Benefits and risks of AI for combatting cyberthreats

Michael See

June 12, 2024

While AI can reduce workload, provide new types of protection and increase adaptablity, it also entails new risks.

Cybersecurity solutions are constantly evolving to deal with emerging threats. The next step in this evolution is the adoption of highly specialized AI. As with any new technology, however, organizations need to consider the risks associated with this new technology.

Signature-based detection systems have historically been the standard when it comes to warding off cyberattacks. These systems compare known threat signatures in their database with incoming network traffic and create an alert when suspicious behaviour is detected. In most organizations, a security analyst will have to manually review many hundreds of alerts every day. A large number of false positives makes this a laborious process, and cyberthreats that don’t match the previous patterns can slip through the cracks undetected.

How can AI help an organization?

Security models based on AI can analyze huge amounts of data in a short period of time, spotting patterns and detecting unusual activity. This leads to multiple notable benefits:

• Reduced workload – AI cybersecurity software greatly reduces the number of alerts generated by the system. The cybersecurity team is able to focus on more complex, strategic work because they aren’t constantly overwhelmed by false positives. This makes the IT team more efficient, lowering operating costs for the organization.

• Better protection – AI is more likely to pick up new cyberattacks through pattern recognition when compared to a signature-based approach, which only detects threats that match those in its database. The speed of threat detection and response is very close to real-time, so hackers have less time to perform malicious activity if they do succeed in accessing the system.

• Greater adaptability – AI-based platforms allow the cybersecurity team to respond quickly to address an increase in potential threats or new behaviour on a network without the need for additional staff.

What are the tradeoffs of AI?

While AI-based cybersecurity software offers many benefits, it also comes with substantial risks.

• Data problems – AI models rely on the amount and quality of training data that they use to ‘learn’ about patterns of activity. A model trained with incomplete or inaccurate data may produce false positives or a false sense of security.

• Privacy concerns – The real-world data used to train AI models on traffic patterns needs to be protected by sufficient encryption to prevent its misuse.

• Resource consumption – AI tends to have a larger carbon footprint than conventional security solutions because it consumes a substantial amount of energy and water to power and cool the data processing systems.

AI works both ways

While organizations consider deploying AI cybersecurity software, cybercriminals are also adopting AI. The technology is likely to assist with malware and exploit development, vulnerability research and lateral movement, among other techniques. This will intensify cyber resilience challenges and increase the number of threats organizations face. One way for organizations to defend themselves is to fight fire with fire and adopt AI to counteract the new techniques and an increased number of attacks.

AI clearly brings both benefits and risks as a tool in cybersecurity. Yet, when used correctly, and alongside human experts, it is a tool that has the potential to provide protection to organizations who are currently facing an unprecedented cyber threat. Security must be a core requirement, not just in the development phase of an AI system, but throughout its lifecycle in order to minimize the associated risks.

Learn more about the risks associated with AI in Cybersecurity.