The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?
Every year, there are around 800,000 cyberattacks – equating to almost 2,200 attacks per day. In other words, a cyberattack occurs every 39 seconds.
That’s a lot of work for human fraud teams to deal with.
Imagine a football goal that’s 100 metres wide opposite a legion of the best strikers in the world and guarded by a single goalkeeper. You’d expect quite a few goals to go in.
However, artificial intelligence (AI) is already changing the cybersecurity game for businesses and individuals. Picture thousands of robotic goalkeepers, all equipped with an intimate, categorical knowledge of each striker’s strengths, weaknesses and shooting feet – goalkeepers with a perfectly calibrated understanding of every ball’s flight and trajectory and capable of learning after each ball kicked, shot saved and goal scored.
That’s AI in cybersecurity – so it’s no surprise that over half of all business leaders are already harnessing AI to safeguard them from the countless cyber threats out there. But how?
Below, we look at AI’s burgeoning role in the contemporary cybersecurity landscape. We’ll explore:
AI in cybersecurity refers to the way in which AI-driven technology (including advanced machine learning algorithms and computational models) can help defend against cyberthreats.
In cybersecurity, AI can comb through huge datasets – ones far bigger than any team of humans, no matter how fast, intelligent or diligent, could handle – to root out suspicious activity online. Backed by AI, cybersecurity systems can detect anomalies in behaviour, respond to incidents in real time and spot malicious activity before it has a chance to wreak financial or reputational havoc on your business or personal life.
Despite offering an approach to cybersecurity that’s faster, more accurate and more scalable than humans (not to mention the fact that it doesn’t need to eat, sleep, take coffee breaks or go on holiday), AI does have one distinctly human trait: the ability to learn.
That’s because an AI-powered security system will learn from every piece of data you feed into its system and every threat it faces. Like a weathered, battle-hardened general of war, AI cyber-fighting algorithms have seen it all – making them more adaptable, more capable and better equipped to deal with dangerous new cyber threats as they emerge.
Valued at $22.4 billion (£18.4 billion) in 2023, the AI in cybersecurity market is booming.
However, by 2028, experts predict it will have almost tripled to an eye-watering $60.6 billion (£49.7 billion). The data also suggests that while almost all organisations already apply, or want to apply, AI in a cybersecurity context, less than a third (28 per cent) do so extensively, suggesting a gap between the need for AI and its actual adoption.
So, why is AI in cybersecurity so important? Well, because of the diverse and ever-expanding litany of cyber threats that businesses and individuals face in 2023. These include:
With the estimated 2,200 cyberattacks occurring every day – and 2.8 billion malware attacks taking place in the first half of 2022 alone – hacking is big business. Human analysts (no matter how skilled or dedicated) are no match for fraudsters, particularly when they’re armed with AI-equipped fraud-perpetrating toolkits.
With that in mind, the most dangerous threats need the best technology, and AI is it. So, let’s explore AI’s top cybersecurity capabilities and how they keep you safe online.
When the movie Minority Report came out in 2002, it painted the picture of a dystopian future in which crimes could be foreseen and stopped before they even had a chance to take place.
It’s a testament to how far AI has come in the past 21 years that the ability to predict and eliminate threats – before they unfold – is no longer pure sci-fi but a stark reality.
Predictive threat analysis is a subset of AI that involves sifting through vast amounts of data to identify the subtle trends, correlations and anomalies within. By training AI algorithms to understand the processes and patterns of normal activity, they can learn what the precursors of abnormal activity look like and use this knowledge to anticipate it.
Let’s take payment fraud prevention for an ecommerce business as an example. In a machine learning-enabled fraud detection approach, an AI algorithm would crunch the ecommerce business’s entire transaction history, which includes both legitimate transactions and those flagged as suspected or confirmed fraud.
In doing so, the algorithm can learn which items fraudsters target most, which devices they’re targeting the online business from and which countries are overrepresented when it comes to the origins of fraudulent traffic.
Armed with this contextual knowledge of known attack vectors and historical fraud tactics and techniques, the machine learning algorithms can flag any transactions that meet a risk threshold – for example, a $10,000 purchase from a high-risk country – for manual human review. Performing these steps can prevent unauthorised transactions before they go through.
Similarly, an AI algorithm might look at subtle changes in user behaviour, network traffic or system configurations to nip a data breach in the bud or, by monitoring sudden spikes in data access or unusual login times, flag an account that’s been compromised.
Predictive threat analysis represents a proactive response to cyber threat detection and prevention. It’s quite different from the more traditional, human-based approaches to fraud prevention, which – despite being effective against known threats – are ultimately reactive.
| Predictive threat analysis | Traditional threat responses |
|---|---|
| Operates in real time, allowing you to respond immediately to emerging cyber threats | Relies on manual human analysis and periodic security checks, which often don’t keep pace with the evolving threat landscape |
| Adapts to new threat vectors by continually learning from new data | Struggles to cope with zero-day attacks and emerging cybercriminal techniques |
| Analyses large data sets, which helps it minimise false positives (where benign activities are mistaken for threats) | Lacks the analytical breadth and depth of AI-enabled solutions and tends to raise more false alarms |
No matter how good your cybersecurity setup is, attacks are unavoidable. This means you need to be able to detect and prevent threats before they arise or deal with them quickly and efficiently when they do.
