The threat of cybercrime to businesses is rising fast. According to one estimate, by McAfee, the damages associated with cybercrime now stands at over $400 billion, up from $250 billion two years ago, with the costs incurred by UK business also running in the billions. In a bid to stave off e-criminals, organisations are increasingly investing in ramping up their digital frontiers and security protocols, however, many are still put off by the costs, or by the bewildering range of tools and services available. The following is a list of reasons why investing in cybersecurity is a sensible decision to make.

1. Rising cost of security breaches

The fact is that cyberattacks can be extremely expensive for businesses to endure. Recent statistics have suggested that the average cost of a data breach at a larger UK firm is £20,000. But this actually underestimates the real expense of an attack against a company. It is not just the financial damage suffered by the business or the cost of remediation; a data breach can also inflict untold reputational damage.

Suffering a cyberattack can cause customers to lose trust in a business and spend their money elsewhere. Additionally, having a reputation for poor security can also lead to a failure to win new contracts.

2. Increasingly sophisticated and organised hackers

Almost every business has a website and externally exposed systems that could provide criminals with entry points into internal networks. Hackers have a lot to gain from successful data breaches, and there are countless examples of well-funded and coordinated cyber-attacks against some of the largest companies in the UK. Ironically, even Deloitte, the globe’s largest cybersecurity consultant, was itself rocked by an attack in October last year.

With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and implement controls that help them to detect and respond to malicious activity before it causes damage and disruption.

3. Widely available hacking tools

While well-funded and highly skilled hackers pose a significant risk to your business, the wide availability of hacking tools and programmes on the internet also means there is also a growing threat from less skilled individuals. The commercialisation of cybercrime has made it easy for anyone to obtain the resources they need to launch damaging attacks, such as ransomware and cryptomining.

4. A proliferation of IoT devices

More smart devices than ever are connected to the internet. These are known as Internet of Things, or IoT, devices and are increasingly common in homes and offices. On the surface, these devices can simplify and speed up tasks, as well as offer greater levels of control and accessibility. There proliferation, however, presents a problem.

If not managed properly, each IoT device that is connected to the internet could provide cyber criminals with a way into a business. IT services giant Cisco estimates there will be 27.1 billion connected devices globally by 2021 – so this problem will only worsen with time. With use of IoT devices potentially introducing a wide range of security weaknesses, it is wise to conduct regular vulnerability assessments to help identify and address risks presented by these assets.

5. Tighter regulations

It is not just criminal attacks that mean businesses need to be more invested in cyber security than ever before. The introduction of regulations such as the GDPR means that organisations need to take security more seriously than ever, or face heavy fines.

The GDPR has been introduced by the EU to force organisations into to taking better care of the personal data they hold. Among the requirements of the GDPR is the need for organisations to implement appropriate technical and organisational measures to protect personal data, regularly review controls, plus detect, investigate and report breaches.

The growing and evolving cyber security risk facing global businesses can be stemmed by the integration of AI into security systems 

Hyper-connected workplaces and the growth of cloud and mobile technologies have sparked a chain reaction when it comes to security risks. The vast volume of connected devices feeding into networks provide a dream scenario for cyber criminals — new and plentiful access points to target. Further, security on these access points is often deficient.

For businesses, the desire to leverage IoT is tempered by the latest mega breach or DDoS attack creating splashy headlines and causing concern.

However, the convenience and automation IoT affords means it isn’t an ephemeral trend. Businesses need to look to new technologies, like AI, to effectively protect their customers as they broaden their perimeter.

The question becomes, how can enterprises work with, and not against, artificial intelligence?

>See also: How AI has created an arms race in the battle against cybercrime

The emergence of AI in cyber security

Machine learning and artificial intelligence (AI) are being applied more broadly across industries and applications than ever before as computing power, data collection and storage capabilities increase. This vast trove of data is valuable fodder for AI, which can process and analyse everything captured to understand new trends and details.

For cyber security, this means new exploits and weaknesses can quickly be identified and analysed to help mitigate further attacks. It has the ability to take some of the pressure off human security “colleagues.” They are alerted when an action is needed, but also can spend their time working on more creative, fruitful endeavours.

A useful analogy is to think about the best security professional in your organisation. If you use this star employee to train your machine learning and artificial intelligence programs, the AI will be as smart as your star employee.

Now, if you take the time to train your machine learning and artificial intelligence programs with your 10 best employees, the outcome will be a solution that is as smart as your 10 best employees put together. And AI never takes a sick day.

It becomes a game of scale and leveraging these new tools can give enterprises the upper hand.

