Pioneering information security with AI

Artificial intelligence (AI) provides hackers with new ways to attack organizations. But it also opens up opportunities for companies to better protect themselves against these attacks. Körber is, therefore, investing in AI and advising its customers to follow suit.

Innovation or menace? For Andreas Gaetje, Chief Information Security Officer (CISO) at Körber, it's evident that AI can be both. For one, the technology offers enormous opportunities for companies. Particularly in the form of generative AI. "It's the biggest wake-up call you can imagine, especially for industrial production," says Gaetje, listing the benefits:

• Increased automation: AI can automate repetitive tasks, allowing workers to focus on more complex and creative assignments.
• Higher efficiency: AI helps to reduce material consumption and eliminate waste.
• Predictive maintenance: By analyzing machine data, AI can accurately predict when parts need to be replaced or serviced, preventing downtime and costly repairs.
• Quality control: AI can monitor production processes in great detail and identify factors that affect product quality.
• Occupational safety: For example, AI can identify risks using data collected by sensors. This can help prevent accidents and injuries.

However, to reap the full benefits of the technology, companies have to meet specific requirements: Operational technologies (OT) in production must interact with information technology (IT). "Production facilities need to be comprehensively networked," says Gaetje. And it is precisely this networking where the danger resides.

AI enhances quality and quantity of attacks

The threat posed by hackers is already immense. According to a recent survey by the British insurance company Hiscox, 58 percent of all German companies were targeted in 2023 alone - an increase of 12 percent compared to the previous year. AI increases both the quantity and type of attacks. "The nature of the threat is changing," says Gaetje. It's no longer just about tapping into data to blackmail companies. Networking machines into "smart factories" heightens the risk of hackers accessing machine data and disrupting production processes. Also, phishing emails might even increase in the future, with deep fakes adding additional forms of deception, such as fake phone calls from the CEO. With generative AI, it is possible to vary and improve the content of emails faster and faster so that they can hardly be distinguished from legitimate messages.

"All of this puts tremendous pressure on companies," says Gaetje. "I know of mid-sized companies that have stopped digitalization projects in production for fear of such attacks. Ultimately, this threatens their competitiveness." Besides, companies are not achieving their intended goal: "The risk of catching malware is hardly reduced because the internal devices are connected anyway." OT systems themselves are another vulnerability. Companies often forgo necessary updates because they are costly and time-consuming. "This can have serious consequences and is a perfect gateway for hackers," says Gaetje.

AI-based security systems

He advises companies to see artificial intelligence as a way to better protect themselves from attacks. Körber is leading the way, making digital security a priority. "We are investing in AI-based security systems and developing AI-based production systems. And we advise our customers to do the same," says Gaetje. "Used consciously and securely, AI is crucial for companies to remain competitive in the future."

One way to do this is through "zero trust" architectures. They divide networks into small, isolated segments and allow only indispensable connections. When attacked, only individual systems can be targeted, not entire networks. Only AI enables the implementation of such architectures on a large scale because self-learning and automated micro-segmentation dramatically simplify deployment and avoid high implementation costs, as Gaetje explains. "We are already making use of the model with individual customers." They benefit from the fact that Körber has expertise in both mechanical engineering and software development. "We know machines - and we also know how to protect them," he says. "This is why we consider security in developing our software products right from the start."

However, AI is about more than just preventing attacks; it is also about detecting and actively fighting them. Extended Detection and Response (XDR) systems learn automatically, for example, to block malware or recognize suspicious device behavior. Körber's own Cyber Defense Center (CDC) in Porto, Portugal, demonstrates XDR in action.

Defense by attack

Unlike traditional security measures, the CDC responds to attacks, monitors and analyzes attacks on other networks, and draws appropriate conclusions. Could hackers use the same approach in our organization? Are there similar vulnerabilities? Körber constantly has its infrastructures and systems attacked in penetration tests - sometimes by specially commissioned hackers. The CDC also follows up on successful attacks: Were the attackers active elsewhere in the network? Have they installed backdoors there?

"In the end, it comes down to a kind of competition: AI versus AI," Gaetje says. And humans who understand how it works. To stay ahead in this competition, Körber doesn't just want to rely on experts; in the future, all employees will be trained to use artificial intelligence programs. Pilot projects have already been launched. Gaetje also advises customers to adopt this approach: "A successful security architecture without AI-based tools is no longer feasible. Investing now is the best preparation for digital transformation."