On the authentication side, AI can reduce risks and stop intrusions before bad actors get into various
          systems and cause harm. For example, multi-factor authentication (MFA) programs involve several different
          factors and user behaviors. AI comes into play with risk-based authentication, where the AI sets risk scores
          that are based on the login attempt context. Another example, a user who typically logs in from home during
          business hours would have a different risk assessment than the same user credentials being used at two in
          the morning from a different IP address. The AI effectively learns what sets of risks are likely to produce the
          right results (successful proper logins) and then adjusts and improves over time until it can reliably predict
          an unauthorized login.

          Reducing Phishing with Enhanced Intelligence
          Into 2021 and beyond there will be an expansion of AI into phishing prevention. In a similar structure to its
          capabilities with antivirus and authentication programs, AI can also spot anomalies that point to a phishing
          scheme. These anti-phishing programs look for inconsistencies in email message content and metadata.
          An AI-informed solution can learn over time how to spot phishing-style language such as urgent requests
          (respond immediately with your credit card!) that are likely fraudulent in intent. It can also determine spoofed
          email senders, misspelled domain names, and other tricks found in emails that aren’t always spotted by the
          human. It’s a context-based dynamic that also considers if the email is part of a string, and if there’s an
          established connection between sender and the recipient. Providers can add AI on top of traditional
          authentication tools like SPF, DMARC, and DKIM.

          Improving Remote Work Security

          Security is a key consideration for every firm that moved to remote workforces during the pandemic. A mobile
          workforce that can operate from any location with a laptop and Wi-Fi access presents considerable
          challenges for IT. Workers are exposed to online dangers but secure search engines and communication
          platforms (such as GOFBA) can help mitigate threats. There is also the risk of “shadow IT” where workers go
          rogue and pick their own cloud storage or messaging apps instead of the company-approved tools. A training
          gap also exists, with many workers unaware of the risks their actions pose to company networks and their
          own jobs. AI can help mitigate many of these risks by improving anti-virus tools and other security programs,
          and also learning about work from home patterns and then developing contextual risk assessments.

          AI and machine learning can improve multiple remote working functions. For example, an AI tool could use
          the worker’s laptop camera to note when someone else is in the room. This could then shut down access to
          sensitive information or make their screen go blank for a certain period. This feature could be invaluable for
          workers and companies dealing with compliance regulations that apply to the usage of certain data sets. AI
          is also used in hiring tools such as applicant tracking systems and other HR functions to better screen people
          before they’re hired. And employee monitoring tools will also use AI to delivery more accurate
          contextual-based results to management about the employee’s daily or monthly activities.

          Aiding the Human/Machine Mix

          In 2021 and the years ahead, cybersecurity teams should develop a better understanding of AI’s capabilities,
          specifically as they compare to human capacity. Current AI tools are improving, but many are still flawed and
          do not understand human intuition and motivations. An article in the MIT Technology Review dives deeper
          into AI’s limitations, saying “These shortcomings have something in common: they exist because AI systems
          don’t understand causation. They see that some events are associated with other events, but they don’t
          ascertain which things directly make other things happen. It’s as if you knew that the presence of clouds
          made rain likelier, but you didn’t know clouds caused rain.”











            103    Cyber Defense eMagazine – April 2021 Edition
                   Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.