KPMG and Blue Prism: Mitigating cyber risks with AI and ML

Cyber crime presents a major risk to global prosperity in the Fourth Industrial Revolution. As these attacks grow in volume, artificial intelligence (AI) not only supports under-resourced analysts but also provides a wide range of protection from malicious attacks.

Combating these attacks is becoming increasingly important, research into cyber security has shown that 64% of companies worldwide have experienced at least one form of cyber attack and every 39 seconds there is a new attack somewhere on the web.

As cyber attacks become more complex, information security professionals are turning to AI due to its ability to identify threats early and work as a preventative measure. As a result,  AI and machine learning (ML) is becoming essential tools for information security professionals.

Noting the complexity of cyber security challenges, Martin Tyley, Head of Cyber at KPMG UK said: “New technologies, including AI itself, bring with them a growing list of new challenges for cyber security. The growth in ML is posing new questions: How has the ML algorithm been trained and what biases have been introduced? How can we supervise behaviour to ensure it’s operating within ‘acceptable’ parameters? How could the technology be manipulated by an adversarial AI technique and what would the consequences be?” 

“Whilst AI as a concept isn’t new, the maturity today is such that these ‘rules’ are still being defined and they require a new blend of skills including data science, security and ethics, advanced programming and behavioural change – there are many unknowns that security teams should be mindful of,” he continued.

The introduction of this technology also reduces issues relating to burnout and fatigue within information security professionals whilst increasing the pace of execution, as Bruce Mazza, Senior Vice President of Technology Alliances at Blue Prism explains: “The exponential growth in the technology landscape and the advancement in capabilities of cyber criminals means humans can’t operate on the scale at which they need to on their own. AI enables companies and cyber security professionals to augment their resources and execute threat prevention, identification, and analysis on a much larger scale.”

Adding to this, Tyley said: “The drive for new functionality and ways of working means that mapping out all possible behaviours is impossible. Instead, cyber security teams need to turn to ML capabilities that can identify new, maybe anomalous behaviour, and act accordingly to manage the most urgent threats.”

This is particularly significant as in the KPMG 2021 CEO Outlook Pulse Survey, cyber risk was ranked as the number one organisational threat by global CEOs and security teams are becoming more overwhelmed by threats every day.

Responding to the increased rate of cyber attacks with AI and ML

Undoubtedly, the coronavirus pandemic has increased the rate of cyber crime across the globe. 

Deloitte has outlined that the increase in remote working calls for a greater focus on cyber security as more people are exposed to risk, and in different ways, highlighting that 47% of individuals fall for a phishing scam while working from home.

“With phishing and malware threats continuing to affect organisations at increased levels, enterprises would be disserving themselves by not enhancing their security credentials with the use of AI-enhanced intelligent automation,” explained Mazza.

He also noted that the introduction of this technology is not only significant for mitigating risk but for business strategy too: “Without strategic investment in automation and digital transformation, their competitiveness relative to these leaders will degrade seriously and possibly irreversibly over the next five years.” 

“In the same way, enterprises that aren’t investing in AI-enhanced solutions can help tackle the growing threat of cyber security will undoubtedly open themselves up to an increasing amount of risk as cyber criminals’ capabilities continue to progress,” he continued.

Key considerations with AI and ML among cyber security professionals

When utilised for cyber security purposes, AI can be used to sift through large amounts of data to identify suspicious irregularities across systems and user activity. 

“With Machine Learning (ML) specifically, security teams are able to search across disparate data sources and correlate numerous data points so that anomalies can be identified. Just one of these anomalies could be a threat actor infiltrating a cloud network or another part of the IT system,” says Tyley.

Outlining the incredible capabilities of AI within the cyber security environment, Mazza said “Digital robots equipped with the latest AI capabilities are able to analyse phishing emails up to 80% faster, analyse malicious URLs up to 96% faster and analyse intrusion events up to 80% faster.”

Although the benefits of this technology are undeniable, particularly as AI can protect organisations from the snowballing scale of sophisticated cyber crime, Tyley did stress the importance of data models and the understanding of the cyber environment: “There is a risk that otherwise innocent activities are wrongly interpreted and instead of preventing attacks, innocent business processes are halted. Extrapolate that out to critical business systems and in some industries, the consequences could be severe.”

“As we’ve seen with data science and other fields, this approach also requires a new skill-set and way of working that can’t be learnt overnight. Consequently, the perceived benefits in time and cost may take longer to achieve, which leads to frustration when the advantages and the ‘future vision’ are sold to those charged with leading the organisation, who are naturally looking for fast results,” he continued.

Additionally, as professionals need to make other key considerations when implementing this complex technology as Mazza explained: “A major factor to consider is that given AI systems become more intelligent through the use of data sets businesses must collate lots of specific malware codes, non-malicious codes, and anomalies throughout implementation, it takes a lot of time and needs a significant amount of investment.”

“Many organisations struggle to fund this. Without this ability to bring together data, AI tools can deliver incorrect results and/or false positives and getting inaccurate data from unreliable sources can even backfire.” 

Adding to this drawback, cyber security management defences are often fragmented across multiple different vendors. Tyley explained that with this, only some of them talk to each other: “This makes it even more difficult for those tasked with protecting the organisation in preventing the snowballing scale of sophisticated cyber crime. In this landscape, protective systems need to be able to monitor and automate response at scale.” 

He concluded that ML capabilities are the key to overcoming challenges with automated technology and cyber risk: “ML can form a substantial part of the solution – we have seen in recent years multiple technologies that are able to capture patterns of behaviour, then, through the use of algorithms, run scenarios with the data to detect unusual patterns of activity.”