnerability databases are critical for managing and containing known vulnerabilities, AI and machine learning techniques such as User and Event Behavioral Analytics (UEBA) can analyze the baseline behavior of user accounts, endpoints and servers, and identify anomalous behavior that might signal a zero-day unknown attack. These can help protect organizations even before vulnerabilities are officially reported and patched.

3. Detection of low-level attack vectors. AI can be used to detect low-level attack vectors, inspect for domain and application configuration or logic errors, provide best practices for secure system operation, and monitor networks once the code has been developed. Because AI is widely used by commercial and government organizations, open-source software development gives a unique and high-impact opportunity for AI-based security improvements.

4. Identity management and access control. AI-based systems can learn from previous interactions and expected behavior of customers, and in turn decrease threats to biometric authentication systems. Of course, monitoring behavioral patterns may result in privacy violations so more research is required to develop techniques that consider the ethical and technical aspects of AI-assisted identity management.

In order to promote confidence and trust in artificial intelligence systems, always be honest about how the system arrived at a prognosis. It is important to be reminded that the usage of AI-based reasoning in human-loop systems can become more trustworthy. As an example, AI can be used to combat harmful internet bots. This can result in the deployment of more reliable AI-based cybersecurity solutions that can help with risk prioritization, incident response coordination, threat hunting, and early malware detection. 

The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of Isla Lipana & Co. The content is for general information purposes only, and should not be used as a substitute for specific advice.


Raquel Marasigan is a manager at the PricewaterhouseCoopers Consulting Services Philippines Co. Ltd., a member firm of the PwC network.

+63 (2) 8845-2728