Here, time is of the essence. Unfortunately, a timely response to fraud isn’t something most modern businesses have the best record with.
In 2022, it took organisations an average of three days after a cyberattack to discover it had even happened. Recent data from 2023 is even more scathing, with IBM suggesting the average time to identify a breach, depending on how it was identified, was:
That’s if it was even discovered. According to IBM, only a third (33 per cent) of data breaches were uncovered by the surveyed organisations’ internal security tools and teams.
Fortunately, it’s something AI will continue to improve. After detecting malicious activity in real time (not days later), AI algorithms can trigger immediate threat responses.
These automated response systems are AI’s way of making split-second decisions – much as a human in an under-fire situation would – to mitigate the threat. However, unlike flesh-and-bone analysts, there’s no chance of AI’s conclusions succumbing to human error.
AI cybersecurity tools can minimise fraud’s disruption to the rest of the network by taking targeted, almost surgical action. This could include blocking a suspicious IP address, quarantining a compromised device from the rest of the network or disabling a user account to neutralise the threat while allowing normal operations to continue uninterrupted.
Failing to detect and neutralise cyber threats comes at a big cost for businesses.
Financially, the global average cost of a data breach is an enormous $4.45 million. Reputationally, data breaches represent bitter black marks against a business’s brand power, trust, credibility and, ultimately, its bottom line. Ask Yahoo!, which experienced a major data breach in 2013, then again in 2014, that compromised around three billion accounts; it prompted a litany of lawsuits and brand damage that Yahoo! still hasn’t recovered from.
What can be done? Below, we look at two of AI’s critical applications in cybersecurity –phishing detection and secure user authentication – to find out.
Since phishing is implicated in 16 per cent of data breaches, according to IBM, we’ll start there.
Phishing is a form of cyberattack in which a fraudster tricks a person into giving up sensitive information – often posing as a legitimate entity, such as a bank or company.
Phishers “spoof” these businesses to send text messages and emails to their targets, creating a false sense of urgency or fear by telling them that their information has been compromised and their access to their online bank or social media accounts is at risk. The phishing scheme’s “bait” could also be a package that couldn’t be delivered and will be lost permanently if the user doesn’t log in and pay a customs release fee.
Some phishers – in a tactic called social engineering – call their victims, using a complex array of psychological techniques to manipulate and pressure them into handing over their most sensitive data. That could be credit or debit card details, personal information or the usernames and passwords to their online accounts.
2023 data from the Home Office found that phishing was the most reported cybercrime in the UK, with 79 per cent of businesses and 83 per cent of charities falling prey to a phishing attack in the last year. The latest phishing statistics also indicate that there were 4.7 million phishing attacks in 2022 alone, so it’s a threat that all individuals and businesses need to remain aware of.
Fortunately, phishing is also a threat that AI-powered algorithms are already rising to meet through a branch of AI called natural language processing (NLP).
NLP focuses on the interaction between humans and computers through natural language. The goal? To read, decipher, understand and make sense of human language in a way that has value, like phishing detection.
AI-powered NLP algorithms can be employed to dissect the written contents of emails and discern the linguistic patterns and context contained within the content. Suspicious requests? Grammatical inconsistencies? Spelling errors? Urgent, hyperbolic or excessively persuasive or dramatic language? NLP algorithms comb through them and automatically filter out any emails with these sure-fire signs of spam before they can get anywhere near your cursor.
AI algorithms are also adept at picking up other clues from potential phishing emails by scanning attachments for malware signatures and scrutinising the destination of any embedded links. But it’s not only the words, documents or other elements of an email AI looks at – it’s the underlying patterns of an email account holder and their contacts.
By tracking sender behaviour over time, AI algorithms can stay alert to any sudden changes, such as a trusted contact sending an unusual attachment. Given that the most effective phishing attempts occur when the fraudster imitates one of the victim’s known contacts, this level of AI-powered functionality is fundamental.
Once AI cybersecurity tools identify a phishing email, they swiftly quarantine it before initiating a series of automated responses, including warning the target, disabling the malicious link or – in an organisational context – informing the IT team for further investigation.
Every day, we authenticate our identity in some way.
Whether it’s entering our password to log in to our email accounts or using facial recognition to verify a smartphone payment, user authentication processes are vital.
More traditional methods, such as passwords and PINs, are becoming increasingly vulnerable to hackers. Passwords are a common target of brute force attacks, where a hacker tries a range of different passwords over and over until they eventually guess correctly.
Enter AI, which is already changing the way we verify our identities in 2023. In fact, you’re probably already benefiting from AI-driven authentication.
