Maksim Kabakou - Fotolia

Security Think Tank: Business should assess where to use AI to sniff out smart malware

How can businesses best prepare their cyber defences in light of the fact that attackers are increasingly using malware designed to evade detection and analysis?

New and smarter generations of malware are being developed and deployed by cyber criminals, forcing organisations to constantly adapt and improve their defences.

Even organisations with a high level of cyber security defences find this environment challenging, as threats increase in number and variety, and attackers improve their tactics, techniques and procedures at a pace faster than most can keep up with. 

One example of increasing sophistication comes from a recent version of malware affecting smart phones, which disappears from the list of installed apps on the user’s device after installation and launch, and requests the device’s admin rights to make it harder for antivirus software to detect.

Given the technical and human challenges of defending against malware, what can organisations do to improve their defences and reduce the number and severity of data breaches, and the financial fraud and reputational damage that result from successful attacks?

Much of the problem arises from the fact that current generation security tools are only as good as the use cases and rules they can manage. These are drawn from selected experts’ knowledge, leaving ‘known unknowns’ and ‘unknown unknowns’ uncovered. 

To address this challenge, artificial intelligence (AI)-based security tools are being used to close the gap between ‘known’ and ‘unknown’, and identify anomalous behaviour without previous knowledge of what is good or bad.

These tools either complement or supplement traditional methods of preventing high-impact incidents by humans, and are being tested in a variety of areas, including insider threat and privileged user monitoring, external breach detection and internet of things (IoT) protection.

Machine learning (or self-learning) is part of the broader field of AI, and these algorithms are mature enough to play a role in identifying user, entity and network outliers and helping to search for threats targeting the organisations, for example.

This searching, often referred to as ‘threat hunting’, proactively detects and responds to threats that evade traditional rule- or signature-based security systems. A growing number of organisations are now implementing this.

The only guarantee for organisations is that criminals will continue to innovate and seek ways to profit from illegal activity. Managing these risks will not be easy and will require difficult trade-offs with other areas of business risk.

Organisations will have to identify areas of the business where the human presence is a liability, as opposed to a failsafe. It is here where AI and machine learning can enhance or take on tasks typically done by humans.

Sometimes a human presence will be necessary to achieve the desired level of cyber security, but in a growing number of areas, AI and machine learning will be called on to shoulder an increasing proportion of the workload. 

Massimo Cotrozzi leads the cyber security engineering and architecture team at Deloitte UK.

Read more on Hackers and cybercrime prevention