Companies and public sector organisations say they have no choice but to automate their cyber defences as hacking become increasingly sophisticated.
Security professionals can no longer keep pace with the volume and sophistication of attacks on computer systems.
In a study of 850 security professionals across 10 countries, more than half said their organisations are overwhelmed with data.
So they are turning to machine-learning technologies that can identify cyber attacks by analysing huge quantities of network data and have the potential to block attacks automatically.
By 2020, two out of three companies plan to deploy cyber security defences incorporating machine learning and other forms of artificial intelligence (AI), according to the Capgemini study, Reinventing cyber security with artificial intelligence .
The technology will alert cyber-security analysts to the data they really need to look at, freeing them up from detailed data analysis so that can respond to attacks more effectively, said Richard Starnes , chief security strategist at Capgemini UK.
“The networks are getting so complicated, and there is so much noise coming in, that we have to have some sort of mechanism for coming right down and getting human eyes on what actually matters, rather than a bank of security analysts shifting minutia,” said Starnes.
Cyber security teams are in an arms race with hackers who are using automated attacks that can propagate at speeds that cyber security specialists cannot keep up with without automation, he said. “Cyber criminals are starting to use machine learning and AI, particularly phishing, because they can produce very well-scripted attacks and automate them” Richard Starnes, Capgemini For example, hackers are using machine learning technologies to send out spear-phishing tweets – which attempt to trick people into disclosing sensitive information – six times faster and with twice the success rate that humans can achieve.
“Cyber criminals are starting to use machine learning and AI, particularly phishing, because they can produce very well-scripted phishing attacks and automate them with machine learning to very quickly fire out campaigns that are better than their human counterparts,” said Starnes.
Security specialists have reported an increase in the number of attacks that require an immediate response to prevent serious security breaches, including attacks on safety-critical systems.
In one case, hackers were able to access the GPS tracker apps in 27,000 vehicles, enabling the attackers to shut down the engines of vehicles while they were in motion.
In another case, an attack on a Japanese manufacturer led to the partial shutdown of production lines for three days, cutting output by 50%.
In the survey, 69% of organisations said they will not be able to respond to critical threats without automating their cyber defences.
About half said they plan to increase their budgets for AI spending by 29% in 2020, while one in 10 plan to increase their budget by more than 40%.
The first applications of machine learning will be in network security, data security and endpoint security, the research suggests. Capgemini Organisations will be able to use intelligent algorithms to filter huge quantities of data and alert cyber security analysts only to the data that matters.
“It will give you the ability to get human eyes on attacks that are actual attacks,” said Starnes. “It is a noise-levelling exercise.”
Organisations are using AI techniques to identify cyber threats, for example by using behavioural analysis to detect anomalies.
More than one-third use AI to predict cyber threats, allowing cyber security analysts to take pre-emptive action to protect their systems before attacks happen.
However, security systems still have some way to go before they can respond automatically to cyber threats. Most systems are rules-based, rather than self-learning, but they can reduce the time taken to create a virtual patch for a security vulnerability.
For example US retailer Avenue is using machine learning to protect its website and apps from botnets after attackers used stolen logins and passwords to place fraudulent orders on customers’ accounts.
The company’s bot-defender technology can tell the difference between normal and anomalous behaviour and can shut down attacks.
One of the most important benefits of AI-based cyber security is that it will give cyber security analysts more time to focus on protecting their organisations.
Starnes said cyber analysts spend “considerable time” going through data logs and incident timesheets, but in future, these processes will be increasingly automated.
With skilled cyber security analysts in short supply, AI techniques will become necessary to keep costs manageable for organisations as the volume of attacks continues to rise, he said.
“The skillset for cyber security is at a massive premium,” said Starnes. “When you can hire people, they cost you an absolute fortune. We need to make the economics of cyber security work for companies – and that involves getting these analysts with their eyes on stuff that matters.”
John Meakin, interim CISO, GSK: “We have seen a gradual but steady increase in threat levels. This is represented by definable attempts at intrusion theft, with the occasional apparent service continuity attack.”
Terrell Johnson, manager of systems and networks, Sunsweet: “We are now finding anomalies in real time that would have taken us weeks, or even months, to find our own.”
Stephen Schmidt, CISO, Amazon Web Services: “Currently, response processes tend to be very rule-based. We will get better when the response platforms can take a generic input and produce a broader output. For example, if you see an attack against one machine, then respond by blocking that attacker on all machines that are similarly situated.”
Oliver Scherer, CISO, MediaMarktSaturn Retail Group: “AI offers huge opportunities for cyber security. This is because you move from detection, manual reaction and remediation towards automated remediation, which organisations would like to achieve in the next five years.”
Agustin Valencia, head of OT cyber security, Iberdrola: “Cyber security will require a significant workforce with deep domain knowledge. AI will support analysts in joining the dots, using good data to analyse the potential threat.”
Cole Sinkford, CISO, GE Renewable Energy: “There are so many basic things that are the building blocks of cyber security that you need to have in place before you start talking about really advanced things like AI.”
Laura Barrowman, CTO, Credit Suisse: “Cyber is not just about the technical skills, it is about the knowledge of the organisation. You cannot protect something if you don’t know how it works.”