Four best practices for AI-powered cybersecurity

By Geert van der Linden
Share
To combat new-age, intelligent attacks, while also relieving the burden on cybersecurity teams, AI is a must-have tool...

Artificial intelligence (AI) has achieved a prevalence across business functions in the last few years. Now, hackers are following suit. Today, cybercriminals can deploy AI to boost the success of many of their attacks. For example, they can use AI to spot patterns in user behavior, which hackers can take advantage of, or deploy it to identify new network vulnerabilities. As well as giving criminals improved accuracy, AI also works at immense speed, in real-time.

To combat these threats, cybersecurity teams need to be one step ahead. But this is no easy task. It’s been well-documented that today’s cybersecurity analysts are overwhelmed by the vast number of data and endpoints they need to monitor. Plus, there is a huge skills gap within the sector. (ISC)2 research shows there were 3.12 million cybersecurity vacancies in 2020. To fill all of these, employee numbers would need to increase by a startling 89%.

How AI can improve cybersecurity

To combat new-age, intelligent attacks, while also relieving the burden on cybersecurity teams, AI is a must-have tool. We know that 75% of executives say deploying AI allows their organization to respond faster to breaches, while three in five say it improves the accuracy and efficiency of analysts.

Despite the benefits, many companies struggle to successfully implement AI, particularly when it comes to scaling up pilots for enterprise-wide use.

To help organizations with successful deployment, four of the best practices are detailed here:

Strategise

Selecting how you will use AI and who will oversee it is instrumental for a return on investment. A strategy needs to be laid out for AI deployment, taking into consideration governance mechanisms. For example, cybersecurity leaders need to define roles and responsibilities for cyber analysts, and assign ownership over who will monitor AI algorithm output to ensure any anomalies are caught and fixed.  

It’s also important to select the right use cases for implementation, and review and expand these on an ongoing basis. To begin, cybersecurity leaders should choose AI programs that are less complex to implement but have high rewards, such as malware or intrusion detection. It’s also best to deploy use cases where the datasets are complete and up to date.

Harness the power of your data

AI is only as successful as the data you feed it. To be effective, organizations need to ensure that AI has full visibility into the enterprise’s infrastructure, data systems and application landscapes.

As well as this, data must be kept current for consistent high-quality output. This is where a data platform comes in. Organizations can either buy a ready-made platform to feed their information into, or build one internally. This platform must be reviewed and tweaked on an ongoing basis to make sure the AI tool is receiving adequate information.

Soar with SOAR

Security orchestration, automation and response (SOAR) are technologies that allow organizations to collect security data and alerts from different sources. SOAR supports incident analysis and triage by leveraging a combination of human and machine power. For AI deployment, these tools are essential in helping analysts define, prioritize and drive incident response activities through connections to data sources and platforms.

Upskill your teams

Deploying and harnessing the power of AI relies on a skilled team that understands the insights it generates and can take appropriate action where needed. Consequently, it’s paramount to upskill cybersecurity teams so that they understand AI processes and alerts. It can also be helpful to create user-friendly, intuitive interfaces for AI tools, to help cybersecurity teams interact with the technology without needing intense training.

AI’s potential to supercharge cybersecurity operations must be harnessed. As attack surfaces continue to grow and hackers become more advanced, the technology will become an additional teammate to cybersecurity teams in the security operations center. To ensure that investments provide an ROI and are accurate, it is vital that cybersecurity leaders deploy AI strategically, ensuring that they are giving both the tool and their teams the right information they need.

By Geert van der Linden, Executive Vice President of Cybersecurity at Capgemini

Share

Featured Articles

Ox Horn: The Faux ‘European’ Campus Homing Asia’s R&D Leader

Operating out of an amalgamated town of Europe’s most beautiful cities, this Disney-esq town conceals the fact it is the campus of Asia’s R&D leader

Is Quantum Tech Key to Unlocking UN Sustainability Goals?

WEF explores quantum technologies' potential to accelerate UN sustainability goals, highlighting applications and ecosystem challenges for global impact

Women in STEM: Retention Crisis Amidst World Talent Shortage

New report highlights strategies for retaining female talent in STEM fields, addressing global workforce challenges during National Inclusion Week

Cloudera: Unlocking Real Business Value from Data Analytics

Enterprise IT

Microsoft's Investment in Brazil Boosts Tech and Economy

AI & Machine Learning

OpenAI in Transition Period as Mira Murati Steps Down as CTO

AI & Machine Learning