The importance of building an integrated AI-human cybersecurity strategy

As originally posted on Enterprise CIO on March 27, 2019

In light of today’s digital transformation causing businesses to operate at machine speeds, organisations need a new way to spot and resolve possible security events. Network operations have become automated, but so have cyber threats. The speed and scale of these threats requires a response that has exceeded analysts’ ability.

That doesn’t mean skilled cybersecurity analysts are unnecessary. Rather, it’s a question of designing a suitable technology partner to compensate for human error and resource limitations within security strategies. It’s a matter of how chief information officers can leverage new, advanced technologies to match the scale and complexity of the evolving threat landscape.

Threats beyond human expectations

Major attacks such as the Mirai botnet distributed denial of service (DDoS) and WannaCry ransomware are a clear demonstration of the scope and breadth of cyber threat actors exceeding what was previously thought possible. Furthermore, 2.6 billion records were compromised worldwide in 2017, an 87 percent increase over 2016, which translates to 7.1 million records that are stolen or lost per day.

The democratisation of the tools and knowledge required to execute advanced cyber threats is a key reason for the escalated threat environment. You no longer have to be a nation-state to have access to sophisticated hacking tools. Malware-as-a service, in all of its guises, is readily available on the Dark Web and sold on a commission basis. Anyone who wants to make a fast buck and knows how to get on the Dark Web can become a hacker. The goal posts have changed.

Where human ability meets reality

Cybercriminals are the primary culprits behind machine-scale threats, but they are not alone. Whether by an innocent mistake or sheer carelessness, employees play a role as well. The complexity and scale of today’s digitiSed platforms pose a serious challenge to traditional models of security, as there is still a probability of human error.

Enterprise cybersecurity is complex, and there are multiple reasons why securing it now requires an integrated AI and expert analyst approach:

• Given the interconnectedness and cloud-hosting of many services, the attack surface is greatly magnified. Most people assume their organisations use up to 40 cloud apps when, in reality, the number is generally closer to 1,000
  
• Because these technologies are relatively new, security teams are often unclear on how best to secure these applications. In June 2017, the names, addresses and account details of some 14 million Verizon customers were found in an unsecured data repository on a cloud server. This was not a result of a malicious attack; the repository was simply exposed to the internet because of an incorrect configuration
  
• Many organisations move to well-known cloud infrastructure technology companies because they assume they have better security practices. This is true in terms of the security of the infrastructure, but the company (cloud customer) takes on many new responsibilities for configuring the available security settings and securing their own data
  
• People do not have the capacity to detect patterns at big-data scale. How big? By 2025, there will be a projected 163 zettabytes of digital data in existence

Under new (change) management

Given these influences, what technologies should CIOs choose? These machine-scale problems require machine-scale solutions, like machine learning. But the conversation needs to be about how to apply these technologies in the rightway, to augment the analyst, not replace them. The use of integrated machine learning can have a pertinent and powerful impact on its application in cybersecurity.

Organisations need a new cybersecurity framework to effectively use ML or, more broadly, AI. Instead of looking for low-level patterns in siloed data and then aggregating the output, the focus should be on looking for the patterns that matter in data that is aggregated across many sources.

Using these tools within an integrated approach will optimise the use of these new technologies, ensuring that the data used to determine cybersecurity incident trends and patterns are relevant, informative and accurate.

The promise of AI is to help organisations automate the time-consuming process of analysing the data to understand a threat and to augment their analysts’ capabilities, who then must add context and determine how to respond.

There are three phases of change management in the evolution from human-scale to machine-scale in cybersecurity defense. These are:

• Machines plus skilled analysts: Cybersecurity platforms based on AI should attempt to detect threats by monitoring instrumentation from multiple sources (such as the network and endpoints). The results of the analysis should be delivered to a highly skilled analyst, who will then take action
  
• Bypassing alert fatigue: The next phase is automating the machine-to-human process to bypass the floods of alerts being generated by most tools today
  
• Integration: The third phase of change management enables AI-based cybersecurity platforms to achieve the best outcomes with the use of integrated machine learning that is applied holistically across an entire enterprise security strategy. These systems use automation to complete complex human tasks by using data from an entire system, not just a single focus point

Outsmarting the enemy

Cybersecurity seems to get harder with every new exploit and vulnerability, but CIOs now have access to more effective weapons, including AI and ML. Victory over today’s advanced threats requires human-machine collaboration, using integrated AI platforms that empower analysts. This is the strategy that will turn the cybersecurity tide.