Cybersecurity & Artificial Intelligence Trends from 2018

  • Bradley Hayes, Chief Technology Officer
  • December 19, 2018

Worsening employee cybersecurity habits and the need for organization-wide cybersecurity literacy.

A study conducted by SailPoint reported that nearly 75% of employees engage in password re-use across accounts, as opposed to just over half four years ago. Nearly half of people surveyed admitted to sharing passwords across personal and work accounts. Part of this is being driven by employees seeing IT practices as inconvenient, as they seek circumvention in favor of personal efficiency.

Public awareness of cybersecurity issues is increasing.

Cybercrime making it into mainstream news headlines has also raised public awareness of its challenges, dangers, and impacts. An increased prevalence of ransomware, such as “cryptojacking” software, has been spurred by the relative ease of orchestrating difficult to trace ransom payments and increasing malware availability.

Artificial Intelligence is being used to enable personalized attacks at-scale.

Attackers are gaining access to troves of personal data to use for increasing threat effectiveness. By combining increasingly sophisticated AI techniques for language understanding with the scraping of publicly available, indexed data, it is becoming far easier for malicious actors to generate increasingly authentic, personalized attacks. As a result, large-scale personalized threats have a lower barrier to entry than ever before.

Artificial Intelligence provides a force multiplier for offensive capabilities.

Machine learning models provide a general mechanism for organization-tailored obscuring of malicious intent, enabling adversaries to disguise their network traffic or even on-system behavior to look more typical to evade detection. In addition to enhancing data exfiltration capabilities, these techniques provide the capability to continually model and adapt to their environment even after deployment, enabling them to persist undetected for longer and potentially infiltrate deeper into organizations.

Artificial Intelligence provides a necessary force multiplier for defensive operations.

Increasing system complexity, endpoint vulnerability, and attack sophistication have expanded the available attack surface in a manner that has left traditional monitoring techniques ineffective. Particularly in a world of increasingly intelligent threats and well-resourced actors, the only cost-efficient and scalable mechanisms for detection and remediation are quickly becoming artificially intelligent systems with the ability to sift through largely unstructured data, identify malicious behavior over potentially long time horizons, and dynamically respond. We’re seeing proof that applications of AI to both local-machine and organization-wide event monitoring can correlate observations to provide root cause analyses and incident investigations beyond traditional analyst capabilities on superhuman timescales.

Perhaps the most important trend over the past year has been the industry’s continued realization and acceptance of a coming arms race between AI-enhanced dynamic threats and AI-enhanced adaptive defenses. 

Artificial Intelligence is not a cure-all.

While AI has deservedly received substantial hype within the cybersecurity realm and beyond, there still exists a substantial gap between algorithm deployment and successful application. To that end, continuing education is still critical for cybersecurity professionals to be able to leverage, collaborate through, and engage with these technologies to form a basis for effective defense: providing AI-enhanced tools with the knowledge and data they need to operate and engaging appropriate levels of trust and reliance in their capability (both in terms of detection and response) to make them a formidable component of a modern defensive cybersecurity strategy.