The ITSM Practice Podcast: Future-Proofing Cybersecurity

Luigi Ferri:
Welcome to the ITSM Practice Podcast. I’m Luigi Ferri, your host. Today, we are taking a bit of a unique turn. I’m stepping aside to let Kyle Ryan, the Head of AI and Engineering at Dune Security and an adjunct professor at Fordham University in New York, take over for a solo episode. Kyle will delve into how AI is revolutionizing cybersecurity. He’ll cover its impact on our defense strategies and the broader implications for technology and corporate security. Expect insights on blending AI with established security practices to improve threat detection and strengthen defenses. Now let’s hand it over to Kyle and get ready to dive deep into AI’s transformative role in cybersecurity. Let’s get started.

Kyle Ryan:
Thank you, Luigi, for having me on the podcast. I’m excited to dive into how artificial intelligence is fundamentally transforming the way organizations handle cybersecurity. From machine learning models to generative AI, these technologies are reshaping our defenses against increasingly sophisticated cyber threats. Traditionally, cybersecurity has been a reactive field, relying on signature-based detection and predefined rules to identify threats. However, as attacks become more adept at circumventing these defenses, AI introduces a proactive approach, enabling organizations to anticipate and neutralize threats before they materialize.

One of the most significant contributions of AI is in threat detection and prevention. AI excels at analyzing vast amounts of data to identify potential threats and anomalies. For instance, AI-powered behavioral analysis systems offer several key advantages. They provide real-time threat detection and faster response times, enabling immediate action to be taken against potential threats and subsequently reducing potential damage. These systems can handle large volumes of data, scale easily with growing networks, and maintain effective threat detection across increasing activity levels. Moreover, they enhance predictive capabilities by learning from past behaviors and trends, allowing organizations to take preemptive action to mitigate risk.

Now we shift our focus to another area where AI truly shines: user behavior analytics. This is crucial when we consider that, according to a DOE study, 91% of all cyberattacks begin with a phishing email to an unsuspecting victim. AI models continuously analyze network behavior to detect deviations from normal patterns, enabling organizations to proactively identify evolving threats and vulnerabilities. By crunching terabytes of data, AI establishes behavioral baselines for individual users, monitoring login times and locations, file access and data transfers, application usage, and communication patterns. When anomalies occur, such as an employee accessing files they typically wouldn’t or logging in from an unusual location, these systems flag these deviations for further investigation.

The rise of AI-generated threats underscores the need for analyzing all user behavior, not just the obvious high-risk ones. AI models continuously monitor network behavior to detect subtle deviations from normal patterns, enabling proactive identification of potential threats. To handle the high volume of data, organizations are turning to graph networks and graph neural networks, or GNNs. These technologies allow us to model complex relationships between users, devices, and activities. GNNs can process and analyze interconnected data points, providing enhanced analytics on user behavior. For instance, a GNN may be able to identify suspicious patterns of communication or file access that traditional methods would miss. It could detect if compromised accounts behave abnormally within the broader network of user interactions, even if individual actions seem innocuous.

Building on this foundation of user behavior analytics, AI enables the creation of adaptive security systems that respond dynamically to threats. These systems learn and evolve alongside new threats, using techniques like reinforcement learning to model security environments and determine optimal policies for threat mitigation. For example, if an employee clicks on a suspicious link, an AI-driven system might automatically require additional authentication or temporarily restrict access until that threat is assessed. Moreover, AI can transform risky inbound phishing emails into highly targeted spear-phishing simulations, testing the organization’s security posture and providing immediate remediation by educating employees who may be susceptible to such attacks.

As we dive deeper into AI’s role in cybersecurity, it’s crucial to understand that we’re in the midst of an AI arms race. There’s growing evidence that cybercrime groups are leveraging AI, including large language models, to enhance their spear-phishing campaigns. These AI-powered attacks can create highly personalized and contextually relevant phishing content, making them significantly more difficult to detect using traditional methods. Security researchers and industry experts have noted an increase in the sophistication of phishing attempts, with many attributing this to the adoption of AI technologies by threat actors.

The ability of AI to analyze vast amounts of data, understand context, and generate human-like text has made it a powerful tool for crafting convincing phishing emails. To put this into perspective, Darktrace research has observed up to a 135% increase in AI-assisted email attacks in just a two-month period. This highlights the rapid adoption of these technologies by threat actors. This escalation in AI-powered attacks underscores the urgent need for equally sophisticated AI-driven defenses.

Academic researchers and cybersecurity professionals are at the forefront of studying these AI-enhanced attacks, developing new methodologies to detect and mitigate them efficiently. Cybersecurity defenses need to evolve and incorporate advanced AI techniques to counter these emerging threats. To counter evolving threats, organizations are leveraging AI to analyze vast amounts of data, identifying high-risk behaviors. This analysis enables the creation of sophisticated defense mechanisms.

First, AI-generated simulations. By crunching terabytes of data into actionable insights, AI creates spear-phishing simulations that closely mimic real-world attacks. These simulations effectively test and enhance employee vigilance by exposing them to sophisticated threat scenarios.

Second, targeted training. Insights gained from these simulations enable the development of highly targeted security awareness training tailored to address specific vulnerabilities within the organization. This approach strengthens the human firewall and ensures security measures evolve with emerging threats.

Third, continuous adaptation. As AI analyzes the results of simulations and training, it continuously refines its understanding of potential vulnerabilities, creating a feedback loop that constantly improves organizational security.

While AI offers significant advantages in cybersecurity, integrating it presents challenges. These include ensuring data quality and integration, addressing model interpretability for trust and regulatory compliance, defending against adversarial attacks on AI models, and scaling solutions to handle real-time data streams.

To overcome these challenges, organizations should invest in developing data-native security staff — professionals skilled in both cybersecurity and data science. Implementing robust data governance policies ensures data is handled responsibly and complies with regulations. Adopting explainable AI techniques enhances transparency, helping stakeholders understand and trust AI-driven decisions.

In closing, artificial intelligence is fundamentally reshaping the cybersecurity landscape by enabling proactive and adaptive threat detection and mitigation. From enhancing our defenses against sophisticated phishing attempts to analyzing user behavior for early threat identification, AI is becoming an indispensable tool in safeguarding our digital assets. While the integration of AI presents challenges, including data quality, model interpretability, and scalability, these can be addressed with thoughtful strategies and investments. It’s clear that embracing AI is not just beneficial but essential for organizations committed to maintaining robust cybersecurity measures in the face of evolving threats.

Thank you for listening. I hope this discussion has provided valuable insights into how AI is transforming cybersecurity and underscored the importance of incorporating these technologies into our defensive strategies.