A handful of the ways AI is shaping the future of user authentication include:
Like any transformative technology with AI’s striking, exciting potential, there are risks involved and factors a business or individual utilising AI for cybersecurity must consider.
As shown, AI in cybersecurity’s key strength is its ability to incrementally learn through the process of analysing big data. However, that continual reliance on sets of extensive, high-quality data is also one of AI’s key Achilles’ heels.
This means that your AI-driven approach to cybersecurity will only be as effective as the data you’re able to feed it. Your datasets not only need to be relevant and high quality but also diverse to cover various attack scenarios and patterns and give your algorithms the best chance of preventing, detecting and flagging threats while minimising false declines.
Your datasets also need to be accurate. Plugging incorrect or incomplete datasets into AI cybersecurity models will result in flawed predictions and skewed outcomes.
Similarly, you’ll need to ensure the training data is as free of bias as possible. Bias is an inherently human disposition. Despite algorithms obviously not being human, they can, and do, inherit our biases and historical and social inequities. When these taint a dataset, they will be reflected in the AI’s filtering and decision-making processes.
How might AI bias look in a cybersecurity context? Well, an AI cybersecurity tool trained by US programmers, with algorithms created by Americans and fed with US-centric datasets, will most likely be set up with a focus on the US’s biggest rivals: China and Russia, for example, or other states with hostilities towards the US.
However, the data suggests that while China is responsible for the most cyberattacks (18.8 per cent of the global total), the US runs a very close second at 17 per cent. This could lead the American algorithm, preoccupied as it is with external, international threats, to overlook the domestic dangers lurking within its borders.
Another challenge of AI? Like many of the real (and fictional) world’s most powerful forces, it can be harnessed for both good and evil.
Just as AI cybersecurity tools are evolving, so are AI-propelled threat vectors, leading to ever-increasing, ever-evolving methods of cyberattack and manipulation. These include:
By reappropriating the positive benefits of AI for malicious means, cybercriminals can take advantage of one of AI’s greatest drawcards – automation.
Some ways that hackers can repurpose AI’s automating qualities to do harm include:
To say AI might change the cybersecurity landscape is off the mark. To say AI is already transforming cybersecurity is more accurate. However, to say that AI has already drastically and irrevocably changed cybersecurity – and will continue to do so for lifetimes and generations to come – is the statement closest to the truth.
This means the question for you isn’t whether you should integrate AI-led approaches into your private or professional cybersecurity setup but when. And that “when” is now.
But how? Some of the strategies you can use to get started include:
Explore our top 10 ways to ensure your anonymity and privacy on the internet, and find out how the best Virtual Private Networks can form part of a package of solutions that can help protect you from online threats.
AI boosts the speed of cyber threat detection by doing the work of hundreds or thousands of human analysts – without tiring or taking time off. AI algorithms comb vast data sets, spot patterns and flag anomalies in real time. It not only identifies threats but predicts them, and providing you keep it fed with recent, relevant data, it will only become smarter with experience.
Because AI cybersecurity tools operate with such an impressive degree of accuracy, they all but eliminate human error, reducing the chance of legitimate transactions getting flagged as fraud and blocked. It speeds up the time-intensive process of untangling those mistakes. AI is also capable of automating responses to fraud, enabling fraud teams to act faster than if they were relying on manual threat detection processes alone.
Yes, absolutely – AI in cybersecurity certainly comes with risks.
Adversarial attacks can trick AI systems with inputs specially crafted to make them misbehave, leading to security vulnerabilities. Other factors to consider include biases that AI systems can inherit from their training data and the lack of transparency into the exact makeup of the algorithms.
Add to this the privacy issues that greedy data requirements raise – as well as the fact that an over-reliance on AI might neglect the human kind – and it’s clear AI poses challenges. Vigilance, constant monitoring and a blend of human insights along with the artificial will all be key to maximising AI’s value and mitigating its more worrying implications.
By enabling and drawing insights from facial, voice and fingerprint recognition technology, AI is making user authentication smarter and safer.
One facet of AI-enabled authentication, behavioural biometrics, flags a user’s mouse movements and typing speed to learn patterns. Another school of AI, called contextual authentication, focuses on building up a bank of information about how and where a user typically logs in. When suspicious conditions are met – for instance, a user logging in from an uncommon location or unknown device – the AI algorithms will assign it a high-risk score, indicating potential fraud. From here, further authentication will usually be requested.
While AI is a powerful ally in the bid to keep fraudsters and hackers at bay, it won’t replace human roles – at least, not entirely.
That’s because humans offer, well, humanity. We offer creativity, critical thinking and ethical judgement, all aspects unique to the human condition that robots are unable to bring to their work. When it comes to solving complex problems, developing strategies and understanding the broader context of security issues, human expertise will remain indispensable in the cybersecurity space. We should view AI not as our replacements but as a tool enabling us to do our jobs faster and more effectively.
