The use of artificial intelligence in cybersecurity is increasing as security executives seek ways to secure their organizations’ data more efficiently and cost-effectively. With data breaches and other security incidents a fact of life, being able to process and analyze data faster and more accurately is an advantage in the battle for our data. It enables a more powerful, proactive response to evolving cyberthreats and the sophisticated cybercriminals who perpetrate them.
On average, organizations invest between 6% and 7% of their total budgets on information technology and cybersecurity, according to most reports.
As a result, slim IT and security staff are often overwhelmed by the sheer volumes of data collected by their various tools and technologies. Firewalls, intrusion detection devices, and servers along with end-user software, network scans, and vulnerability tests present infinite sources of data for analysis and potential action.
Too often, information security professionals lack adequate means of separating noteworthy or actionable network events from distracting background noise. This constant barrage of data, and the pressure to do something with it, makes it easy to overlook event alerts and to improperly prioritize events that require attention.
Artificial intelligence has demonstrated the ability to address these challenges and similar obstacles. By doing so, AI empowers cybersecurity professionals to see things more clearly and in closer to real time.
AI relies on computers to do work that normally requires human intelligence. A TechTarget article described artificial intelligence in elegant simplicity as “the simulation of human intelligence processes by machines, especially computer systems.”
AI can process volumes of data in ways humans cannot—quickly synthesizing information, recognizing patterns, and making judgments after analyzing reams of data that would be impossible for a human being to process quickly, if at all.
You may have encountered AI without even realizing it. A trio of digital assistants known as Siri, Alexa, and Cortana are popular examples of how AI can mimic human intelligence (and not without the occasional quirk). Another example is the facial recognition capability used in unlocking cellphones. Many other applications for AI have been and are being developed, and the opportunity for others is virtually limitless.
Several consuming IT tasks lend themselves to the use of artificial intelligence to become either faster, more accurate, or both. AI can be employed to fine-tune intrusion detection capabilities, accurately correlate disparate information, discover data breaches faster, and monitor vulnerable workflows.
Fine-tuning intrusion detection and prevention systems (IDPS). AI can be used to analyze historical data and current data, as well as data obtained during forensic investigations of data breaches, if it’s available. Running all that data through AI processes can yield predictions, based on facts, that help anticipate worms, viruses, malware, and other cyberattacks. These predictions can be used to fine-tune your IDPS and strengthen your overall security posture.
Correlating disparate information. AI can correlate enormous volumes of data—and from multiple sources. From your IDPS, firewalls, servers, network scans, and other tools and processes that collect data, for example. For conventional programs and off-the-shelf systems, this is a show-stopping challenge. Correlating all this different data, AI can analyze thousands of threat types, bad actors, and attack vectors against your existing security controls. As one result, it can reveal weak or missing controls that require remediation.
Discovering data breaches faster. Data breaches can take weeks or months to discover. According to the 2022 Cost of a Data Breach Report published annually by IBM Security, healthcare organizations have a longer breach cycle than any other industry, requiring nearly 11 months to discover and contain a data breach, on average. There are numerous documented cases of hackers living within networks for months, stealing or manipulating data at their leisure. Time-to-discovery contributes directly to the overall cost of a data breach. However, the capabilities of AI can enable discovery in close to real time, substantially improving damage control and reducing costs.
Monitoring vulnerable workflows. Workflows that rely heavily on the intervention of multiple human beings are vulnerable to failure, because employees are the weakest link in the security chain. They get busy, distracted, and even negligent. Fortunately, the human factor can be removed from many data touchpoints when workflows are automated. And when automated workflows are monitored by AI software, data can be analyzed quickly to identify insider improprieties that may jeopardize information security.
Despite these applications for AI in cybersecurity and a growing number of others, IT and security professionals are still needed. They’re just not required for the heavy lifting that relies on high-speed, high-accuracy interpretations of enormous volumes of data.
There’s so much more to know about artificial intelligence and the many innovations it can bring to cybersecurity. Organizations who rely on volumes of disparate data from multiple sources will be the front-runners in AI adoption.
AI has already demonstrated early successes in applications for marketing, healthcare, education, and cybersecurity that are just scratching the surface of the AI promise. As it continues to evolve, AI will present one exciting opportunity after another.
In the meantime, cybercriminals will continue to steal valuable data from under-protected organizations while information security teams play whack-a-mole more often than not.
“AI will ultimately transform the battle for data,” says Sanjay Deo, president of 24By7Security. “In both the public and private sectors, cybersecurity has an opportunity to reap huge benefits from AI in terms of real-time threat responsiveness.”
The annual State of the CIO Conference, on March 2, 2023, is the perfect place to learn more about how AI and other innovations are transforming cybersecurity. The State of the CIO is the premier event for technology leaders in South Florida, bringing together more than 300 CIOs and senior IT leaders from across the region for an information-packed morning.
Keynoting the conference is Arijit Sengupta, founder and CEO of AIBLE, a cloud-based enterprise AI solution that guarantees business impact in 30 days. Arijit is the former founder and CEO of BeyondCore, a data analytics software company acquired by Salesforce in 2016. As an Executive Fellow at Harvard Business School, Arijit co-created and co-instructed an AI course in the MBA curriculum. In addition to holding more than 20 patents, Arijit earned an MBA with Distinction from the Harvard Business School and bachelor’s degrees with Distinction in computer science and economics from Stanford University. He has been featured and quoted in Forbes, CIO Dive, Venture Beat, TechTarget, and other publications.
Moderating the panel of experts who will explore AI in cybersecurity and other innovations, Dr. John Wensveen is the Chief Innovation Officer for Nova Southeastern University and Executive Director of the Alan B. Levan NSU Broward Center of Innovation. He oversees a multimillion dollar public-private partnership to support the growing entrepreneurial ecosystem in South Florida. The partnership’s mission is to attract and retain industry-leading entrepreneurs, technology, sources of investment capital, and supporting resources in order to create a premier innovation center for South Florida.