Artificial Intelligence (AI) is becoming a powerful and effective tool in the fight against cyber threats. It aids in securing data, detecting fraud, and safeguarding against cyber attacks. However, like any technology, it can also be used for criminal purposes. So how can we harness the potential of AI to provide the highest level of security for our organizations?

 

Rise of Cybercrime

 

In a report on cybercrime in 2022, compiled by the Internet Crime Complaint Center (IC3) of the United States Federal Bureau of Investigation (FBI), the numbers confirm that cybercriminals are intensifying attacks on American networks, critical infrastructure, and the financial sector. The scale of online fraud and incidents threatening national security is increasing. According to estimates from American experts, the losses caused by digital crimes exceeded $10 billion in 2022. Recall that just 2 years earlier, such losses were estimated at $4.2 billion USD.

 

A similar trend is observed in Poland. The annual report from CERT Poland^[1] indicates that another record-breaking number of cybersecurity incidents was registered. In 2022, 322,479 reports were recorded, representing over a 34% increase in incidents compared to the previous year. These concerning figures are substantiated by the growing frequency, and more worrisome, severity of attacks, such as the June 2023 attack on the electronic platform for public administration services (ePUAP), which serves as a means of communication between citizens and public administration units and holds significant amounts of data.

 

 

AI in the Fight Against Cyber Attacks

 

In response to the escalating threats, experts have turned to the possibilities presented by artificial intelligence. In the realm of cybersecurity, AI has become one of the most critical and rapidly developing areas. AI offers numerous capabilities in detecting, analyzing, and preventing threats. Through machine learning capabilities and automated processing of large volumes of data, AI aids in identifying, recognizing, and responding to cyber attacks in a more efficient and effective manner than traditional methods.

 

One of the primary applications of AI in cybersecurity today is anomaly and network attack detection. AI systems can analyze network traffic, user behaviors, and other factors to identify suspicious activities. Artificial intelligence can analyze system event logs, network logs, and sensor data to identify suspicious activities. This enables rapid detection and response to security breaches.

 

AI can also be employed to develop more effective authentication and authorization methods, such as biometric fingerprint scanners, facial recognition, or user behavior analysis. Additionally, AI can support risk management processes and threat forecasting, enabling proactive and even preemptive actions.

 

Data from the USA, as indicated in the previously mentioned FBI report, further highlights that the most popular form of cybercrime has become phishing. Phishing is an online attack in which an individual or organization impersonates a trusted entity to deceive users (e.g., online) and obtain sensitive information like passwords, credit card numbers, or personal data. Typical forms of phishing utilize fake emails, text messages, social media posts, fake websites, and advertisements. In response to this threat, increasingly sophisticated Anti-Phishing Detection and Protection Systems utilizing AI are being developed. Why? Because AI helps analyze email contents, identify suspicious links, and detect phishing attempts.

 

However, it's important to note that AI in cybersecurity is not a perfect solution. There are challenges and limitations associated with the use of artificial intelligence in this field. What's worse, technologies associated with artificial intelligence (AI) can be equally effectively used in hacking attacks.

 

AI in the Hands of Criminals

 

Cybercriminals are increasingly turning to artificial intelligence. They use it, for instance, for brute force attacks, attempting to crack passwords or access codes by trying an immense number of combinations. Machine learning algorithms can automatically generate and test various combinations to find weak points in security systems.

 

Similarly, in the case of the previously mentioned phishing, AI can assist in automatically creating credible messages, and natural language processing algorithms can analyze the content of genuine email messages to create nearly identical replicas that can deceive users. If AI systems are used to detect threats or analyze data for security purposes, hackers may attempt to introduce malicious data or attacks aimed at confusing these systems.

 

 

What's Next?

 

Above all, it's important to understand that artificial intelligence itself is neither inherently good nor bad. Its use, however, can be ethical and beneficial, or conversely, destructive and criminal. Therefore, regulations are needed to create conditions for the rational use of AI potential. The European Union has already adopted a directive defining legal frameworks for the development of artificial intelligence. This is the world's first law concerning AI. The EU aims to regulate artificial intelligence to ensure better conditions for the development and use of this innovative technology.

 

Will new regulations increase security levels? What about countries outside the EU? Can AI be globally regulated? These questions are difficult to answer definitively today. However, from the perspective of cybersecurity for companies and institutions, it is crucial to be at least "one step" ahead of criminals in the "race" for their own security. This requires not only the appropriate infrastructure and IT potential, computational power, data sets, network efficiency, etc., but also the latest knowledge about AI capabilities, continuous monitoring and analysis of global trends, and the implementation of the latest cybersecurity solutions.

 

 

^[1] CERT Poland is an incident response team. It operates within the structures of NASK - the National Research Institute and performs part of the tasks of the CSIRT NASK team in accordance with the law on the national cybersecurity system.