AI under attack

AI is by no means a cyber security panacea. When pitted directly against a human opponent, with clear circumvention goals, AI can be defeated. This doesn’t mean we shouldn’t use AI, it means we should understand its limitations.

AI cannot be left to its own devices. It needs human interaction and “training” in AI-speak to continue to learn and improve, correcting for false positives and cyber criminal innovations.

This hybrid approach already has proven itself to be a valuable asset in IT departments because it works efficiently alongside threat researchers.

Instead of highly talented personnel spending time on repetitive and mundane tasks, the machine takes away this burden and allows them to get on with the more challenging task of finding new and complex threats.

Predictive analytics will build on this by giving security teams the predictive insight needed to stop threats before they become an issue as opposed to reacting to a problem. This approach is not only more cost effective in terms of resources, but also is favourable for the business due to the huge reputational and financial damage a breach can cause in the long term.

Benefits of machine learning

Alongside AI, machine learning is becoming a vital tool in a threat hunter’s tool box. There is no doubt machine learning has become more sophisticated in the past couple of years and will continue to do so as its learnings are compounded and computing power increases.

Organisations face millions of threats each day, so it would be impossible for threat researchers to analyse and categorise them all. As each threat is analysed by the machine, it learns and improves. This not only helps protect organisations now, but compiles this valuable data for use in predictive analytics.

However, just staying ahead of the hackers and the threats they pose is not enough to protect organisations as the new vulnerabilities and new devices that come online will make this more and more difficult.

The continued and enhanced standardisation on data formats and communication standards is crucial to this effort. Once data flows and formats are clearly defined, not just technically but also semantically, machine learning systems will be far better placed to effectively police the operations of such systems.

The industry needs to work towards finding the sweet-spot between unsupervised and supervised machine learning so that we can fully benefit from our knowledge of current threat types and vectors and combine that with the ability to detect new attacks and uncover new vulnerabilities.

Much like AI, machine learning in threat hunting must be guided by humans. Human researchers are able to look beyond the anomalies that the machine may pick up and put context around the security situation to decide if a suspected attack is truly taking place.

The future

For the security industry to get the most out of AI, they need to recognise what machines do best and what people do best. Advances in AI can provide new tools for threat hunters, helping them protect new devices and networks even before a threat is classified by a human researcher.

Machine learning techniques such as unsupervised learning and continuous retraining can keep us ahead of the cyber criminals. However, hackers aren’t resting on their laurels. Let’s give our threat researchers the time to creatively think about the next attack vector while enhancing their abilities with machines.

‘Researchers are now modelling how a malevolent AI system could develop, and have concluded that current cyber security practices are woefully inadequate’ 

Beleaguered enterprises are struggling to keep pace with cyber threats, and small and medium-sized businesses are hit hardest of all due to limited resources.

A recent survey by the Federation of Small Business (FSB) found 66% of those questioned had been a victim of cybercrime over the past two years, and only 4% had an incident response plan in place in anticipation of an attack.

For many, cyber security takes them into unfamiliar territory and depletes the time spent on core business activities.

This has seen an over-reliance upon point solutions, poor attention to patching and updates, and a failure to apply strategic business-specific security controls.

To make matters worse, the potential attack surface is only set to widen as the Internet of Things sees sensors and IP-enabled tech insinuate themselves into every niche of society, even the small business.

A badly configured humble kettle could open up a conduit onto a business network, for instance. Yet the current situation finds many SMEs ill-prepared for any change in the threat spectrum, being unable to monitor, detect and respond to an attack – begging the question, how will they cope with yet more holes in the network?

What is needed is some form of automation coupled with artificial intelligence; a system that has visibility of the network and can monitor activity and alert the business to enable security resources to be focused as and where needed, thereby conserving spend, but which is specific to the business.

High-level data processing has been available for some time in the form of security incident and event management (SIEM) systems that, when combined with a security operations centre (SOC), can correlate data and issue alerts.

But these systems can be costly and complex to deploy and manage, with reports estimating it takes up to six personnel to run a SOC 24/7.

Even then, the information derived from these tools needs to be correctly interpreted and actioned upon. And few SMEs have data scientists on the pay roll.

For this reason, AI is beginning to receive more attention. It takes complex event processing and performs pattern analyses, using machine learning, to improve success rates.

In the context of a SOC, AI can be used to extract hidden correlations and detect complex attack vectors, as well as by assisting analysts looking for traditional attack patterns by offering multiple filtering options.

It can then assess the potential for these events to scale-up and evolve into attacks. Threat feeds are assessed in the context of the business, so that criteria such as geography, sector and compliance requirements are used as parameters externally, while internal elements, such as business strategy and the risk profile, are included to create an overarching view –allowing the threat to be assessed against the risk appetite of the business before determining a response.

