How AI helps with cybersecurity

It's every mid-sized company's worst fear: You open your laptop in the morning only to discover that criminal attackers have encrypted your data – a ransomware attack. You can no longer access production plans, supplier lists, or contracts. Instead, you receive a ransom demand for millions, payable in cryptocurrency. Sadly, artificial intelligence (AI) is now making such attacks even easier and more dangerous for criminals. But AI can also help protect against these IT criminals.

AI writes better phishing emails

The ransomware phenomenon is widespread. Hackers often gain access via social engineering, which exploits human characteristics to obtain information that makes a cyberattack possible in the first place. This approach is made much easier by generative AI.

Many companies have already experienced this: an email arrives where even experienced internet users don't immediately know whether the information it contains is true or not: Is the warning about an account suspension or the announcement of a deal real or fake? A member of your team might click on a link too quickly – and the attack starts.

This type of attack is often based on social engineering. The attackers exploit the fact that people initially have a level of basic trust, for example, when an email from a partner company lands in the inbox that looks deceptively genuine.

With the use of generative AI, internet criminals can make the texts and formatting of fraudulent emails look particularly real and credible quickly and easily. This extends to the individual writing style of a person – including spelling mistakes. This, in combination with detailed information about the company, even critical employees are easily deceived and make the devastating click.

SMEs without IT departments can be particularly vulnerable

In theory, all companies are targets of such attacks, regardless of whether they are large or small. However, certain companies are particularly frequently affected by ransomware attacks, including companies from the healthcare sector, educational institutions, and SMEs.

These companies often do not have the same robust IT security resources as large corporations, making them easier targets. Attackers also know that successful SMEs may be more willing to pay the ransom demanded because they cannot afford longer downtimes.

The IT fraudsters also know that smaller companies are less well protected and often do not use modern security tools. To counter this risk, SMEs must prove that this assumption is wrong. Crucial here are the training of the workforce, the implementation of multi-factor authentication, regular security updates for servers and networks, and the use of managed services.

How AI helps in cybersecurity

Artificial intelligence itself can also be deployed against AI attacks. The main use case is to use it to automate the monotonous tasks that are required within cybersecurity. AI is ideally suited to collect huge amounts of data, analyse it, and react based on the insights gained. This allows companies to identify threats faster and better and take action.

For example, data about unauthorised access to an IT system must be documented. An unsuccessful log-in to a company system, does not always have a criminal origin and often there are harmless causes for this, such as incorrectly entered passwords. With AI, the analysis of such data can be automated. This allows IT personnel to concentrate their efforts where they are most needed.

Things to consider when using AI in cybersecurity

The use of AI in cybersecurity brings not only advantages but also challenges that need to be addressed. Below are some examples of areas that need to be taken into consideration when implementing AI as part of your cybersecurity strategy:

• Dependency on data quality: Insufficient or incorrect data can lead to AI models misjudging or overlooking threats. This may lead to a deceptive sense of security.

• Vulnerable to manipulation: Attackers can specifically feed in false data to deceive the AI and exploit security vulnerabilities. This "Adversarial AI" represents a new form of threat against which conventional security measures are often insufficient.

• Decision making understanding: Another risk is that AI models become so-called black boxes, whose decision-making processes are difficult to understand. This makes it difficult to identify and correct faulty decisions in a timely manner. Companies must ensure that their AI systems are not only effective but also transparent and verifiable.

• Organisational challenges: The implementation and maintenance of AI systems requires specialised expertise and adapted IT infrastructures. This can be a hurdle, especially for smaller companies.

Summary: the most important take-aways

With generative AI, cybercriminals can create deceptively genuine phishing emails that lure even experienced users into the trap.

Small and medium-sized enterprises are particularly at risk from ransomware attacks because they often have less robust IT security resources. Attackers know that these companies are more likely to pay a ransom to avoid longer downtimes.

Artificial intelligence can be used in cybersecurity to automate routine tasks and detect threats faster. It helps IT personnel to manage data floods and make informed decisions.

Companies face challenges as they need to ensure data quality and integrate AI into existing IT infrastructures.

To find out more about AI and cybersecurity, check out our article on defending SMEs against AI-driven cyber attacks.