Third-Party Cyber Risk with AI
Written by: Black Kite
From search engines to e-commerce platforms, smart home devices to healthcare, Artificial Intelligence(AI)-enabled services and products are in our daily lives more than you might realize. Recent developments show
AI-enabled devices capable of interacting with human’s brains is no longer a futuristic goal.
Although the role of artificial intelligence in cyber security dates back to a decade ago, new (and perhaps more robust) applications are beginning to emerge with the advanced use of Machine Learning (ML) and Deep Learning (DL).
With proliferated real world applications, let’s dive into AI’s role in cyber security and third party risk management.
What is AI? How does it differ from ML and DL?
Artificial intelligence is a science field interested in finding solutions to complex problems like humans do. It can be thought of as a decision mechanism modelled with certain algorithms to be similar to human decision-making.
Machine learning can be considered as a subdomain and most of the time an application of artificial intelligence, in which computers, devices, software work via cognition.
In the technical sense, a ML uses mathematical and statistical ways to extract information from data. With that information, machine learning tries to guess the unknown just like a human brain does.
As a specialized form of ML, deep learning represents the next evolution of machine learning. It acts very much like a human brain and allows the machine to analyze data. Going a step further than ML, deep learning has the ability to perform classification tasks directly from images, text, or sound.
The models in deep learning are formed by large data sets and an artificial neural network containing complex layers, proven to yield better results than humans.
In cases in which it’s not humanly possible to analyze a tremendous amount of data in a fixed amount of time, AI solutions can serve as solutions with successful and fast outcomes.
AI by Everyday Examples
There are many examples of machine and deep learning that we use every day and perhaps we don’t even realize they’re powered by AI. Some include:
Virtual assistants like Siri, Google and Alexa, gather and refine information based on your previous interaction with them.
Most web sites today have online customer support, aiming to improve the customer experience on the web site. These chatbots offer the option of chatting with customers and answering their queries.
Nowadays, most video surveillance systems are powered by AI which allows the detection of crime before it happens. They monitor people’s unusual behaviors like long standing unmoving, wandering, or soliciting etc.
As for malware filtering, every day over 325,000 malware is found and each piece of code is 90%-98% identical to its previous versions. Machine learning powered software comprehends the pattern of coding in these malware sets. Therefore they easily detect new malware with variation of 2%-10% and provide protection against it.
Rule-based spam filtering fails to track the latest tricks adopted by spammers. Gmail is now blocking 100 million extra spam emails facilitated by its machine learning platform. Although the obvious spam can be blocked by rule-based filtering, machine learning explores emerging patterns that might indicate that you don’t trust an email.
AI’s Role in Cyber Security
AI, and in particular Machine Learning in cybersecurity, is far more than simply implementing algorithms. AI can be used to help predict cyber-threats and react to cyber incidents. By analyzing large amounts of data, cyber attacks can be decreased significantly.
Today AI is being used in a tremendous amount of applications in cyber security, some of which include but are not limited to:
- Endpoint detection
- Spam Filter Applications (spamassassin)
- Network Intrusion Detection and Prevention
- Fraud detection
- Credit scoring and next-best offers
- Botnet Detection
- Secure User Authentication
- Cyber security Ratings
- Hacking Incident Forecasting
AI-Driven Third-Party Risk Management
As you might recall from our previous blogs we delved into the concepts like “cyber risk”, “reputation risk” and “risk management” in the Third-Party Risk Management (TPRM) domain, but not dig into the driving methodologies that powered the quantification of cyber risk and security ratings.
The role of AI in third party risk management has never been this important. Distinguishing high-risk vendors from low-risk vendors is a major challenge in a vendor risk assessment. Security Rating Services (SRS) can facilitate this via quantification of third-party risk with the help of AI engines.
Vendor Risk Assessment through SRS has also become a game-changer in the due-diligence process of a business partnership. Black Kite uses AI-powered engines in almost every category to provide a risk-based score. Combined with open-source intelligence techniques, here are a few examples pertaining to AI-powered third-party risk monitoring of the Black Kite Platform:
- Leveraging text similarities and other information, in deriving the digital footprint of a company or a vendor
- Web site analysis including NLP combined ML techniques
- Estimation of the phishing domains associated with a company or a vendor
- Reputational Risk
- Estimation of compliance correlation to industry standards, best practices and acts such as NIST 800-53, PCI-DSS, COBIT, ISO27001, GDPR, HIPAA, NIST CSF, NIST 800-171
To better understand these AI-powered engines, let’s dive a bit further into phishing domains and the AI- powered Compliance Module.
Phishing Domains
Black Kite analyzes registered domains using Natural Language Processing (NLP) and other machine learning techniques daily.
There are an abundance of algorithms and a wide variety of data types for phishing detection in the academic literature and commercial products. A phishing URL and the corresponding page have several distinct features which can be differentiated from a malicious URL.
Aside from URL-Based Features, different kinds of features are used in machine learning algorithms in the detection process. Features collected from academic studies for the phishing domain detection with machine learning techniques are grouped as given below:
1. URL-Based Features
2. Domain-Based Features
3. Page-Based Features
4. Content-Based Features
Black Kite uses several other technical features in addition to the above, and processes them using machine learning algorithms.
Black Kite’s Compliance module
Black Kite’s standards-based approach enables us to estimate and assess compliance levels of third parties and vendors. Using NLP and Deep Learning techniques, Black Kite correlates cyber risk findings to industry standards and best practices. The classification allows organizations to measure the compliance level of any company or vendor for different regulations and standards including NIST 800-53, ISO27001, PCI-DSS, HIPAA, GDPR, and Shared Assessments.
Black Kite has a unique cross-walking capability to calculate the compliance level of a standard based on the input given from another standard. Say a company works with a number of different vendors, each bound to different regulations. All that company needs to do is to request an upload for the NIST 800- 53 compliance report or any other report to our system. Black Kite’s algorithm can then estimate the compliance level of other regulations such as PCI-DSS, HIPAA, COBIT, and GDPR, saving time both on the vendor and the company side.
What Does the Future Hold for AI in Cybersecurity?
Of the 30 new technologies featured in latest Gartner’s Hype Cycle 2020, nine relate significantly to artificial intelligence:
- Generative adversarial networks
- Adaptive machine learning
- Composite AI
- Generative AI
- Responsible AI
- AI-augmented development
- Embedded AI
- Explainable AI
- AI-augmented design
The Gartner Hype Cycle covers the next decade, but only after the technologies move forward through the trough will we see what is realistic and widely adopted. According to Gartner’s predictions we won’t see the benefits of most AI-driven solutions until the end of the next decade.
As for cybersecurity, there is a long way to go to use artificial intelligence in an impactful way. However, effective methods are already underway. Before deciding on your solution, you need to learn more about your threats.
Learn more about Black Kite!
Featured image by Freepik