Artificial intelligence (AI) is a buzzword across many industries. Is the hype justified? It depends on who you ask. Many analysts see both the positive and the negative when it comes to AI and cybersecurity. According to Gartner analyst Dale Gardner, in Investor’s Business Daily’s AI Companies Race To Get Upper Hand In Cybersecurity — Before Hackers Do, “There is hype. A lot of companies talk about AI and make claims that aren’t substantiated. But there is also a lot of legitimate activity in cybersecurity and companies doing valuable and interesting things.”
With venture capitalist firms pouring money into companies that develop AI solutions, it’s important for cybersecurity vendors to understand how hackers are targeting company networks, employees, and governments. Part of the challenge is that hackers seem to be one step ahead of the good guys.
“The arms race is real,” said Jon Oltsik, a senior analyst at Enterprise Strategy Group. “There’s a level of sophistication that’s needed for artificial intelligence—data science skills, algorithm-building skills—that’s going to limit the use of AI on the adversary side to nation states and very profitable cybercrime groups.”
While many experts see AI as a savior to protect networks and data, it’s important to understand that it’s not the only answer. In Dark Reading’s Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity, author Tomas Honzak discusses three key issues when it comes to AI and cybersecurity.
- For all the benefits that AI offers to cybersecurity experts, the hackers are also using AI to develop new forms of malware that are designed to avoid detection.
- Low-power devices, like those on the Internet of Things networks, are easy targets for hackers since AI won’t be of much help since AI leverages big data to find answers.
- As Honzak states, “AI’s Four Horsemen of the Apocalypse are the proliferation of shadow IT, bring-your-own-device programs, software-as-a-service systems, and, as always, employees. Regardless of how much big data you have for your AI, you need to tame all four of these simultaneously—a difficult or near-impossible task.”
While AI can be a big help in detecting a security breach, the reality is that it’s hard to prevent malware or other security issues before they happen.
Empower the Security Operation Center
Would you be surprised to know that the average dwell time for a network intrusion, from entry to discovery, is 229 days? According to a published report in Crowdstrike, that gives thieves ample time to steal sensitive data or damage networks without being detected.
CSO Magazine’s Cybersecurity operations: Don’t wait for the alert explains how analysts who work in most Security Operations Centers (SOC) are generally tasked with watching for cybersecurity alerts. When they see an alert, they follow a playbook that their company has created. While most organizations are prepared to react to cyber threats, the key is creating a process for identifying threats before security has been breached.
Tips for moving in this direction include:
- Hire the right people: Consider hiring people with strong investigative skills.
- Provide the needed tools: Have a strong Security Incident Event Management (SEIM) system which collects log records from various systems into a single repository.
- Build strong training programs: It’s wise to develop training programs that are geared towards attacking your own company’s systems which allows the IT staff to put themselves in the position of hackers.
- Give them time: Let the team investigate issues they uncover. While they may end up taking more time than expected, every experience is an opportunity to expand their investigative skills.
Cyber Oregon partner blog posts of interest
- Zscaler: Why branch transformation starts with comprehensive cloud security
- PKI Solutions: MS Press Server 2008 PKI Book Errata launch
Author: Brian Edwards, News Editor
Brian Edwards is a Vice President at McKenzie Worldwide, a high-technology public relations, social media and brand development agency, and serves as the Cyber Oregon news editor. He has more than 25 years of high-tech public relations, social media and journalism experience.