AI can enhance UK public sector resilience

Guest blog by Chris Parker MBE, Director Government Strategy at Fortinet UK #techUKCyber2023

Automation and Artificial Intelligence (AI) are being used by threat actors to increase attack effectiveness but how does AI enhance UK safety? Fortunately, the Industry is investing heavily to stay ahead of the threat; Fortinet has more technology patents than the rest of the cybersecurity industry combined. Automated security has been part of the Fortinet Security Fabric for some time and this article explains how AI can help defend the UK Public Sector.

Can AI prevent cyberattacks? AI in cybersecurity reinforces cyber threat intelligence, enabling security professionals to do many things better: search for characteristics of cyberattacks, strengthen defences, analyse data (e.g. fingerprints, typing styles, and voice patterns) to authenticate users and discover clues as to the identity of specific cyberattacks.

Applications of AI in cybersecurity include several areas such as password protection and authentication. With AI in cybersecurity, organisations can better protect passwords and secure user accounts through authentication. Most websites include features that allow users to log in to purchase products or contact forms for people to input sensitive data. Extra security layers are necessary to keep their information secure and prevent it from getting into the hands of malicious actors.

AI tools, such as CAPTCHA, facial recognition, and fingerprint scanners enable organisations to automatically detect whether an attempt to log in to a service is genuine. These solutions help prevent cybercrime tactics like brute-force attacks and credential stuffing, which could put an organisation’s entire network at risk.

Phishing remains one of the biggest cybersecurity threats facing businesses across all industries. AI within email security solutions enables companies to discover anomalies and indicators of malicious messages. It can analyse the content and context of emails to quickly find whether they are spam messages, part of phishing campaigns, or legitimate. For example, AI can quickly and easily identify signs of phishing, such as email spoofing, forged senders, and misspelled domain names.

Machine Learning (ML) algorithm techniques allow AI to learn from data to make analysis more accurate and evolve to address new threats. It also helps AI better understand how users communicate, their typical behaviour, and textual patterns. This is crucial to preventing more advanced threats like spear phishing, which involves attackers attempting to impersonate high-profile individuals like company CEOs. AI can intercept suspicious activity to prevent a spear-phishing attack before it causes damage to corporate networks and systems.

Vulnerability Management can also be helped by AI. As cyber criminals deploy more sophisticated methods and techniques, thousands of new vulnerabilities are discovered and reported every year. As a result, businesses struggle to manage the vast volume of new vulnerabilities they encounter every day, and their traditional systems cannot prevent these high-risk threats in real time.

AI-powered security solutions such as user and entity behaviour analytics (UEBA) enable businesses to analyse the activity of devices, servers, and users, helping them identify unusual behaviour that could indicate a zero-day attack. AI in cybersecurity can protect businesses against vulnerabilities they are unaware of before they are officially reported and patched.

Network security involves the time-intensive processes of creating policies and understanding the network’s topography. When policies are in place, organisations can enact processes for identifying legitimate connections versus those that may require inspection for potentially malicious behaviour. These policies can also help organisations implement and enforce a zero-trust approach to security.

However, creating and maintaining policies across multiple networks requires a significant amount of time and manual effort. Organisations often do not deploy the correct naming conventions for their applications and workloads. This means security teams may have to spend more time determining which workloads belong to specific applications. AI learns organisations’ network traffic patterns over time, allowing it to recommend the right policies and workloads.

Behavioural Analytics allow organisations to identify evolving threats and known vulnerabilities. Traditional security defences rely on attack signatures and indicators of compromise (IOCs) to discover threats. However, with the thousands of new attacks that cyber criminals launch every year, this approach is not practical.

Organisations can implement behavioural analytics to enhance their threat-hunting processes. It uses AI models to develop profiles of the applications deployed on their networks and process vast volumes of device and user data. Incoming data can then be analysed against those profiles to prevent potentially malicious activity.

Fortinet offers AI-powered cybersecurity solutions to protect organisations against known and emerging cyber threats. One such AI example is FortiNDR, which is a deep-learning solution designed specifically to remove the need for time-consuming manual investigation of cyberattacks. It enables organisations to accelerate their responses to advanced threats by identifying and classifying attack vectors in real time and instantaneously blocking them from reaching corporate networks. FortiNDR relies on data from FortiGuard Labs, which provides the latest insight into emerging security threats. FortiNDR empowers organisations to detect and protect against the millions of threats that FortiGuard Labs discovers every day.

In summary, despite much talk about AI as a risk element, this must be balanced with the positive benefits too. Fortinet already use AI as a force for good today to enhance UK resilience and provide next generation cybersecurity, everywhere you need it.

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more