With more companies than ever using software to streamline business operations and accounts, as well as automate tasks and communicate with customers, suppliers, and partners, the conversation of cybersecurity has become frequent in the business landscape. With new tools being made available for static application security testing, as well as SBOM and firewall installation, the fight against cybersecurity has only been improving.
But another conversation that has gained its voice is centred all around artificial intelligence. Over the last couple of years, developments in artificial intelligence have been positive, which has led AI products to be used by several industries for a number of different purposes.
AI And Cybersecurity
For cybersecurity, AI has been a game changer. AI can now detect unknown malware and use machine learning to not only recognise but eliminate potential threats. With cybersecurity being all about consistency, AI offers a way for businesses to remain consistent in their fight against hackers, protecting them against the seismic damage that a successful cyber attack can achieve.
But it isn’t all good news. As AI has grown, so too have concerns about what it can be used for. For instance, while AI can be taught to monitor, identify, and detect attacks, it can also be taught to make those attacks if it falls into the wrong hands. Without any indication of right or wrong – for all of AI’s incredible abilities, it is still a machine with an algorithm – the technology behind AI can always be adopted by people looking to improve upon the cyber attacks, and not the cyber security.
The Concept Of AI Cyberwarfare
This has led many people to discuss and debate the concept of “AI cyberwarfare”. As mentioned before, if AI development continues to improve, it will only be a matter of time before hackers use it to launch targeted attacks.
If this seems a little hard to believe, take into account what AI can do to protect against cyber attacks – detecting network vulnerabilities, learning more about these vulnerabilities, how they might be attacked, and how to prevent such attacks. If you take into account what AI is doing, the process of recognising vulnerabilities can be used the other way around, with machine learning algorithms then used to exploit these vulnerabilities and create more affecting phishing methods and codes.
In this way, we could eventually have a situation where AI is fighting against AI – while businesses launch AI-based protection systems, attackers will launch systems to break into them, and the battle of cybersecurity will go on as both algorithms use machine learning to understand the other and find new avenues in their decimation.
This has already been demonstrated. As early as 2018, IBM discovered the malware strain known as “DeepLocker”, which used AI malware to identify targets while remaining undetected. The security measures that were being used at the time found it difficult to respond to these attacks, and as AI technology improves, the response will only become more and more difficult.
What Can Businesses Do?
If the outlook seems pretty bleak, it’s important to remember the tools already available in the fight for cybersecurity, those of which are only going to get better. According to recent studies, the market for cybersecurity AI will grow by 23% annually after 2023, with an estimated $38.2 billion being reached by 2026. But even outside of the AI world, businesses have the tools available to create strong networks that are well-built and protected.
We mentioned earlier about SAST. This has been a central part of security efforts since 2007 – according to a 2022 report, it was found that the lack of application security was the leading course of external breaches – but many companies use SAST for compliance and have failed to update from their traditional tools.
If AI is being seen as a next-gen tool for cyberattacks, then organisations need next-gen tools to fight against it. New SAST tools can cover 100% of software, helping to analyse source code to spot the vulnerabilities before attackers do. But whether it’s SASTs to analyse source code, SBOMs to provide transparency, or the latest firewalls to fend off attacks, there are plenty of avenues that businesses can take to ensure that their software is built to withstand infiltration.
The Future Of Cybersecurity
The important thing is that businesses do everything they can to comply and ensure that the protection is there. This is especially true for small companies. According to the latest data, as many as 60% of SMEs go out of business within six months of a cyber attack. If a cybercriminal successfully enters a network, the outlook for any company is not a positive one.
With the growth of AI, the future of cybersecurity has both warped and remained the same. At the moment, the latest tools in cybersecurity have ensured that software are more protected than ever, but the sophistication of cyber-attacks has ensured that the threat matches the progress.
With AI now firmly in the picture, this theme looks set to continue, with more businesses utilising AI technology to aid their systems and attackers using it to break them. The important thing is that businesses do everything they can to keep up to date with the latest security developments and make sure they are on firm ground in the difficult digital ecosystem.