A high number of IT decision-makers consider artificial intelligence (AI) and machine learning (ML) important in stopping future cyber security threats. However, a significant proportion also view discussions around the subject to be pure vendor hype.
A white paper released by cyber security software provider ESET found that IT professionals in the USA were much more likely to believe in the power of these technologies: 82% said that they would be a ‘silver bullet’ in solving future security challenges, compared to 67% and 66% in the UK and Germany, respectively.
US respondents were also more sceptical about the possibilities, with 65% disregarding current discussions as hype. 53% of IT professionals in the UK, and 40% in Germany, felt the same way.
ESET says that the promises made by IT vendors around AI and ML “[have] the potential to put businesses in a position where security professionals are relying too much on the development of AI and not focusing enough on a joint and multi-layered approach of human and machine”.
Difference between AI and ML?
47% of respondents said that they don’t fully understand the difference between AI and ML.
ML, which relies on training computers to perform tasks, is nothing new; companies have been using it in security since the 1990’s. Although a powerful tool, ML has drawbacks and is best used under the supervision of a human operator.
Artificial intelligence, on the other hand, describes a situation in which a machine operates without pre-programming or training.
While these techniques might change the way organisations approach security, hackers will also be able to leverage AI and ML tools to carry out higher numbers of labour-intensive attacks, like spear-phishing.
More than half of respondents in all regions (USA: 75%; UK: 57%; Germany, 55%) think that the number of malicious attacks will increase when hackers start to use AI. They also agreed (USA: 79%; UK: 66%; Germany, 58%) that attacks would become more complex.
At the moment, AI is still far in the future, and ML is not yet competent enough to replace humans in the security apparatus.