Cybersecurity: Is Machine Learning the Answer?
EDITOR’S NOTE: This article is about how to approach and think about cybersecurity. True Interaction built SYNAPTIK, our Data Management, Analytics, and Data Science Simulation Platform, specifically to make it easy to collect and manage core and alternative data for more meaningful data discovery. For more information or a demo, please visit us at https://synaptik.co/ or email us at firstname.lastname@example.org.
The U.S. Department of Homeland Security designated the current month of October as National Cybersecurity Awareness Month. Cybersecurity is currently at the forefront of many American’s minds following the sweeping data breach earlier this year at Equifax, a consumer credit reporting agency. The current total of Americans affected by the breach stands at 145.5 million; however, the data breach is arguably the greatest of all time for its depth in addition to its scale. Missing data from victims includes names, birthdays, addresses and Social Security numbers. Even more alarming, consumer’s security answers and questions may have also been breached, providing hackers and their clients the ability to lock victims out of their private accounts by altering passwords and other account settings.
But with advances in machine learning (ML) and artificial intelligence (AI) technologies to snuff out potential malware threats, shouldn’t business users be able to construct more robust fortresses for their data?
The answer is yes, but this optimism should be tempered as the potential is more limited than many might think.
Some brief definitions require clarification before exploring key limitations of applying machine learning and AI algorithms for cybersecurity measures.
Machine Learning is the ability for computer programs to analyze big data, extract information automatically and learn from it.1
Artificial Intelligence is the ability of a digital computer or computer-controlled robot to perform tasks commonly associated with intelligent beings such as the ability to reason, discover meaning, generalize or learn from past experience.2
Cybersecurity is the practice of protecting systems, networks and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information, extorting money from users or interrupting normal business processes.3
So why should we temper our expectations when deploying machine learning algorithms for cybersecurity needs?
Machine Learning is not AI. Machine learning has amazing capabilities including the ability to analyze and learn from big data sets. However, the ability to learn should not be confused with the ability to reason or self-reflect, two characteristics of AI and humans. Therefore:
Machine Learning Will Identify Data Anomalies Better than Malware. Machine Learning algorithms can become very adept at identifying anomalies in large data sets, especially if they have a generous amount of training data. However, spotting threats becomes infinitely more complex if the algorithm must determine good from bad anomalies as well as unforeseen randomness. As a result:
Machine Learning Will Likely Produce Excessive False Positives. These false positives of malware identification could represent over 99% of anomalies. Regardless, any surfacing anomalies may require human-follow up, quickly zapping limited cybersecurity resources faced by many organizations.4
The question remains: how should cybersecurity leaders in organizations leverage machine learning to sniff out malevolent attacks? The answer combines the power of people with the power of machines. Heather Adkins, director of information and privacy and a founding member of Google’s security team, recommends that companies “pay some junior engineers and have them do nothing but patch”.5 However, as Machine Learning cybersecurity algorithms are fed more data and supplemented with isolation capabilities that confine breaches for human study, a symbiosis between people and machines can prove more effective than silo-ed efforts to combat malicious threats online.
What might more concrete solutions look like? Attend our upcoming panel discussion to find out more.
Aligned with the goals of Cybersecurity Awareness Month, True Interaction is co-hosting a panel discussion this Thursday evening alongside the law firm PWBT (Patterson, Belknap, Webb and Tyler LLP), the digital agency Tixzy, and the strategic IT services provider Optimum Partners. Topics will include a high-level discussion on the current cybersecurity regulatory landscape, 3rd party risk and insider threats.