There is an eternal battle of attackers using AI versus the defenders of AI and cybersecurity, says Benoit Desjardins.
Artificial intelligence can be both friend and foe for cybersecurity efforts, according to cybersecurity expert Benoit Desjardins who kicked off the HIMSS AI and Cybersecurity Virtual Forum on Tuesday.
AI is being used for both offensive and defensive cybersecurity. As a result there’s a constant battle for cybersecurity experts to keep up an with average two breaches a day that threaten to expose personal health information, according to Desjardins, a former hacker.
Once bad actors gain access to a network, they have rapid access to data, Desjardins said. Most hackers can get information within less than five hours. Meanwhile it takes an organization, on average, 235 days to detect a breach, he said.
Two common ways hackers gain access is through malware and phishing.
Traditional approaches to combatting cyberattack include network intrusion detection and signature-based detection. The latter is the most popular way to detect an attack, Desjardins said. It identifies known threats by matching data patterns.
Most phishing attempts are signature based and there are databases of known malicious websites.
But this method is not suitable for variants.
There’s also a behavioral-based method that detects what malware does.
There are limitations to traditional methods due to the number of variants, the rate of infection, the labor intensive time required and the overwhelming scale of the number and frequency of attacks, Desjardins said.
AI threats include generative AI models that learn the distribution of data. Generative Adversarial Networks (GAN) can produce fakes of images that can’t be told apart from the real thing.
GenAI can be used for social engineering, making convincing deep fake videos, fake voices, phone calls, texts and phishing campaigns.
In February 2024, social engineering convinced an employee of the Arup Group she was in a video conference call with company executives who asked her to transfer $25 million. She transferred the money and was the only human on the video call.
“This was a very creative case of social engineering,” Desjardins said.
Defensively, GenAI can find computer flaws, simplify data and analyze a lot of visual evidence. It’s able to automate object detection and can analyze digital conversations.
Discriminative models in cybersecurity use AI in four layers including a data layer, feature layer, intelligent layer and application layer.
There are several commercial cybersecurity models that are over 99% accurate, Desjardins said. These are used to detect several kinds of intrusion, to detect malware and to detect phishing attacks.
“There’s been many AI successes in real cyber attacks,” Desjardins said, “but few are publicized.”
The advantages of AI in cybersecurity are simplicity, scalability, reusability and speed.
The disadvantages include the need for huge datasets, tedious supervised learning and the risk of hallucinations.
Ai is rapidly changing cybersecurity, he said. It has important benefits for defenses. There is an eternal battle of attackers using AI versus the defenders of AI.
AI will not replace either doctors or cybersecurity experts, Desjardins said in closing.
Physicians who know how to use AI will overcome physicians who don’t know how to use AI, Desjardins said.
Cybersecurity specialists will need to learn AI software, instead of sifting through datasets. A human is still needed to sift through alerts. It’s a collaboration between AI and humans, he said. The difference is that AI is able to work 24/7.
“It doesn’t need to sleep as we do,” he said.
Desjardins is a professor of Radiology at the University of Montreal, the CMIO at the Centre Hospitalier de l’Université de Montréal (CHUM) and a consultant in IT for the Quebec government.
His session, “AI v. AI – Defending Against AI-Powered Cyber Threats in Healthcare,” is expected to be available in a repeat broadcast.
Email the writer: [email protected]
link