Executives consider cyberattacks the main threat for their businesses, and artificial intelligence only exacerbates the risk by helping hackers infiltrate IT systems faster and more effectively. But AI can also help protect businesses.
“It’s important for businesses to pursue these next-generation technologies to identify and prevent attacks using things like AI,” said George Kurtz, CEO of cybersecurity firm CrowdStrike. Fortune.
The number of cyberattacks in the United States reached a record high in 2023 with more than 3,200 violations, according to the Identity Theft Resource Center, a nonprofit organization that raises awareness about cybercrime. These violations threaten businesses because they can stop sales, destroy reputations, create legal problems, and put individual customers at risk.
CrowdStrike monitors companies’ systems for hacking and blocks cyberattacks based on what it calls “attack indicators,” or IOAs. These IOAs are sequences of events in a computer system that signal that a breach may be occurring. For example, a signal might include a user downloading a file online and opening it, then the file downloading the code, erasing other computer files and deleting their backups. Each of these actions, alone, may indicate normal computer use, but together they suggest something nefarious.
“There are only so many ways to rob a bank,” Kurtz said, likening the hacking methodology to another type of crime. “You have to get in and out. It doesn’t matter what shirt you wear, or whether you have a gun or a knife.
Likewise, there are only a limited number of ways to commit a cyberattack, and CrowdStrike imagines new scenarios through IOAs and attempts to stop them. Previously, CrowdStrike researchers and analysts created these IOAs by hand, said Elia Zaitsev, chief technology officer. They collected behavioral patterns on customers’ computer systems, discovered new types of hacks, and came up with sequences of actions their technology should look for. “It takes a lot of time,” Zaitsev said Fortune.
But in 2022, the company launched AI-powered IOAs. CrowdStrike’s AI systems can sift through its customers’ billions of data points, including Target, Selling power, Inteland Wyoming State Government, and suggest new models that may report violations.
“It gets smarter as it analyzes the data,” Kurtz said. “He finds more, then it gets better, and then he finds more.”
AI-powered IOAs are also more effective than human-created sequences, Zaitsev added. “We found that AI-powered IOAs are more effective at detecting harmful elements, but also less noisy at detecting harmless elements,” he said. Fortune. “He gives us the cake and lets us eat it too.”
Other cybersecurity companies are using AI in a similar way. Darktrace, a British cybersecurity company, uses AI to learn the intricacies of individual businesses and identify when a user or device deviates from its usual mode of operation, signaling a potential breach. Microsoft’s security business, called Microsoft Defender for Endpoint also uses AI to predict whether devices are at risk of attack and automatically increases security if it determines they are.
While cybersecurity protections can help businesses identify and stop attacks, they are not foolproof. Cyber experts often have to play catch-up with bad actors who are constantly discovering new techniques. Just as cyber companies are using AI to stop attacks, hackers are adopting it, leading to increasingly sophisticated breaches. For example, AI can write a convincing phishing email without the typos or format inconsistencies that can raise red flags for a target. It can also help to clone voice from a family member, which can be used to request money over the phone.
“AI is a tremendous tool for defenders,” said George Berg, associate professor and former chair of the information security department at the State University of New York at Albany. “But it is at least as effective for offenders.
“All an attacker needs is to find a weakness to gain access to a system,” he said. Fortune. “A defender has to find them all and block them. The advantage is on the attacker’s side.
Tedious hacking work
Cyberattacks occur for many reasons. State groups may be seeking to collect intelligence on specific companies. Last month, for example, a group suspected of being sponsored by the Russian state hacked Microsoft and accessed corporate email accounts, looking for information relating to the group itself, Microsoft said.
Money is another motivator. Malicious actors can break in, encrypt files, and demand ransom. In 2021, meat processor JBS paid $11 million ransom to hackers after a breach, the head of the U.S. division said at the time, which caused a one-day shutdown of all its U.S. beef plants and disruptions to poultry and pork operations . Hacking groups may also deface websites as a form of activism. This was the case in 2020 when foreign hackers posted messages on dozens of U.S. government websites to express their anger after a US airstrike killed an Iranian general.
“For an attack on a nation state, AI will help the hackers a little bit, but they already have people with insane skills,” said Arthur Conklin, an information security professor at the University of Houston. Fortune. “For people who create botnets and ransomware, the common criminals of the Internet, this will help them incredibly.”
Hacking is a “long road with tedious work,” he said, including writing code and searching through data — tasks that AI can perform with enough precision to be effective. Because AI powers and accelerates hacks, it would not be surprising to see an increasing number of attacks in the future, Berg added.
Generative AI too
CrowdStrike’s Zaitsev acknowledges the difficulties. “It’s an arms race in which you’re always behind the adversaries,” he said.
CrowdStrike offers another AI product that is supposed to enable security professionals and employees with little tech experience to protect themselves and their businesses. In addition to CrowdStrike’s AI-powered IOAs, the company last year introduced a generative AI chatbot called Charlotte AI that can answer questions from anyone using CrowdStrike security products on their individual systems, e.g. whether they are vulnerable to a specific type of attack. It can also explain cybersecurity issues, like what a specific type of malware is and how to avoid it. As a resource for an entire company, Charlotte can help onboard novice users and further train experienced users, Zaitsev said.
It can also collect information and perform tasks for an IT department. For example, a user can enter a query “Show me all failed login attempts from New York” and the system will come up with a list, giving security personnel the information they need to take further action.
“Charlotte will be another piece of growth for us,” Kurtz said, adding that AI is central to the company’s growth.