Machine learning serves as a real turning point in assessing cybersecurity risks as businesses are looking to adopt the evolving technology to ward off intruders.

Cybersecurity has largely been a cat-and-mouse game with IT personnel scrambling to pre-empt attacks or deal with system breaches of varying magnitudes. Some of that work requires addressing simple threats that, while relatively easy to nullify, take up valuable time.

Machine learning capabilities can identify attacks as they appear, alerting cybersecurity experts who can take appropriate action, and predict future attacks.

“You don't need a person to analyze something when a machine can distinguish between good or bad with high certainty and determine whether the program is malicious,” says Peter Košinár, Senior Virus Researcher at ESET, an IT security firm. “It can also tell us what's bad, and also what's good. If you know that, you can hone in on the grey zone where AI may not be able to figure everything out, thus requiring some human interaction.”

Collaborative efforts

Cybersecurity experts, like Košinár, believe it's best to combine machine learning capabilities with human expertise and instinct because the technology may not be precise enough to arbitrarily deduce the significance of a threat or attack vector. Fortunately, machine learning is designed to be adaptable.

Machine learning can parse information faster than humans can, which could effectively eliminate some of the tedious monitoring work humans have had to do, however he cautions that machine learning tools aren’t yet capable of stopping attacks independently of humans. “You can apply them along with existing tools, actions and response procedures to get them done faster or more efficiently,” he notes. “For example, if you’re alerted to suspicious behaviour on one computer, like certain files being encrypted, you can act on that much faster and stop the same damage from happening on the other computers without actually seeing it in the first place.”

Protective practices

Computers and smartphones tend to be the most vulnerable to attack because they can act as gateways into a wider business system. However, the Internet of Things (IoT) means there are printers, scanners, cameras, routers, and other network components that could be targeted entry points for cybercriminals.

Government institutions, banks, or other enterprises should use methods that are tailored to their own use because the threats they face are different, he adds.

For Košinár, deploying smarter tools like machine learning does require a strategic approach, noting that “attacks are often not discovered for quite some time after they happen, so it's important to be able to look back and understand what was going on in your own network, what assets the attackers were going after and how to protect them.”