As opposed to a traditional SOC, an AI SOC demonstrates machine learning and uses deep threat intelligence. It can drill down further for data and use advanced penetrative techniques to mine information from dynamic data sources such as those associated with social media and even off-grid in the dark web.

This can give the business advance warning of an impending attack in real-time as data can be collated, sifted and interpreted using predictive data analytics to forecast likely event outcomes.

The FSB survey found that the most common form of attack against the SME were phishing attacks experienced by 49% of respondents, with 37% experiencing the more targeted spear phishing attack.

These can readily be spotted and filtered using automated software. Trickier and more difficult to anticipate are denial of service attacks, aimed at crippling websites, and ransomware attacks, which use DDoS attacks or malware to demand a release fee.

Both are on the increase in the SME sector, with the FSB survey reporting five percent of respondents had experienced a DoS attack and 4% ransomware.

By the time a DoS has been executed, the business is already caught off guard and is potentially in a capacity war, forced to scale up resource to fend off the attack.

Yet, with sufficient warning, the SME can use a DoS solution to throttle the attack. The key is getting that information in advance for it to become actionable intelligence and that can only be achieved by applying AI in the form of complex algorithms that can spot rogue activity.

For instance, DoS attacks are highly organised in nature and are often planned on forums hosted on the dark web. Tap into those conversations by using the parameters referred to above and you can create a window into underground activity that can trigger an alert when the noise merits it.

Real-time SOC services are now emerging that can deliver this type of capability to the SME and it doesn’t need to cost. Outsourcing can provide the SME with access to the technology, the AI, and the personnel needed to man the operation, thereby giving the sector access to high-level security services using economies of scale for the first time.

When selecting a supplier, it’s the intelligence that you need to look for, so in addition to the usual requirements such as SIEM, event logging and data analytics, it’s beneficial to look at the managed services on offer.

Ask how data is captured and correlated and analysed and by whom? Can it dovetail with your day-to-day business operations to provide business intelligence?

Finally, bear in mind that the threat spectrum is constantly evolving. Cyber security sees security solutions and attackers pitted against one another in a never-ending arms race.

If we now have AI security solutions, businesses should expect to see malicious AI systems in the future.

Researchers are now modelling how a malevolent AI system could develop, and have concluded that current cyber security practices are woefully inadequate.

The need for a cyber security overhaul is necessary as IT professionals know signature matching is no longer an effective means to identifying current attacks. 

AI has impacted our day-to-day lives for years, whether that’s automated voice calls or virtual personal assistants – like Siri – or even self-driving cars.

The next step is to implement AI technology into personal and cyber security systems.

Currently, one or two guards will monitor a bank of security screens, and it is a successful method of security, but it is not full proof.

Eliminating human error is a key driver behind bringing Artificial Intelligence to security through intelligent video analytics.

Humans can easily get distracted, generally have short attention spans, and often find it difficult to focus on multiple things at once – a bank of security screens.

In an article written by Dr. Mahesh Saptharishi, Senior Vice President of Analytics and Data Science at Avigilon, he explains: 'While a security officer might miss a person sneaking into a poorly lit facility, a camera backed with intelligent video analytics is designed to catch a flash on the screen and recognize it as a potential threat.'

'It will spot a person loitering at the perimeter of a schoolyard and alert on-the-ground security officials to investigate and take action if necessary, all without missing a beat and keeping close watch on the many cameras and locations.'

Just as AI can be applied to personal security systems, so to can it with cyber security systems.

The need for a cyber security overhaul is necessary as IT professionals know signature matching is no longer an effective means to identifying current attacks.

Hackers can easily conceal their attacks from these signature matching security systems.

A rejuvenation of the current system is needed.

>See also: Bring the noise: How AI can improve cyber security

Yesterday, DB Networks announced its DBN-6300 and Layer 7 Database Sensor software, were being deployed to successfully implement AI in the cyber security environment – to automatically protect databases’ infrastructure.

"AI-based cyber security is truly a sea change in the security industry," said DB Networks' Chairman and CEO Brett Helm. "AI enables us to quickly and accurately…identify cyber attacks in progress. In future generations of product, DB Networks will use the output from AI to drive autonomous cyber security technologies that not only block attacks but also automatically heal the vulnerabilities."

Caution, as always, must be taken – a Skynet scenario (for those of you who have seen Terminator), while unlikely, is not beyond the realm of possibility given this is the direction human technology is heading.

But the integration of AI into personal and cyber security systems is a natural progression as technology develops. It is more efficient and not hindered by human error.

Artificial Intelligence will of make locations – physically and virtually – safer by making technology more efficient and adaptable.