Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Unlocking the Power of AI in Cybersecurity

As adversaries increasingly exploit AI, security practitioners must not fall behind. What does it take to unlock the full potential of AI in cybersecurity?

AI Cybersecurity

Generative AI platforms like ChatGPT are revolutionizing how we access information, answer questions, and even develop software code. It’s no surprise that according to the KPMG Cybersecurity Survey: Security Operations Center (SOC) Leaders Perspective (PDF), two-thirds (66%) of security leaders consider AI-based automation to be very important, both now and in the future, for staying ahead of new threats and increasing the agility and responsiveness of their SOCs. While AI-based automation offers numerous benefits, the reliability of AI-generated recommendations remains a top concern for cybersecurity leaders. This raises the question: What does it take to unlock the full potential of AI in cybersecurity?

Anyone who has explored generative AI platforms can see that AI has the potential to significantly enhance cybersecurity—particularly in querying large datasets, identifying abnormalities, and triggering event-based actions like triaging tickets, alerting teams, or reducing false positives. However, like any technology, AI also introduces new risks and challenges that must be carefully managed. Some key risks include:

  • Weaponized AI: Cyber adversaries can leverage AI to develop sophisticated attack methods, including introducing malicious data into training datasets to corrupt AI models, leading to incorrect or dangerous outputs.
  • Overreliance on AI: Organizations might become overly dependent on AI systems, believing them to be infallible, which can lead to complacency in human oversight and manual security checks.
  • Lack of Transparency: AI systems, particularly those based on deep learning, can be opaque, making it difficult to understand how decisions are made. This lack of transparency can negatively impact incident response and root cause analysis.
  • Data Privacy Concerns: AI requires vast amounts of data for training, raising concerns about data privacy and compliance, especially when sensitive information is involved. Furthermore, AI systems may store or process large datasets, making them attractive targets for cybercriminals who seek to steal or manipulate this data.
  • Resource Intensity: Implementing and maintaining AI-driven cybersecurity systems can be expensive, requiring significant computational resources and skilled personnel.

Despite these challenges, AI plays a crucial role in modern cybersecurity, offering significant advantages that help organizations protect against increasingly sophisticated threats. Some key benefits of AI in cybersecurity include:

  • Enhanced Threat Detection: AI can continuously monitor networks, systems, and devices in real time, detecting threats faster than traditional methods. It can also identify unusual patterns of behavior that may indicate an attack, even if the specific threat is unknown (e.g., zero-day threats). Furthermore, machine learning models can analyze historical data to predict potential threats, allowing for proactive defense measures.
  • Automation of Security Tasks: AI automates repetitive tasks such as log analysis, vulnerability scanning, and patch management, reducing the workload on cybersecurity teams. It can also automate initial responses to security incidents, such as isolating affected systems or blocking malicious traffic, enabling faster containment of threats.
  • Handling Large Volumes of Data: AI excels at processing vast amounts of data, enabling it to sift through logs, network traffic, and security alerts to identify potential threats with greater speed and accuracy than human analysts.
  • Reducing False Positives: By leveraging machine learning, AI can reduce the number of false positives in security alerts, allowing security teams to focus on genuine threats and avoid alert fatigue.
  • Proactive Threat Hunting: AI can automatically search for indicators of compromise across an organization’s infrastructure, identifying potential threats before they cause damage.
  • Resource Optimization: By automating many aspects of cybersecurity, AI helps organizations optimize their resources, reducing the need for large security teams and minimizing the impact of the cybersecurity skills shortage. With AI handling routine tasks, cybersecurity professionals can focus on more complex and strategic challenges, enhancing the overall effectiveness of security operations.

Currently, most AI strategies are focused narrowly on assisting with specific tasks, and organizations are still evaluating the risks posed by this emerging technology. However, as cyber adversaries increasingly exploit AI, security practitioners must not fall behind. Instead, they should strike a balance between risk and reward to enhance threat hunting and achieve greater operational efficiency.

Related: AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks

Related: Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge?

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights