Four best practices for AI-powered cybersecurity

Artificial intelligence (AI) has achieved a prevalence across business functions in the last few years. Now, hackers are following suit. Today, cybercriminals can deploy AI to boost the success of many of their attacks. For example, they can use AI to spot patterns in user behavior, which hackers can take advantage of, or deploy it to identify new network vulnerabilities. As well as giving criminals improved accuracy, AI also works at immense speed, in real-time.

To combat these threats, cybersecurity teams need to be one step ahead. But this is no easy task. It’s been well-documented that today’s cybersecurity analysts are overwhelmed by the vast number of data and endpoints they need to monitor. Plus, there is a huge skills gap within the sector. (ISC)2 research shows there were 3.12 million cybersecurity vacancies in 2020. To fill all of these, employee numbers would need to increase by a startling 89%.

How AI can improve cybersecurity

To combat new-age, intelligent attacks, while also relieving the burden on cybersecurity teams, AI is a must-have tool. We know that 75% of executives say deploying AI allows their organization to respond faster to breaches, while three in five say it improves the accuracy and efficiency of analysts.

Despite the benefits, many companies struggle to successfully implement AI, particularly when it comes to scaling up pilots for enterprise-wide use.

To help organizations with successful deployment, four of the best practices are detailed here:

Strategise

Selecting how you will use AI and who will oversee it is instrumental for a return on investment. A strategy needs to be laid out for AI deployment, taking into consideration governance mechanisms. For example, cybersecurity leaders need to define roles and responsibilities for cyber analysts, and assign ownership over who will monitor AI algorithm output to ensure any anomalies are caught and fixed.  

It’s also important to select the right use cases for implementation, and review and expand these on an ongoing basis. To begin, cybersecurity leaders should choose AI programs that are less complex to implement but have high rewards, such as malware or intrusion detection. It’s also best to deploy use cases where the datasets are complete and up to date.

Harness the power of your data

AI is only as successful as the data you feed it. To be effective, organizations need to ensure that AI has full visibility into the enterprise’s infrastructure, data systems and application landscapes.

As well as this, data must be kept current for consistent high-quality output. This is where a data platform comes in. Organizations can either buy a ready-made platform to feed their information into, or build one internally. This platform must be reviewed and tweaked on an ongoing basis to make sure the AI tool is receiving adequate information.

Soar with SOAR

Security orchestration, automation and response (SOAR) are technologies that allow organizations to collect security data and alerts from different sources. SOAR supports incident analysis and triage by leveraging a combination of human and machine power. For AI deployment, these tools are essential in helping analysts define, prioritize and drive incident response activities through connections to data sources and platforms.

Upskill your teams

Deploying and harnessing the power of AI relies on a skilled team that understands the insights it generates and can take appropriate action where needed. Consequently, it’s paramount to upskill cybersecurity teams so that they understand AI processes and alerts. It can also be helpful to create user-friendly, intuitive interfaces for AI tools, to help cybersecurity teams interact with the technology without needing intense training.

AI’s potential to supercharge cybersecurity operations must be harnessed. As attack surfaces continue to grow and hackers become more advanced, the technology will become an additional teammate to cybersecurity teams in the security operations center. To ensure that investments provide an ROI and are accurate, it is vital that cybersecurity leaders deploy AI strategically, ensuring that they are giving both the tool and their teams the right information they need.

By Geert van der Linden, Executive Vice President of Cybersecurity at Capgemini