Sure, humans click on too many links, forget to patch systems, and too frequently make “password” their password, but AI has its limitations too—and data scientists Mahantesh Halappanavar and Samrat Chatterjee are trying to figure out what they are.

The two analysts, along with their team at the Pacific Northwest National Laboratory (PNNL), have been testing how well deep-learning algorithms can stop intruders as they make moves inside a network.

With training examples in the OpenAI Gym simulation environment, the researchers found that one algorithm in particular—Deep Q-Network—frequently prevented a simulated adversary from reaching the exfiltration stage of an attack.

But IT won’t go fully autonomous anytime soon. That requires a lot of power:

“If you want to optimize across a space in a really reliable manner, it’s just going to be an extremely compute-intensive problem. So, we’ll have to accordingly adjust what we can do,” Halappanavar, chief computer scientist at PNNL, told IT Brew.

The two spoke about other reasons why the human touch will stay essential to cybersecurity operations.

The interview below has been edited for length and clarity.

Why are we “nowhere near that stage where AI can replace human cyber analysts”?

Chatterjee: There are different types and levels of decisions that need to be made in order to secure a cyber system. Some decisions are maybe more amenable at human speeds; some decisions, just by design, need to be made at machine speeds…Maybe what is a practical vision for the future is where the AI agent is a teammate that the human can rely on.

Do you have examples where AI is particularly supportive, in situations that require faster response time?

Chatterjee: One quick example is your spam filter in your inbox. There’s no human selecting emails and checking whether they should go in a spam filter or in your primary inbox.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Ransom—where?

Ransomware attacks were on the rise for many years, until they began to decline in 2022. But threat actors are improving their tactics, meaning targeted companies and organizations will have to turn to stronger security operations.

Vulnerabilities that lead to ransomware attacks are often a symptom of bigger security hygiene issues, Mike Wiacek, CEO of Stairwell, told IT Brew. Over time, those flaws can build up and open the door to vulnerabilities that can be exploited by threat actors of all kinds—raising concerns that adversaries have more lines of attack.

“Ransomware may be the one that causes you the pain that’s most visible, but the underlying disease that was untreated is fundamentally the real concern that we overlook,” Wiacek said.

We shall fight on the beaches. Undetected malicious software can be used as a “beachhead” for ransom attacks, but the fact that the threats can go so long undetected indicates greater problems at the core of IT security that need to be dealt with. Wiacek told IT Brew that what’s required is better practices.

“When you start thinking about this as a hygiene problem, the best way to stop ransomware is to make sure that you don’t have compromised devices on your networks in the first place that can then be used as beachhead to get ransomware to show up,” Wiacek said. “The ounce of prevention is worth a pound of cure.”

Part of the threat landscape, according to a new Rapid7 analysis, is widespread exploitation vulnerabilities. Caitlin Condon, the Rapid7 report’s lead author, told IT Brew that the reduction may well be the result of a more sophisticated class of cybercriminal.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 55. That’s the number of zero-day flaws Mandiant observed being exploited in the wild in 2022. (CSO Online)

Quote: “Loyal workers tend to get picked out for exploitation. And then when they do something that’s exploitative, they end up getting a boost in their reputation as a loyal worker, making them more likely to get picked out in the future.”—Matthew Stanley, PhD and postdoctoral researcher at Duke University’s Fuqua School of Business, on the results of a study showing loyalty to employers can backfire (Motherboard)

Read: ChatGPT is the new front in the culture wars. (the New York Times)