Artificial intelligence is not a silver bullet for cyber security

IT decision makers throughout the US and Europe misunderstand the hype around AI and ML

Despite the high number of IT decision-makers who consider artificial intelligence (AI) and machine learning (ML) important in stopping future cyber security threats, a significant proportion also view discussions around the subject to be pure vendor hype.

A white paper released by cyber security software provider ESET shows a notable difference between regions of the world in their approach to AI and ML.

IT professionals in the USA were much more likely to believe in the power of these technologies: 82 per cent said that they would be a ‘silver bullet' in solving future security challenges, compared to 67 and 66 per cent in the UK and Germany, respectively.

However, US respondents were also, conversely, more sceptical about the possibilities, with 65 per cent disregarding current discussions as hype. 53 per cent of IT professionals in the UK, and 40 per cent in Germany, felt the same way.

ESET says that the promises made by IT vendors around AI and ML ‘[have] the potential to put businesses in a position where security professionals are relying too much on the development of AI and not focussing enough on a joint and multi-layered approach of human and machine'.

Confusion reigns

47 per cent of respondents said that they don't fully understand the difference between AI and ML - which isn't helped by the terms being used almost interchangeably in the media.

ML, which relies on training computers to perform tasks, is nothing new; companies have been using it in security since the '90s. ESET says that the majority of respondents (89 per cent in Germany, 87 per cent in the USA and 78 per cent in the UK) are already using ML in their endpoint protection.

Although a powerful tool, ML has drawbacks and is best used under the supervision of a human operator. For example, feeding a system corrupted data will lead to inaccurate results or decisions.

AI, on the other hand, describes a situation in which a machine operates without pre-programming or training.

While these techniques might change the way that organisations approach security, remember that it isn't only the white hats who will use them. Hackers will also be able to leverage AI and ML tools, helping to profile victims or carry out higher numbers of labour-intensive attacks, like spear-phishing.

More than half of respondents in all regions (USA: 75 per cent; UK: 57 per cent; Germany, 55 per cent) think that the number of malicious attacks will increase when hackers start to use AI. They also agreed (USA: 79 per cent; UK: 66 per cent; Germany, 58 per cent) that attacks would become more complex.

Beyond the hype

While it is pleasant to believe that a catch-all security solution exists, true AI is still far in the future, and ML is not yet competent enough to replace humans in the security apparatus.

Instead, ESET recommends that firms make an effort to fully understand the security challenges that they will face, and choose a solution that meets their personal needs.

There is, unfortunately, no silver bullet.