Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 87% of US cybersecurity professionals report that their organizations are currently using AI as part of their cybersecurity strategy. -Webroot, 2017
- 91% of cybersecurity professionals are concerned about hackers using AI against companies in cyberattacks. -Webroot, 2017
More than 90% of cybersecurity professionals are concerned that hackers will use artificial intelligence (AI) in cyberattacks against their company that are more sophisticated and harder to detect, according to a new report from Webroot.
AI has already proven to be both a benefit and a threat on the cybersecurity front: While the technology can help companies fill cybersecurity skills gaps and safeguard data, it also gives hackers a new tool for attack. In August, researchers created an AI that could modify malware to bypass machine learning antivirus software. Common cyberattacks such as phishing also become much more effective when they are powered by AI, according to ZDNet.
Webroot surveyed 400 cybersecurity professionals at companies with 100 or more employees in the US and Japan. The US is an early adopter of AI for cybersecurity, Webroot found: 87% of US cybersecurity professionals report that their companies are currently using AI as part of their cybersecurity strategy. Further, three-quarters of cyber pros surveyed said they believe that, within the next three years, their organization will not be able to protect digital assets without using AI.
SEE: Information security incident reporting policy (Tech Pro Research)
Virtually all cybersecurity professionals (99%) said they believe AI could improve their organization's cybersecurity overall, including by identifying threats that would have otherwise been missed, and reducing the rate of false positives, Webroot found. And 97% of these workers said their company has plans to increase budgets for AI and machine learning tools within the next three years.
"There is no doubt about AI being the future of security as the sheer volume of threats is becoming very difficult to track by humans alone," Hal Lonas, CTO of Webroot, said in a press release. "We stress to organizations the importance of a contextual view of threats that also incorporates visibility and data points from networks, endpoints, and human threat researchers to derive the most accurate cyber risk assessment. As the results reveal, AI is here to stay and it will have a large impact on security strategies moving forward."
Webroot offers the following four tips for organizations to incorporate AI and machine learning technologies:
1. Hire and develop AI/machine learning experts. Despite popular belief, these technologies cannot replace humans, and using them requires human training and oversight.
2. Think outside the box. As cybercriminals continue to use AI and machine learning to develop more advanced threats, cyber professionals must think creatively to stay ahead of the new risks. Machines can automate manual tasks and help free up human workers to have more time to think about new ways to identify threats and solve problems.
3. Learn from your mistakes. Getting breached is more a matter of "when" than "if." Companies should take an attitude of learning from their cyber mistakes by gaining greater understanding of threats and how to respond next time.
4. Automate. Deploy AI and machine learning-based tech to help with tasks like policy enforcement, blocking malicious files and IPs, and protecting against phishing attacks. "Machine learning won't replace human intelligence, but can be used to automate and speed up security operations and repetitive tasks," according to the release.
- 62% of cybersecurity experts believe AI will be weaponized in next year (TechRepublic)
- Security considerations for the AI era (ZDNet)
- IoT, encryption, and AI lead top security trends for 2017 (TechRepublic)
- Artificial intelligence and machine learning offer new possibilities for improving IoT security (ZDNet)
- Machine learning: The smart person's guide (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.