Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth, I'm the director of the Practice Identity and Access Management here at KuppingerCole Analysts. My guest today is again, and I'm really looking forward to that, Marina Iantorno, she's a Research Analyst with KuppingerCole Analysts. Hi, Marina.
Hi Matthias, thanks for having me here. I'm super happy to be back.
I'm happy to have you back. And we want to continue our discussion about cybersecurity and its relationship towards artificial intelligence slash machine learning. And the title for today is The Rise of AI is Revolutionizing Cyber Attacks. So this sounds really interesting. So when we are talking about cyber attacks, how is machine learning and how is actually changing cyber attacks? How are the attackers, the bad guys leveraging machine learning for attacks?
Well, what I would say is, what they try to do is actually exploiting systems and they try to find the network weaknesses. And they do this with a remarkable precision because they are using AI, right? So then the point is, with AI techniques and with machine learning, they can actually identify vulnerabilities in the system and they can execute different attacks that and they maximize the chances of success. Unfortunately, as we talk about AI for defenders or for cybersecurity professionals, it is also leveraging the attacks as well. So then the point here is AI is also enabling attackers to bypass traditional security measures. And they can have let's say, strategies that help them to behave, let's say as genuine users. And this is the main issue here. So it is very challenging for defenders sometimes to differentiate between regular and malicious activity nowadays.
Right. And why is this dangerous? What are the risks behind that?
Well, so we had a conversation now not long time back about the data and what is happening with the bias. So the issue here is that AI is working with data that we are using to train the models. And if there is even a minor modification in the data, it can produce fake results. You know, in the end, because of course, there will be a bias and the result will not be exactly what we want because the result that we get is according to the data that we use. Now, cyber criminals actually employ reverse engineering to access sensitive information, and then they use this data, these data sets to train the system. Because in the end, this is what they are doing, they are altering the original data that this is used. So then once they gain access, they can manipulate the system and they can do pretty much everything. For example, nowadays there is a tendency with the deepfakes and this is a big problem because, you know, when we think about data, people think only about a data set that maybe has, you know, some columns and rows and that's it. But the data can be in the form of an image, of a video, of audios. And then if the attackers have access to this data, they can create deepfakes and they can spread misinformation. So then it even could attract people to click on phishing links. So as you mentioned before, the chances to success are actually higher, you know.
Right. So these attackers are unhinged using these technologies that are around there. And we talked about regulation regarding the correct use of machine learning around that. But nevertheless, that seems to be quite a danger behind that when it comes to having many attackers and only a few defenders. Is there still hope for us defending against these AI powered cybercriminals?
Of course. Of course. So I know that the picture doesn't look really good when we start talking about what the attackers can do. But AI is also presenting a lot of possibilities, you know, for defenders. So we cannot say, Okay, no, there is no chance, there is no hope. Here, the point is that the AI is assisting, for example, defenders in threat identification, incident response, predictive threat intelligence. So here the main combination would be human expertise with AI technologies. And this is the way to actually gain this [...]. Because in the end, so what we need to remember is that attackers are using AI. So then if defenders that also using AI plus the supervision of humans. It means that this one would be the correct approach because, you know, humans can use their common sense, their logic, and they know the behavior of the users as well, of the system. So then we need to remember that while AI is very powerful and can mimic many different things according to the data that we use to train the machine, it is just a machine and it cannot really match the creativity of humans, you know. So then I would say that that this combination is actually helping nowadays and it helps defenders to be quicker, you know, in the responses, especially. Now, the other measures and that in place as well, that could be used for example, biometrics, using multi-factor authentication, passwordless authentication. So there are different tools that can be used to boost cybersecurity.
Right. These are the more traditional, although very modern ways of protecting just on a basis to say, okay, there is no way of getting into the system because we are protecting through MFA, as you mentioned. But I'm interested in this combination of this carbon based life form and this non-carbon based life from working together in protecting against AI driven cyber attacks. What could be more benefits and where are the areas of applicability?
Well, we need to think that machine learning is helping to detect things in real time. You know, so then if we can work with data that is coming in real time, so then the machine can detect different patterns and anomalies very fast and it provides even automated responses. So then if there are automated responses, so then the defenders can act very fast and efficiently, you know. So then this is actually the main point here. And AI also can assist in identifying new threats, you know, threats that are coming up because if there is something that is very different, there is creating a spike in, you know, in the data that they are used in or in the patterns that we are actually checking. Well, so then it will help organizations to be always one step ahead of the cybercriminals.
Right, and we as analysts, we always have to look at things from all sides. Do we add some criticality, some dangers by adding cybersecurity also into the defender seat to make sure that we understand that there might be issues also arising from having this combination of carbon and non-carbon based lifeforms?
