Estimated reading time: 4 minutes
Cybersecurity risks are steadily growing in number and complexity. We expect that effective attacks on industrial control systems and critical infrastructure will accelerate sharply in 2023. For business leaders, few things are more urgent than the need to hire enough qualified cybersecurity professionals to manage technology portfolios and protect operations.
Recent surveys have shown that hiring and retention rank as the biggest problems facing cybersecurity managers. Candidates whose talents are rooted in the IT world often lack the specialized knowledge needed to deal with industrial operations and the Internet of Things (IoT). At the same time, cyber professionals report increasing levels of burnout. Teams are swamped with cybersecurity data from a myriad of tools and sources but lack accurate risk assessment to guide their actions. They also struggle to seamlessly manage events across the six theaters of cyber (IT, OT, IoT, hyperscale/cloud, “work from home” and supply chains). What explains the disconnect?
A major factor is the recent explosion of new cybersecurity solutions. The market has been flooded with new products to assist CISOs, who are desperate to stay ahead of the bad guys in a rapidly growing and changing cyber landscape.
But these new options rarely incorporate significant advances in technology. Each requires expert personnel—and a lot of them—to properly implement and manage. Worst of all, these solutions tend to produce a massive amount of raw information, which must be constantly analyzed by (even more) trained experts.
And that’s the problem. All too often, cybersecurity professionals end up focusing their skills and talents on “managing the tools” rather than on the critical job, which is to rapidly identify and manage risks to the business.
If the problem is too much technology and not enough people, can more technology come to the rescue?
The answer is yes. And for many, “deep learning”—a popular application of artificial intelligence (AI)—may provide an answer. Deep learning (and its predecessor, “machine learning”) applies ingenious mathematical techniques to discover patterns in datasets that are far too large for humans to deal with. This works beautifully in many applications, where past patterns can predict the future.
But in cybersecurity, we’re confronting active adversaries. And they constantly adapt to our defenses by developing attacks that don’t look like what we’ve seen in the past. Deep learning is quite easy for them to defeat. To overcome this, we need to harness innovative new forms of AI.
Here are 4 things that companies should be looking for in terms of new, effective AI-driven cybersecurity.
- 1. Deep Dataset Analysis
- 2. Risk Prioritization
- 3. Compliance
- 4. Improved Team Effectiveness
1.Deep Dataset Analysis
The best new approaches to AI-driven cybersecurity depend on deep analysis of datasets developed in each individual company. This requires more specific and detailed data (which the current crop of cyber tools can readily produce), but it also requires very different analytic methods that can comprehensively model your company’s unique production operations, logistics, supply chains and business processes. And to alleviate the demands on currently stretched cybersecurity teams, this modeling needs to be almost automatic. Otherwise, it doesn’t solve the personnel problem.
Just as importantly, the insights generated by new AIs need to be stated in terms of business risk—not just technical cybersecurity findings. This interpretive approach would give your team action items, rather than mere data points, by accurately identifying the most urgent threats and enabling managers to prioritize their remediation efforts. Teams should be able to quickly block the threats that present the most business risk and leave the others for later, thus solving one of the nastiest problems in current cybersecurity practice.
Compliance with regulations and best practices is another resource-intensive business process. An effective AI cybersecurity system should help your businesses stay in compliance with federal requirements and assign fewer resources to physically keep track of changes—saving valuable resources, time and expense.
4. Improved Team Effectiveness
On to another critical personnel issue: burnout. Effective AI should be doing most of the “grunt work” of analyzing reams and reams of raw data, giving cybersecurity experts the knowledge they need to actively hunt for threats rather than simply “manage the tools.” This can make their work more interesting and challenging, opening opportunities for learning and career growth. It also shifts teams from a “reactive” to a “proactive” posture—they can innovate more and tackle bigger issues. If your AI-driven cybersecurity is doing its job properly, you should reap the benefits in better management, improved employee morale and mitigation of business risk.
Today’s cybersecurity tools are really good at answering the question, “What’s going on?” And that’s just not good enough anymore. We need to demand new tools and processes that will help our people answer the question, “What are we doing about it?”
Chief Executive Officer | InsightCyber