Ilia Sotnikov, Security Strategist at Netwrix, discusses how AI has the potential to enhance businesses’ cybersecurity measures.
Artificial Intelligence (AI) is a transformative technology, and there is much debate concerning its potential and implications. It is surely just a matter of time before AI is embedded in many day-to-day business processes, including cybersecurity controls.
Over a third of respondents to a 2023 Sharp Europe survey of European small and medium enterprises (SMEs) said they had experienced a security breach in the last 12 months, with 31% suffering data loss.
Many organisations may lack the security expertise to mitigate attacks successfully. They need appropriate tools to protect their infrastructure, data, customers and stakeholders. Even though AI is not a silver bullet (nothing is), it can be a valuable part of an organisation’s cybersecurity strategy. The key is to implement it wisely.
Debunking AI myths
AI tends to generate as much suspicion as excitement. A leading concern is that it will replace employees. It is true that automation can replace some manual labour, but that doesn’t mean it will replace people entirely. It is more likely that AI will automate some processes or aspects of operations, thereby freeing up skilled workers to apply themselves to work that delivers the highest value.
It also has the potential to create new opportunities requiring new skills. In cybersecurity, AI is unlikely to replace the security team, but the team’s functions will inevitably change.
Another common assumption with AI is that it will inevitably reduce costs. The same was said about the cloud back in the day.
However, while migrating data and workloads to the cloud-delivered an OPEX cost structure with advantages over CAPEX, the final costs in large environments were actually similar. One reason was that the more sophisticated systems required more skilled, and therefore more expensive, talent. In the same way, automation through AI may change the distribution of costs rather than the total.
How to use AI effectively in cybersecurity
When applying AI for cybersecurity measures, starting with a realistic goal is important. That goal is not fully automated AI-driven security.
In fact, fully automated AI security would create a whole host of issues, including questions such as: What happens if the automation malfunctions? What if it becomes compromised? How can the organisation be sure that outcomes remain aligned with business objectives?
Accordingly, instead of aiming for fully AI-powered security, organisations should look for the cybersecurity processes that are most suitable for automation.
To do so, they should ask the following questions:
- Is the process repetitive and time-consuming to do manually?
- Is the process sufficiently well-defined to turn into an algorithm?
- Does the process deliver verifiable results so a person can determine if something was wrong?
Using these screening questions helps ensure that AI will be applied to increase the efficiency and accuracy of processes and enable security teams to be as effective as possible.
Top areas in which AI can improve cybersecurity measures
Applying AI to cybersecurity can benefit businesses by minimising operational, financial and reputational damage. In particular, AI can help organisations mitigate cyber risks, detect cyberattacks promptly and respond to incidents effectively.
One area where AI can bring considerable value is defending against insider threats. Rogue employees and adversaries who compromise their accounts are a top risk, but often, they become evident only after they have caused serious damage.
An AI-powered user and entity behaviour anomaly (UEBA) detection solution can reduce risk significantly. It will establish baselines for normal user activity and spot even small deviations, such as data access patterns that differ from the user’s own norm or the norm of their group.
Similarly, AI can compare activity in the environment against threat intelligence feeds to spot additional threats. With the early warning that AI enables, IT teams can investigate and respond to security incidents in time to limit or even prevent costly breaches, downtime and compliance violations.
AI can also deliver significant value by accelerating analysis when every second counts – during an ongoing attack. Security teams often have multiple sources of information, such as endpoint detection and response (EDR) tools, network security devices (routers and firewalls), and so on.
When the attack unfolds, combining all these fast enough to prioritise remediation actions can be very challenging. AI can take that stress off human shoulders and facilitate better decision-making.
Future uses of AI in cybersecurity
AI is still a relatively young technology, so it is difficult to understand its implications, challenges and opportunities fully.
However, organisations can and should carefully consider what AI can and can’t do for them and make informed, strategic choices on how and when to apply it in their processes.
For cybersecurity measures, this due diligence will help IT leaders ensure that AI is used appropriately, risks are understood and mitigated as fully as possible, and AI actually helps teams and the overall business achieve their aims.
