Artificial Intelligence and Cybersecurity

Nowadays artificial intelligence is widely adopted and considered strategic in consumer and business applications. From simple consumer applications like content broadcasting to some industrial processes, artificial intelligence allows activities that, sometimes, cannot be done without this technology.

The adoption of AI-based systems today goes hand in hand with the adoption of IoT devices (eg: voice assistants, connected appliances and sensors) by the means of we can easily interact with AI systems. In this context, the edge between the physical and virtual world is not always identifiable. This has made it more complex to control our lives and safety standards that, until recently, we used to refer only to the physical world.

The complexity and nature of the latest generation of cyber-attacks are deeply different from the viruses, worms and Trojans of not many years ago because we are increasing the number of services offered through the digital channel directly on personal devices.

The CLUSIT (Italian Association for Information Security) report for the first half of 2020 highlights the increase in phishing attacks, account cracking and DDoS attacks. In this scenario, cybercriminals have proved particularly resilient and have made the best possible use of the fact that over 5 million people have worked and are working remotely.

This new virtual dimension of our being is the exposure to new forms of risks that we are not always able to understand and manage unless you are an expert in the sector. Nonetheless, we understand that today an attack can cause the same amount of damage as a home burglary or an assault on the company warehouse. For this reason, today, cybersecurity is one of the most important IT activities both for business and for private citizens, generating a market whose value, according to data from the Cybersecurity & Data Protection Observatory of the Politecnico di Milano, is equal to 1.37 billion euros of which 55% invested in activities related to “endpoint security” solutions (for the protection of each device connected to the network) and “network & wireless security” (the solutions that defend the infrastructure from improper access). However, the number, complexity and range of attacks make the work of cybersecurity analysts too onerous and often insufficient to guarantee adequate security standards. For this reason, 47% of companies now adopt AI-based solutions to support cybersecurity operations and, specifically, solutions related to a specific area of artificial intelligence: Machine Learning.

The use of ML (Machine Learning) algorithms in “cyber defense” systems marked a turning point in protection from cyber-attacks because they are able to detect an attack independently and block it promptly. Furthermore, the analysis capacity of these systems allows them to be used also to carry out vulnerability tests of an infrastructure. With the aim of improving security standards more and more, the use of “supervised” machine learning algorithms, trained to identify specific threats, is accompanied by the use of “unsupervised” algorithms thanks to which of trying to identify threats not yet known.

The speed with which these systems intervene does not make them immune from errors related to false positives that can block a network or groups of PCs. However, their reliability is improving with a speed equal to that with which this technology is spreading, making the risk of false-positive ever lower.

The security control system is therefore based on the ability to analyze the available data and the breadth and depth of the dataset used to contribute to determining the performance level of the defense activity. The breadth of the data, as indicated by the Cyber Risk Index (CRI), is also determined by the use of data not directly linked to the investigated phenomenon and, as suggested by the construction criteria of the CRI, linked to socio-economic aspects, to the spread of digital services and the level of crime. The expansion of the dataset through the use of data apparently unrelated to the phenomenon analyzed makes it possible to combine the standard analyzes with analyzes based on weak correlations.

The choice of industrial partners who can offer datasets aimed at expanding the reference dataset, in my opinion, will therefore be one of the business levers to be addressed in future projects. The acquisition of normalized and validated data will allow you to remain focused on risk analysis and, at the same time, ensure a constant expansion of the opportunities to discover new forms of threat.