author photo
By Clare O’Gara
Fri | Oct 11, 2019 | 7:56 AM PDT

It's a question almost as old as cybersecurity itself.

But some research from the Information Security Forum (ISF) is trying to get us closer to an answer.

And the question?

How does Artificial Intelligence fit into the future of cybersecurity?

AI and cybersecurity: friend or foe?

Where cybersecurity is concerned, Artificial Intelligence can be a threat and a help.

Steve Durbin, Managing Director for ISF, explains AI's risk like this:

"AI is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior—and like humans they will be flawed, but also capable of achieving great things. AI poses new information risks and makes some existing ones more dangerous."

Where we should focus around AI and cybersecurity

In Demystifying Artificial Intelligence in Information Security, the ISF's latest digest, the organization hopes to shed light on AI's risk and reward for cybersecurity.

The conversation, it says, has to be two-sided, with a focus on internal practices and external threats:

"Compromised AI systems make poor decisions and produce unexpected outcomes.

Simultaneously, organizations are beginning to face sophisticated AI-enabled attacks—which have the potential to compromise information and cause severe business impact at a greater speed and scale than ever before."

AI's benefits and downsides are mixed, but one thing is clear to researchers in this case: as more of us begin to use AI, it will become even more critical for everyone in security.

"Adversaries are not standing still—as AI-enabled threats become more sophisticated, security practitioners will need to use AI-supported defenses simply to keep up."

AI and cybersecurity: the battle

Durbin calls the phenomenon an arms race.

However, this does not mean that AI is inherently negative for cybersecurity. Above all else, Durbin thinks people in the field need to stay informed and aware.

"AI can also be used for good and should become a key part of every organization's defensive arsenal.

Business and information security leaders alike must understand both the risks and opportunities before embracing technologies that will soon become a critically important part of everyday business."

A part of everyday business, just like cybersecurity itself.

Comments