The era of algorithms: how the AI autonomous response wins the race against cyber attacks

In the age of automated cyberattacks running at the speed of light, the mere detection of attacks is no longer enough. Even when teams discover a risk early, they are overtaken by malicious codes that can encrypt or extract data in less than a minute.

According to a study by the Ponemon Institute [1], it takes an average of 206 days for US companies to detect a data breach. To face this threat, the only way forward is to counter stealth attacks with equally fast defense systems. Standalone cyber defense technologies are now able to harness artificial intelligence algorithms to stop malware, allowing incident responders to investigate and act at their own pace. In addition, these AI-boosted standalone solutions protect the digital network day and night for a true omnipresent protection.

Let’s look at two sophisticated attacks neutralized by an autonomous response in the absence of security teams or their inability to react in time.

A cyber attack on a Fortune 500 company

The ransomware is the perfect example of a cyber threat that is too fast for professionals. This type of attack has become a major concern for organizations around the world. Previous research has shown that about 70% of companies simply pay the ransom [2] when they are hit, regardless of the cost. Autonomous response prevents ransomware from spreading by confining users and devices. AI intervenes surgically to isolate anything that is abnormal, while allowing business operations to continue uninterrupted.

On Friday at 19:05, an employee of a major telecommunications company accessed his personal e-mail from his business phone and was prompted to download a malicious file containing ransomware software. A few seconds later, the device started connecting to an external Tor server, which allowed the attack to take place just after the company security team left the office for the week-end.

The AI ​​responded in nine seconds after the start of encryption, triggering a priority alert calling for immediate action. As the behavior persisted for a few seconds, a standalone AI-enabled response stopped all file encryption attempts before the ransomware software spread over the network.

Amusement park attack

Stealing data is now more and more popular with cybercriminals. Stolen personal and identity information may be sold on the Dark Web and used to commit identity theft or to move within the victim’s network. In a North American amusement park, an experienced cybercriminal targeted a connected device (a physical locker designed to store personal effects) As part of its default setting, the “smart” locker routinely made contact with the vendor’s online platform, a process that attackers hijacked to compromise the device.

Once infiltrated, the bin began to transfer more than one gigabyte of unencrypted data over the network to a rare external site. Connections, which probably included identity information and sensitive identifiers, could be transmitted over the Internet without any protection. This would then allow the hackers to intercept the connections and use the information. Once again, the intelligent defense system countered the attack autonomously, waiting for the computer security team to intervene.

Autonomous responses are slowly becoming the norm given the increasing dangerousness of cyberthreats. The relative costs for companies amount to 4.7 million euros on average [3]. In a few seconds, artificial intelligence acts by blocking all outgoing connections from the compromised terminal. Thus, IT teams have time to isolate the infected post of the network, before all the confidential data of a company or a consumer can be exfiltrées.


[3] The Cybersecurity Imperative report, produced by independent researcher ESI ThoughtLab in collaboration with Willis  Towers Watson