printer friendly version

Cybersecurity and AI

Jean Van Vuuren.

Cybersecurity has been making use of AI functions for the past several years. It is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms. It is also heavily deployed in sandbox tools, which analysts use to safely inspect malicious code and executables to understand exactly what these samples are trying to do, and how they could be used to impact their own unique corporate environment.

AI helps make these complex, manually intensive human tasks happen immediately – which ultimately helps keep companies more secure by speedily providing the answers needed to enable security teams to act sooner.

Gartner predicts that by 2027, generative AI will contribute to a 30% reduction in false positive rates for application security testing and threat detection by refining results from other techniques to separate benign from malicious events. Many businesses and IT project teams have already launched GenAI initiatives, or intend to do so soon. Gartner advises CISOs and security teams to prepare for impacts from generative AI in four different areas:

• ‘Defend with’ generative cybersecurity AI.

• ‘Attacked by’ GenAI.

• Secure enterprise initiatives to ‘build’ GenAI applications.

• Manage and monitor how the organisation ‘consumes’ GenAI.

AI is not just something baked into the back end anymore; increasingly, it is serving interactive functions – such as allowing an analyst to use common language to quickly build complex queries while threat hunting, or sampling vast amounts of data and recommending a course of action based on an analyst’s criteria. There are also promising outlooks suggesting that AI can be used to supplement some of the more advanced tasks and research needs, allowing those tasks to be performed by team members with less experience in these skills. This is a developing area that may hold the answer to the ongoing skills shortage that the industry faces.

Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years. The global research guru predicts that by 2028, the adoption of GenAI will collapse the skills gap, removing the need for specialised education from 50% of entry-level cybersecurity positions.

In summary

This is a fast-paced field, and complacency is such a huge risk for security leaders. CISOs cannot assume that what they are doing now is enough, or that there is only one way to accomplish their cybersecurity goals; no other way to look at something. For some, that can be a difficult approach to adopt, but to ignore these constantly changing factors and not push your security team functions to develop and improve is what will put your organisation even more at risk.

I recommend CISOs scrutinise where they are in the company’s security journey and be excited that there are always changes and improvements that can be made. If you are a security leader and assume this is something that stops being important, or there comes a time when you have done everything you need to do, you may be in the wrong industry.

Businesses enabling their security teams to do the work they need to do will be key to success. This can only be achieved by adopting a more security-focused company culture. As with any other aspect of business, it is often a balancing act to weigh the desires of different teams and find an agreeable middle ground. Not to imply that the individual desires of members of a security team are more important than the holistic company goals, but it is a fact that the risk these teams face is unlike any other risk we have faced in the modern business world.

A cyber breach or ransomware attack can ruin reputations overnight. The risks being raised by security teams are of dire importance to business sustainability and must be prioritised, but the change that still needs to happen is more action and enablement to solve these problems. What no business leadership wants is their company name in the news because of a breach, and today, looking at the statistics for 2023 alone, it is more of a certainty than a possibility. Fear or ignorance of AI enablement tools will do nothing to stop this, but embracing the technology may do much to secure your business.

For more information, go to https://www.hyland.com/

Share this article:

Further reading: