Skip to main content

Cybersecurity can’t rely on artificial intelligence too much, report says

ransomware wannacry exploit attacking pc security padlock
Maksim Kabakou/Shutterstock.com
Cybersecurity pros shouldn’t rely on artificial intelligence and machine learning just yet, according to a new report.

The report from security firm Carbon Black, which surveyed 410 cybersecurity researchers and 74 percent said that AI-driven security solutions are flawed, citing “high false-positive rates”, while 70 percent claimed attackers can bypass machine learning techniques.

Related Videos

The respondents did not write off AI or machine learning as unhelpful but rather said that they just aren’t there yet and cannot be solely relied on to make big decisions when it comes to security. AI and machine learning should be used “primarily to assist and augment human decision making,” said the report.

Eighty-seven percent of those surveyed said it will be more than three years before they really feel comfortable trusting AI to carry out any significant cybersecurity decisions.

AI and machine learning have become more prominent in cybersecurity research and commercial products as a way to keep up with an ever-evolving threat landscape.

Among these new threats are non-malware attacks or fileless attacks. As the names suggest, these are attacks that do not use any malicious file or program. Rather, they use existing software on a system, making them largely undetectable for traditional antivirus programs that rely on detecting suspicious-looking files before acting.

Sixty-four percent of Carbon Black’s respondents said that they had seen an increase in such tactics since early 2016.

“Non-malware attacks will become so widespread and target even the smallest business that users will become familiar with them,” one respondent said. “Most users seem to be familiar with the idea that their computer or network may have accidentally become infected with a virus, but rarely consider a person who is actually attacking them in a more proactive and targeted manner.”

Non-malware attacks will be the scourge of organizations over the next year, said the report, and will continue to need a human approach.

Perhaps AI is overpromising what it can do for security. It indicates a future where cybersecurity will be a battle of “machine versus machine”, according to the professionals surveyed in this report but for now, it very much remains “human versus human.”

Editors' Recommendations

These 7 AI creation tools show how much AI can really do
Metaphor works like DALL-E and Stable Diffusion but uses AI to fill in prompts with links instead of text or images.

Between the text generator ChatGPT and image generators like Stable Diffusion, it's safe to say that AI-powered creative tools are taking the internet by storm.

As exciting as these two examples are, though, they're really only scratching the surface. There are all sorts of different tools and applications that do amazing things with AI and reveal just how revolutionary they'll continue to be in the future.
Metaphor search
Metaphor has been described as an AI-powered link autocomplete. The tool works similarly to systems such as GPT-3, DALL-E, and Stable Diffusion but uses AI to fill in prompts with links instead of text or images. You have to have a Discord account to register; however, you can experiment with the templates on the Metaphor homepage to see how the AI system works.

Read more
Hacker ranks explode — here’s how you can protect yourself
padlock on keyboard

The number of people that have hacking skills has exploded recently but it's still possible to protect yourself against almost all attacks, according to Microsoft's latest Digital Defense Report.

Microsoft has among the most complete collections of cybersecurity data compiled from Windows computers around the world and has analyzed that information to uncover some interesting insights for 2022. Something immediately obvious from the report is the threat from phishing attacks and ransomware is growing rapidly and at the same time becoming more sophisticated but you can still protect yourself.

Read more
Beware — even Mac open-source apps can contain malware
A pair of glasses rests on a desk in front of multiple computer monitors filled with code.

Installing apps on a Mac is generally considered to be safer than doing so on Windows and open-source software is usually benign but there are exceptions to both of these assumptions that can do untold damage to your privacy and security.

A recent discovery by Trend Micro provides a startling example of this risk. An open-source app designed to help Mac owners with iPhone and iPad app signing has been altered to include a nasty hack that steals your Apple Keychain data. The original app is called ResignTool and it’s available for free on the popular open-source site, GitHub. The app is six years old and both the code and the ready-to-run app can be downloaded from GitHub. That isn’t the problem.

Read more