How AI will automate cybersecurity in the post-COVID world

By now, it is obvious to everyone that widespread remote working is accelerating the trend of digitization in society that has been happening for decades.

What takes longer for most people to identify are the derivative trends. One such trend is that increased reliance on online applications means that cybercrime is becoming even more lucrative. For many years now, online theft has vastly outstripped physical bank robberies. Willie Sutton said he robbed banks “because that’s where the money is.” If he applied that maxim even 10 years ago, he would definitely have become a cybercriminal, targeting the websites of banks, federal agencies, airlines, and retailers. According to the 2020 Verizon Data Breach Investigations Report, 86% of all data breaches were financially motivated. Today, with so much of society’s operations being online, cybercrime is the most common type of crime.

Unfortunately, society isn’t evolving as quickly as cybercriminals are. Most people think they are only at risk of being targeted if there is something special about them. This couldn’t be further from the truth: Cybercriminals today target everyone. What are people missing? Simply put: the scale of cybercrime is difficult to fathom. The Herjavec Group estimates cybercrime will cost the world over $6 trillion annually by 2021, up from $3 trillion in 2015, but numbers that large can be a bit abstract.

A better way to understand the issue is this: In the future, nearly every piece of technology we use will be under constant attack – and this is already the case for every major website and mobile app we rely on.

Understanding this requires a Matrix-like radical shift in our thinking. It requires us to embrace the physics of the virtual world, which break the laws of the physical world. For example, in the physical world, it is simply not possible to try to rob every house in a city on the same day. In the virtual world, it’s not only possible, it’s being attempted on every “house” in the entire country. I’m not referring to a diffuse threat of cybercriminals always plotting the next big hacks. I’m describing constant activity that we see on every major website – the largest banks and retailers receive millions of attacks on their users’ accounts every day. Just as Google can crawl most of the web in a few days, cybercriminals attack nearly every website on the planet in that time.

The most common type of web attack today is called credential stuffing. This is when cybercriminals take stolen passwords from data breaches and use tools to automatically log in to every matching account on other websites to take over those accounts and steal the funds or data inside them. These account takeover (“ATO”) events are possible because people frequently reuse their passwords across websites.

The spate of gigantic data breaches in the last decade has been a boon for cybercriminals, reducing cybercrime success to a matter of reliable probability: In rough terms, if you can steal 100 users’ passwords, on any given website where you try them, one will unlock someone’s account. And data breaches have given cybercriminals billions of users’ passwords.

Above: Source: Attacks Against Financial Services via F5 Security Incident Response Team in 2017-2019

What’s going on here is that cybercrime is a business, and growing a business is all about scale and efficiency. Credential stuffing is only a viable attack because of the large-scale automation that technology makes possible.

This is where artificial intelligence comes in.