Artificial intelligence (AI) in cybersecurity has been touted as the cure-all elixir that will swoop in and provide the organisation with smart security and protection on the virtual frontlines. Predicted to replace the human in the cyberwar against crime, AI in cybersecurity has led to exaggerated expectations.
Yes, AI does have potential, but it is still in the early stages of development which means not all solutions and applications that leverage this technology can provide what the business really needs when it comes to combatting cyber threats and the complexities of human behaviour. No, it’s not a reason to turn around and walk away from what AI can offer in this space, instead it’s important to recognise the limitations of the technology so any investment is done intelligently.
“The challenge is that AI can run the risk of excessive false positives that require analysts to do extra work and spend more time sifting through the data than before the AI was introduced to the business,” says Stephen Osler, co-founder and business development director at Nclose. “It can become a time sink rather than helping to reduce time spent analysing reports and alerts. However, AI and machine learning (ML) are helping out with the low-level elements of cybersecurity such as email scanning or attack malware classification, especially since the criminals are using the same tools to orchestrate their attacks.”
Osler believes that the areas where AI is really gaining traction are in user behaviour and monitoring for anomalies. The intelligence and smart capabilities embedded in AI can be used to enforce security based on anomalies and unexpected behaviour, triggering workflows and responses that are relevant to a robust security posture. AI provides the prediction, detection and response but the human factor remains essential
Anna Collard, SVP for content strategy at KnowBe4 Africa, says: “There is still an element of human touch needed to ensure that any investment into AI or automation in cybersecurity delivers the right results,” says “The algorithms can’t yet make decisions around culture, morals or other aspects of human behaviour that may influence incidents and incident response. There’s a multi-dimensional relationship between AI and cybersecurity with ML and AI providing the automation and support that the cybersecurity industry needs, but with people ensuring that the gaps are found and the results interpreted correctly.”
The one area where AI and ML do deliver value is in monitoring and managing the low-level security elements mentioned earlier. There are also relatively mature solutions available which use AI to interpret and prioritize phishing emails users report to minimise the impact on admins. AI can help with categorising emails into the right areas such as phishing or spam, and can learn as it evolves so that this becomes increasingly relevant and capable.
“This type of AI solution helps people to make better decisions and prioritise alerts and problems,” says Collard. “Both defenders and criminals use bots, ML and AI. Cybersecurity is s a constant race and AI does add an edge to both sides.”
Today, most companies are behind the curve when it comes to protecting themselves in a harsh and unforgiving landscape. The barrage of attacks, the challenging environment, and the confusing array of different products and solutions don’t make it any easier. Companies are struggling to figure out their processes and policies amidst algorithms and buzzwords.
Says Osler: “Finding the right solution is like wading through a sea of marketing promises and trendy words, offers and solutions and requirements changing as rapidly as the threats that define them. In the past two years, we’ve seen more leaps and bounds in technology and security than ever before, and the next two will likely see the same changes as technology matures. The key is to find a solution that includes AI that’s relevant to the business, that matches particular use cases, not just AI that has the most bells and whistles.”
The industry can benefit from AI and its steady evolution, but this has to be just that – steady. Adding to alert fatigue, the stress of the business and the noise of decision making is not the right way forward. Companies need to find solutions that are fit for purpose and that help them deftly navigate the security landscape.
Collard says: “You need internal skills or partners that understand the security environment and the nuances of your business so you don’t end up spending more than you should on a solution. Ultimately, any AI solution is only as good as its implementation and the advantages felt by the business only as tangible as the protection it offers. That’s why a good partner is invaluable because they can help you cut through the clutter.”