By Aimei Wei, Co-Founder and CTO, Stellar Cyber
The global cybersecurity workforce grew to a record 4.7 million people in 2022, according to an (ISC)2 2022 workforce study, but the same study found that the sector still needs 3.4 million more security professionals – an increase of over 26% from 2021’s numbers. This workforce shortage, combined with the ever-rising frequency and complexity of cyberattacks, means that organizations face greater risks than ever before.
Since AI is the hottest labor-saving technology in at least a generation, it makes sense to look at its ability to reduce manual efforts with cybersecurity detection and response platforms while improving detection accuracy. What are the benefits? What are the potential risks?
The Good News about AI
Cybersecurity detection and response is a heavily data-intensive process. Generally speaking, AI should be able to help organizations improve their security postures by detecting and responding to threats more quickly and accurately than with traditional methods, because it can analyze more data more quickly than humans can. Moreover, an AI-driven cybersecurity platform can report detections as context-based incidents with specific pointers about how to address them, making it much easier and faster to investigate and remediate attacks. With the latest development in LLM, an AI-driven cybersecurity platform can potentially allow users to interact with the platform using natural language. This greatly eases the cybersecurity analyst shortage by enabling the use of lower-skilled security analysts who may be more readily available as well as less expensive.
Here are some specific advantages to using an AI-driven cybersecurity platform:
Improved Detection and Response – AI-based cybersecurity platforms can quickly analyze massive amounts of data, enabling faster detection of threats and more timely responses to them. Machine learning (ML) algorithms can learn from past attacks and detect anomalies in real time, reducing hacker dwell time in a network and thereby reducing the chances of a successful attack.
Automated Threat Detection and Prevention – AI-powered cybersecurity platforms can automate threat detection and response, allowing security teams to focus on more complex tasks. For example, AI can detect and respond to commodity attacks such as phishing emails, malware, and others automatically, leaving analysts relatively free to dive into more complex human operated attacks.
Advanced User and Entity Behavior Analytics (UEBA) – AI can analyze user behavior patterns and detect anomalous behavior that could indicate a threat. UEBA uses ML algorithms to detect and respond to suspicious user activity in real time, using a baseline understanding of what constitutes normal user behavior.
Easy to use/access – Recent advancement in the LLM can be leveraged to present the security product in a much more user-friendly way, making it easier for people to get their questions answered, actions carried out using natural language.
Predictive Analytics – Predictive analytics can help organizations prepare for future threats and develop proactive cybersecurity strategies. AI can identify patterns and trends in cyber threats, enabling organizations to predict and prevent future attacks.
AI Risks
However, the use of AI in cybersecurity platforms also presents its own set of challenges and risks.
Lack of Understanding – Many organizations lack an understanding of how AI works, which can make it difficult to implement effectively. Organizations must invest in the necessary education and training to understand how AI can be used to improve their security postures.
Lack of Trust – A related issue is reluctance to trust the results of AI-based detections, which, if severe enough, can limit or even eliminate any benefit from using the technology. Risk managers can improve their trust in AI by thoroughly understanding how AI arrives at its conclusions, and by ensuring that any baseline profiling for AI or ML is done with the organization’s own data.
Complacency – In contrast to lack of trust, AI-powered cybersecurity platforms may generate a false sense of security that leads to complacency. Organizations should periodically cross-check AI-generated results to ensure that they’re accurate.
Bias – An AI engine is only as good as the data used to train it. If the data used to train AI models is biased or incomplete, it can lead to inaccurate threat detection and response. Organizations must be aware of potential ethical issues surrounding the use of AI in cybersecurity and take steps to address bias and fairness in AI models.
Cybersecurity Threats to AI Systems – AI systems can themselves be vulnerable to cyberattacks, and attackers may attempt to exploit vulnerabilities in AI models to evade detection. Given the potential for heightened attack damage, organizations must take steps to secure their AI systems.
AI has the potential to revolutionize the cybersecurity industry by improving threat detection and response, automating security operations, and enabling predictive analytics. However, organizations must be aware of the challenges and risks associated with using AI in cybersecurity platforms, too little or too much trust and potential bias. Despite these challenges, the benefits of using AI in cybersecurity are significant, and organizations that invest in AI-based cybersecurity platforms can improve their security postures, reduce the risk of successful cyberattacks, and save on analyst personnel costs.
About the Author
Aimei Wei has over 20 years of experience building successful products and leading teams in data networking and telecommunications. She has extensive working experience for early-stage startups (including Nuera, SS8 Networks and Kineto Wireless) and well-established companies like Nortel, Ciena and Cisco. Prior to founding Stellar Cyber, she was actively developing Software Defined Networks solutions at Cisco. Aimei enjoys building a product from its initial design to its final launch. Aimei has an M.S. in Computer Science from the Queen’s University in Kingston, Canada and an Undergraduate degree in Computer Science from the Tsinghua University of China.
Aimei can be reached online at [email protected] and at our company website https://stellarcyber.ai.