In an increasingly digital world, cybersecurity is instrumental for businesses and governments. However, it’s not a one-size-fits-all solution and novel approaches are needed as new and different challenges arise. 

Deloitte managing director Mike Morris, alongside Abdul Rahman, associate vice president at the AI Center of Excellence spoke at this year’s AI Business Summit in New York about how AI can address new and emerging cybersecurity problems, and how businesses can protect themselves against threats.

“There is already a plethora of cybersecurity tools out there, and there’s no shortage of data,” said Morris. “But currently, getting through this data is a very manual process and a lot of analysts get alert fatigue – they can’t keep up with the amount of alerts. As attackers get smarter, the threats become increasingly complex and it also becomes harder for defense teams to understand and prepare for attackers.”

Talent in the cybersecurity industry is scarce, with Morris saying there is currently a personnel shortage of nearly 2 million, with this number changing every day. The sheer volume of data breaches and potential threats is also far greater than the number of people available to process them, leaving a market gap that AI could meet.

“Detections of attacks are reactive in nature and there’s a lot of false positives,” he said. “Attackers are increasing their knowledge, they’re using operating systems better than before and hiding in plain sight, using security products to maneuver in an environment. But this is where there are a lot of opportunities to leverage AI to reduce this false positive rate and help with threat detection.”

By harnessing AI systems to identify and monitor attack trends over time, the average response time to attacks can go down to a matter of minutes and free up human workers for other tasks.

“The key is getting the data into one spot,” said Rahman. “While it’s great having multiple products supplementing each other, they all store data in a separate database that analysts can’t reach. We made a data lake to store this information and run analytics on top to get trend analysis, to ultimately predict when an attack might occur.”

Adversaries coming into a network may exploit a certain protocol or application that operates at a certain time of day, leaving a trace and indicating a potential compromise that an AI system can pick up. Different indications for different threats need to be built into the AI system, as well as taking into account what does or does not count as a threat.

“We want to collect data and construct capabilities to train over that data to identify with high accuracy and precision those kinds of threats,” said Rahman. “This is setting the stage for ML and AI to read the data and apply the model to identify behavior. Being able to deploy AI to detect potential issues offers a lot of value, what we want is a low false positive rate and fast detection times.”

This article first appeared in IoT World Today’s sister publication AI Business.