Well, I would say that there are always limitations, right? So then we cannot use the technology on the way that we think without a limitation or a regulation. Now, the thing is, AI is bringing many, many different benefits and at the same time, there are different challenges, you know, that are coming with this. It is, you know, not everything is so perfect. So we have all the challenges that we have to face. Now, one of the challenges that we have is the possibility for fake results. You know, so if we have false positives or false negatives, so then we would have, for example, let's say, excessive alerts or maybe we can miss some threats, you know, from the perspective of an organization I'm talking. So the point is what is necessary is to use accurate information, accurate data to actually rely on the system. So then if we have precision in the data that we are using, then we can rely on the result or we can rely even better because remember, so the human supervision is always necessary because there are possibilities as well for the attackers to go into the data and make modifications. Now, there are also ethical considerations in place. But yes, you and I, we had a conversation recently about this, about the ethical issues and the need for privacy. So then, you know, organizations, if they're using sensitive data to train them all else and even to save cybersecurity security, it is important for them to be transparent with the users, right?
Absolutely. And I think this privacy issue is something that needs to be properly taken care of. But overall, I would assume that augmenting the human analyst, security analyst with AI technology in the end really improves the situation by handing over the heavy lifting to machine learning and then really leveraging the human analyst for the decision making processes. Would you agree, will there be benefits from that combination?
Yes, absolutely. Because, you know, I would say that one of the concerns is what happens if the machine is actually detecting all the threats or if we use just the machines to analyze what is happening at our cybersecurity system. But the point here is that AI came to augment human capabilities, so then this trends that we have is that we can use in an organization, the human expertise plus the domain of the knowledge, plus the critical judgment, plus the common sense, you know, along with what the machine is actually providing. So then just an AI system is not capable to actually think about all of it. And the good part is organizations are using AI to actually accompany defenders in the journey. And it is not just to replace them as it is commonly thought, you know.
Absolutely. And I said, those attackers, they are unhinged. They don't take care of any limitations. They just leverage the technology as is. This is different for us being the defenders against these attackers. We talked about that already. But I think that again, and you've mentioned that already, regulatory, legal implications, they need to be taken into account as well. So is this something that we already see and that is on the horizon for these solutions?
Well, So attackers, of course, they will not care about the legal implications, as you said, but the organizations, they must follow them. You know, so I know that it sounds unfair because, you know, on the one hand, we have the attackers, that are doing whatever they consider to actually succeed. And then on the other hand, we have organizations, that they must follow certain regulations. Now, the main aspect that we need to ensure here is that AI is used with responsibility, you know, so then transparency with the users, transparency in explaining the decision making process because sometimes it is very hard to explain what the algorithm did or why a decision was made. So then it is important to know what the algorithm is actually performing according to the data that was used. Having security measures in place and then I would say that always, you know, with the different parts that are you know, whose data is used to train the models. So then this is a responsible use of AI and always taking into consideration the regulations because of course, like the companies kind of go against that. You know, here in Europe we have the GDPR and in other regions there are other regulations in place. So then this is something that at the moment of training an AI model in cybersecurity, it is important to consider.
Right. But in the end, I don't want to have to sound like, attackers use AI, defenders, use AI. So it's a fight of AI versus AI on both sides. I think with this rise of AI attacks, are the other measures that organizations should look into, maybe some good old ones to take into consideration again, to improve their security posture?
Of course. Of course. So it is true that there is a kind of battle like AI versus AI plus, you know, the human interaction here in the middle. But at the same time, there are some good practices that were in place, you know, or are in place since a while. And we have to keep them going, especially from an organization perspective. For example, cybersecurity hygiene. This is very important, using a unique password for different websites or passwordless, or using the multi-factor authentication, updating the device. This is something very common. You know, in some organizations, maybe employees who are not really trained or they are not really aware, they don't actualize the system, they don't update the system, the device that they are using, and with old versions, it is actually easier for attackers to break in. So at the same time, the emails that we receive, you know, it is very common to receive emails that are, in the end, phishing. So then it is important to train people who are your organization to detect these things. Being in form is is crucial because the only thing that we need to be hacked or to be, you know, threat is being online. So once you are online, it is visible that you will suffer a kind of attack eventually, or at least attackers would try it, you know, So it’s the only thing that is needed. So then having a good cybersecurity training awareness in place and protecting the passwords, using passwordless, as I mentioned, access management. There are different tools that are in place. And of course, the use of AI is not replacing what was happening before, it’s actually giving us another solution, let's say, or another possibility to act faster.
Right. And if an unconscious user, an untrained user, clicks on a malicious link, in the end, it doesn't matter if it was generated by a person or by a machine learning system. It's a threat and it needs to be detected. And that can be also countered by training. We're finally almost through. Are there some final words that you want to add before we close down?
Yes, we will be talking about this topic at our event in Frankfurt, cyberevolution. So it would be great to have our audience there, because it is a great place to listen to different speakers. We always have amazing speakers in our conferences. And the preliminary agenda is already online and it is a place where people can actually boost their networking and talk to other professionals, getting to know other companies as well that are in the industry. And you and I will be there, so then we are also looking forward to meeting our audience there.
Absolutely. And I think communication, getting in touch with other professionals, with other peers is really essential. Be it at cyberevolution, be it somewhere else. I would prefer cyberevolution and see you there and see you there, Marina, again. Thank you again for taking the time, for giving your insight, this time for AI, for cyber attackers on how to deal with that. And it does not necessarily have to be machine learning that helps you protecting, but it might be one additional weapon to choose from. Thanks again, Marina, for being my guest today.
Matthias, it was my pleasure. Have a great day.
My pleasure. And have a great day as well. Bye bye.
