US companies won't always be so hackable

Think criminal hackers are unstoppable?

It sure seems that way lately, given the spate of high-profile breaches at Target, JPMorgan, Sony Pictures and Anthem. Over the last year, America's biggest companies have been bloodied and embarrassed by an endless stream of sophisticated cyber-criminals who seem able to hack at will, regardless of the company's size or security budget. At the same time, companies are being breached by shadowy groups backed by countries like China, Russia, Iran and North Korea, they're also being blamed for falling victim in the first place. In spite of the fact that even the most well-defended companies today can't withstand a sustained attack from a dedicated nation-state adversary, the American public still blames them for their own victimization.

Cyber security
weerapatkiatdumrong | Getty Images

But the reality is, U.S. corporations today are simply outmatched when it comes to cybersecurity. And that's not entirely their fault. A big part of the blame rests with the security technologies they're forced to rely on.

But it won't always be that way.

Read MoreOfficials see China link in Anthem hack: report

Over the past few years, the cybersecurity industry has begun to focus on a new strategy in the war against hackers: using the clues discovered in one cyberattack to prevent others from taking place. In the cybersecurity world, this is known as "threat intelligence," and it's the most talked-about technology of the past few years. And for good reason. Threat intelligence is still a nascent technology, but what it could eventually offer is the ability to predict cyber attacks ahead of time and block them before they ever leave the attacker's server. In a way, it's like a real-world cyber version of the precrime division in "Minority Report," preventing crime before it has a chance to occur.

Threat-intelligence systems are already being implemented in many of America's biggest companies. These are still rudimentary systems right now, because we don't as yet have access to the full bevy of attack data that exists in cyberspace. Before we can access that, we need Congress to pass legislation authorizing companies to more easily share data on cyberattacks with the federal government. In its present form, threat intelligence is sort of like a firehose with the water turned off. But once companies are legally allowed to share data on the attacks that have hit or probed their networks, we'll see a dramatic transformation in how companies are able to defend themselves against many types of attacks that seem so unstoppable today. If nothing else, we'll see a diminishment in the "cyber spree" style attacks that take down one company after another using the same malware or security flaw. The attackers might get company A, and they may even get company B, but they won't get companies C, D and E.

But there's more to the threat intelligence story. Threat intelligence is just the beginning of what could be a sweeping change in how cybersecurity operates. With the emergence of machine learning and artificial intelligence, the potential for cybersecurity at the corporate level is almost limitless. It is highly probable that, within the next few years, we'll see the introduction of the first machine learning-based cyber defense system at a major U.S. company. Once this happens, the playing field, which now seems so tilted in favor of the hackers, will shift back to the defenders.

Read MoreHackers gonna hack: Taylor Swift's social media hijacked

Imagine a company that is able to automatically refocus and adjust its cybersecurity defenses within a millisecond of receiving new data warning of a potential attack. With the eventual rollout of machine learning-based defenses, fed by an unlimited stream of threat-intelligence data, U.S. companies could make it significantly harder and costlier for hackers to attack them -- and exponentially harder to repeat the same attack on someone else. While this won't eliminate the threat of hacking altogether -- after all, no system is perfect and other countries could potentially use the same machine learning systems to launch attacks -- it would raise the bar so high for hackers that only the most well-funded countries would be able to compete, while at the same time making it riskier for them to do so. After all, with the swamp drained, it will become easier to to narrow down the list of suspects. In the meantime, lower level groups like organized crime and hacktivists could be forced to look for other targets altogether.

While today's companies struggle to anticipate and block every sophisticated attack that comes their way (and they are targeted thousands of times every year, if not more), it's important to keep in mind that we're currently in a transitional period between an older, now outmoded way of defending against what used to be basic hack attacks, to a new machine-based system of automatic defense. With the rise of threat intelligence, machine learning and artificial intelligence, cybersecurity will be fundamentally transformed and cyber-criminals will pay the price.

Read MoreThese scammers are targeting your elderly parents

Commentary by Greg Martin, founder and CTO of ThreatStream, a cybersecurity start-up backed by Google Ventures that specializes in threat intelligence and prediction. Greg is a former cybersecurity advisor to the FBI, Secret Service and NASA. Follow him on Twitter @gregcmartin.