Cybersecurity in AI, including machine learning
“More recent attacks are written by well-funded and sophisticated criminal organizations that don't rely on human interaction."
Recently, the Board of Governors of the Federal Reserve System, CFPB, FDIC, NCUA and OCC released a request for information and comment on financial institutions’ use of artificial intelligence and machine learning.
The purpose of the RFI is to get an understanding or views on the use of AI by financial institutions in their provision of services to customers and for other business or operational purposes, appropriate governance, risk management, controls over AI and any challenges in developing, adopting and managing AI.
Financial institutions are exploring AI-based applications in a variety of fields: flagging unusual transactions, personalization of customer service, credit decisions, risk management and textual analysis. (For a deeper dive into these, please refer to the RFI at http://bit.ly/FedRFI.)
Cybersecurity is another key, if not critical, use case for AI and machine learning and, since this is a cyber article, I’ll focus on that.
A report by Norton showed that the global cost of a typical data breach recovery is $3.86 million. The report also indicates that companies need 196 days on average to recover from any data breach — another great reason to invest in AI.
"AI, machine learning and threat intelligence can recognize patterns in data to enable security systems to learn from past experience. Another value is it reduces incident response times and ensures alignment with security best practices. “AI may be used to detect threats and malicious activity, reveal attackers, identify compromised systems and support threat mitigation. Examples include real-time investigation of potential attacks, the use of behavior-based detection to collect network metadata, flagging and blocking of new ransomware and other malicious attacks, identifying compromised accounts and files involved in exfiltration and deep forensic analysis of malicious files.” — Federal Register
Cybersecurity threats have not only increased in recent years but also have changed in many ways.
We’re still seeing attack programs that were written because of human curiosity such as clicking on that link, downloading or opening malicious files or responding to a phishing scam. But more recent attacks are written by well-funded and sophisticated criminal organizations that don’t rely on human interaction.
The breadth and speed of attack adaption has also increased exponentially. Whereas the first attacks exploited software weaknesses found by hand and affected single computers, today’s attacks exploit weaknesses found automatically; are automatically propagated over the internet, packaged even by unsophisticated attackers; and affect computers, tablets, smartphones and other devices across the globe.
While adoption of AI and machine learning in cybersecurity is rising, it still remains confusing, at least for me. Am I using the right technologies? Am I fully utilizing the ones I have? How do we tie them altogether? Is automation the missing piece? Oh, and let’s not forget how our working conditions have changed. To me, it’s become clear that the tools that enable automation and productivity are very important.
But cybersecurity is only a small piece of the whole AI/machine learning puzzle. From the RFI, you can certainly understand how many different parts of our organizations can benefit but also how many different challenges it can bring.