Beyond the Hype: Artificial Intelligence, Machine Learning and Non-Malware Attacks Research Report

Non-malware attacks, artificial intelligence (AI), and machine learning (ML) have emerged as the topics du jour in cybersecurity.

AI and ML’s roles in preventing cyberattacks have been met with both hope and skepticism. They have been marketed as game-changing technologies though doubts still persist, especially when used in siloes. Their emergence is due largely to the climbing number of breaches, increased prevalence of non-malware attacks, and the waning efficacy of legacy antivirus (AV).

For businesses, cutting through the noise is no easy task.

For an accurate assessment of the cybersecurity landscape in 2017, Carbon Black turned to the experts. For this research, Carbon Black interviewed 410 leading security researchers in an effort to gauge how non-malware attacks, AI and ML are currently perceived.

The interviews point to some interesting trends. Among them:

  • The vast majority (93%) of cybersecurity researchers said non-malware attacks pose more of a business risk than commodity malware attacks.
  • Nearly two thirds (64%) of cybersecurity researchers said they’ve seen an increase in non-malware attacks since the beginning of 2016. There non-malware attacks are increasingly leveraging native system tools, such as WMI and PowerShell, to conduct nefarious actions, researchers reported.
  • AI is considered by most cybersecurity researchers to be in its nascent stages and not yet able to replace human decision making in cybersecurity. 87% of the researchers said it will be longer than three years before they trust AI to lead cybersecurity decisions.
  • Three quarters (74%) of researchers said AI-driven cybersecurity solutions are still flawed.
  • 70% of cybersecurity researchers said ML-driven security solutions can be bypassed by attackers. Nearly one-third (30%) said attackers could “easily” bypass ML-driven security.
  • Cybersecurity talent, resourcing and trust in executives continue to be top challenges plaguing many businesses.

In addition to key statistics from the research, the report also includes a timeline of notable non-malware attacks, recommendations for incorporating AI and ML into cybersecurity programs and an “In Their Own Words” section, which includes direct quotes from cybersecurity researchers and unique perspectives on the evolution of non-malware attacks.