Will Artificial Intelligence Save Us From the Next Cyberattack?
WHY YOU SHOULD CARE
Artificial intelligence and machine learning are helping tech companies battle cyberattacks with greater success than before.
By Molly Fosco
Employees at FedEx in the U.S., Telefónica in Spain and the National Health Service in the U.K. opened their work computers one day in May 2017 to find they no longer had access to thousands of crucial documents. A message appeared demanding payment in bitcoin to have them restored. The ransomware attack known as WannaCry afflicted more than 200,000 people in 150 countries, according to Europol, and was the largest of its kind in recent history. The threat of this sort of crippling data security breach has tech giants turning to artificial intelligence for solutions.
As online hackers increasingly use advanced technology for penetrative attacks, the companies that host our private information also are engaging the most advanced systems available in a bid to protect us. Microsoft, IBM and Cisco are among the many technology companies depending more than ever on machine learning and AI to defend their customers’ identities and data, around the clock and in real time.
Globally, nearly 2 billion data records were compromised in cyberattacks within the first six months of 2017, according to digital security provider Gemalto, and ransomware payments hit an astonishing $2 billion — twice as much as in 2016 — antivirus software firm Bitdefender found. Equifax, Yahoo and Uber are just a few of the major companies that have fallen victim to cybersecurity breaches in recent years. Individual victims can take years to recover.
There’s only so much a human can read and process.
Caleb Barlow, IBM Security
But the tech companies deploying AI to secure online networks are finding it increasingly useful in reducing — if not eliminating — the risks. Microsoft, which began using AI for digital security in 2012, blocked more than 1 billion malware messages using AI cyberdefense in 2017. While ransomware increased more than 350 percent between 2016 and 2017, Microsoft’s Office 365 has reached a 99.9 percent accuracy rate in detecting these attacks. Today, most of Microsoft’s fellow tech giants — including Salesforce, Amazon, Google, Facebook and Netflix — are also using AI to defend against online attacks, as are others throughout the tech industry, says Steve Dispensa, partner director of information and threat protection at Microsoft.
Cisco’s Security Business Group employs machine learning to study traffic patterns and user behavior, and draws conclusions about normal and non-normal behavior. For example, if you forget your password nine times and suddenly remember it on the 10th try, it would raise an alarm. Using AI and machine learning, Cisco’s security-research team, Talos, has been able to reduce the time to detection (TTD) rate for cyberattacks. Cisco’s median TTD of 4.6 hours from November 2016 to October 2017 was well below the median of 39 hours in 2016. Though it doesn’t currently track year-over-year growth, Talos prevented 7.2 trillion attacks last year.
IBM — one of the world’s largest tech companies, with 380,000 employees — began training and implementing its supercomputer, Watson, for use in cybersecurity in 2016. Its behavioral biometrics technology uses machine learning to track mouse movements in real time and combines the information with learned behavior patterns and fraud patterns to distinguish real users from threat actors. IBM also employs Watson to read thousands of security blogs and articles published each year to stay on top of trends. Watson has been able to find threats 60 times faster than manual investigations, and decreases complex analysis time from one hour to less than one minute.
“There’s only so much a human can read and process,” says Caleb Barlow, vice president of threat intelligence at IBM Security. “But AI can make those correlations and provide all of the details associated with a particular threat actor, campaign or motivation for an attack.”
At Microsoft, the company’s Cyber Defense Operations Center watches over its global cloud estate 24/7, and it has combined the expertise of its security personnel with advanced AI to detect and respond to threats in real time. Microsoft calls them cyber storm chasers — a nod, says Dispensa, to actual weather chasers, who, like cybersecurity researchers, predict threats to reduce their societal and economic impact.
AI and machine learning require massive amounts of data to be effective, and Microsoft is rare in the breadth of information it has access to. From Windows to Hotmail to Office 365, its advanced AI systems sift through all of these signals and combine them, making it easy for researchers to spot potential threats and shut them down immediately. The cyber storm chasers also connect this rich data set with news and intelligence reports from across the industry to further identify potential risks. Threats uncovered each day “show up immediately in our antivirus signatures, email protection and directly in our identity system where a user has become inadvertently compromised,” says Dispensa.
Even with all that data, AI systems and a dedicated team of cyber storm chasers, Microsoft software missed a security flaw that WannaCry hackers took advantage of in their ransomware attack. The National Security Agency discovered the flaw, and Microsoft immediately sent updates to correct the error. The flaw still left many systems vulnerable, but since then, Microsoft has further invested in its security efforts. “We use strategies such as periodic re-training, incorporating contextual information in our machine learning systems and augment it using best-in-class threat intelligence by our Cyber Defense Operations Center,” Dispensa says.
Helping organizations recover from an attack is just as critical as preventing them, Barlow of IBM says, and here too AI can help. “People don’t always have the decision-making capability to deal with cyberattacks, but AI can advise solutions,” he says.
AI and machine learning are still far from perfect, cautions TK Keanini, an engineer at Cisco’s Security Business Group. When they come to a conclusion, these technologies have gone above and beyond anything a human could possibly do to make that same determination. But what they won’t tell you is why. Not a big deal if your biggest problem is Netflix giving you crummy TV recommendations — “but if ML [machine learning] tells a security engineer she needs to take the CEO’s computer off the network because it’s exhibiting malicious activity,” Keanini says, “she better be able to explain why.”
Still, the growing threat of cyberattacks means AI security systems are more in demand than ever before. Twenty years ago, when Keanini went to a dinner party, no one was interested in hearing about his job as a cybersecurity engineer. Today, when new acquaintances learn he works in online security, their eyes light up. “Now they want to talk to me because something has happened to them — cyberattacks have touched every sector,” Keanini says. If his team and their peers at other tech giants have their way, those dinner conversations may soon turn to how those attacks have been successfully blocked.