AI's double-edged sword requires human security approach

ESET Southern Africa Chief Technology Officer, Adrian Stanford.
ESET Southern Africa Chief Technology Officer, Adrian Stanford.

Artificial intelligence (AI) has ushered in both promise and peril for organisations needing to combat cyber threat actors. As ESET Southern Africa Chief Technology Officer, Adrian Stanford, notes: “AI is reshaping the battlefield between cyber attackers and defenders, offering new tools to both sides.”

The double-edged generative AI (GenAI) sword can be used by malicious actors to craft sophisticated phishing e-mails, spam and disinformation campaigns, amplifying the scale and effectiveness of cyber attacks. However, defenders can also harness AI for threat intelligence research, improved threat detection capabilities and streamlined incident response. It's a battle of wits and algorithms, where innovation is the currency.

AI cyber security is surging

According to the World Economic Forum’s (WEF) Global Cybersecurity Outlook 2024: “Emerging technology (like AI) will exacerbate long-standing challenges related to cyber resilience.” It therefore comes as no surprise when Help Net Security reports that:

  • 55% of organisations plan to adopt GenAI solutions within this year, signalling a substantial surge in GenAI integration.
  • 48% of professionals expressed confidence in their organisation’s ability to execute a strategy for leveraging AI in security.

Contrary to fears about AI taking people’s jobs, Help Net Security reports that only 12% of security professionals believe AI will completely replace their role. Looking after your cyber security employees remains a crucial component of AI-related security strategy.

Ease the load by augmenting human cyber security capabilities

In an industry fraught with constant pressure and hyper-vigilance, the ability to augment human capabilities contributes significantly to the mental well-being of cyber security professionals, improving employee experience and key skill retention. According to Stanford: “The deluge of cyber security data and alerts poses a significant challenge, often overwhelming analysts and impeding their ability to prioritise and react effectively. Herein lies the transformative power of AI-driven automation.”

Stanford believes that harnessing AI to digest vast amounts of data and distil actionable insights, cyber security professionals can focus their attention on the most critical and genuine threats, mitigating the risk of burnout and cognitive overload. In essence, AI empowers defenders to automatically and proactively identify and mitigate threats in real-time, safeguarding digital assets with unparalleled safety, convenience and precision.

Specific use cases include:

  • Accelerating threat research: AI helps cyber security specialists discover and analyse new threats more rapidly. That’s key in an industry where safety means staying one step ahead of evolving threats.
  • Machine learning algorithms: Play a pivotal role in behavioural and malicious code analysis, offering insights into the modus operandi of cyber criminals.
  • Large language models: Serve as invaluable tools to interpret and explain threat intelligence, facilitating case summarisation and automating incident creation.

It's imperative to recognise that AI should complement, not replace, human expertise. “Human oversight remains indispensable in guiding and refining AI-driven cyber security solutions for the foreseeable future, ensuring ethical and effective implementation in the cyber security domain,” says Stanford.

Bridging the talent gap

In an industry segment where there simply aren’t enough skills, hiring more people cannot be a sustainable solution. That’s why AI emerges as a formidable ally in bridging the cyber security talent gap in three ways:

  1. AI can be an excellent, personalised training tool. AI equips junior security professionals with the skills and expertise necessary to navigate the complexities of cyber space effectively.
  2. Secondly, AI-powered tools can augment the capabilities of junior security professionals as described above, making them more effective.
  3. Thirdly, with the automation of certain aspects of threat hunting, advanced security professionals can focus their finite resources on more advanced tasks.

Given that AI transforms the cyber security landscape with potential for both defenders and attackers, the human element remains vital. The synergy between AI and human intelligence remains essential to maintain robust cyber security defences.

ITWeb Security Summit 2024

ESET Southern Africa is a proud sponsor of the annual ITWeb Security Summit taking place from 4-6 June 2024 at the Sandton Convention Centre. With leading industry speakers and dedicated specialist events over two days, the summit will delve into the latest cyber threats facing African CISOs, CIOs, security specialists and risk officers. The summit is a landmark event for information security professionals and will cover the latest emerging cyber security strategies, the techniques and solutions businesses need to protect their data and systems, as well as how best to ensure compliance and upskill cyber security teams. Register at www.itweb.co.za to secure your seat today! #ITWebSS2024 #cybersecurity #infosec

Share