What enterprise CISOs need to know about AI and cybersecurity

Hari Sivaraman is the Head of AI Content Strategy at Venturebeat.

Modern day enterprise security is like guarding a fortress that is being attacked on all fronts, from digital infrastructure to applications to network endpoints.

That complexity is why AI technologies such as deep learning and machine learning have emerged as a game-changing defensive weapon in the enterprise’s arsenal over the past three years. There is no other technology that can keep up. It has the ability to rapidly analyze billions of data points, and glean patterns to help a company act intelligently and instantaneously to neutralize many potential threats.

Beginning about five years ago, investors started pumping hundreds of millions of dollars into a wave of new security startups that leverage AI, including CrowdStrike, Darktrace, Vectra AI, and Vade Secure, among others. (More on these companies lower down).

But it’s important to note that cyber criminals can themselves leverage increasingly easy-to-use AI solutions as potent weapons against the enterprise. They can unleash counter attacks against AI-led defenses, in a never-ending battle of one-upmanship. Or they can hack into the AI itself. After all, most AI algorithms rely on training data, and if hackers can mess with the training data, they can distort the algorithms that power effective defense. Cyber criminals can also develop their own AI programs to find vulnerabilities much faster than they used to, and often faster than the defending companies can plug them.

Humans are the strongest link

So how does an enterprise CISO ensure the optimal use of this technology to secure the enterprise? The answer lies in leveraging something called Moravec’s paradox, which suggests that tasks that are easy for computers/AI are difficult for humans and vice-versa. In other words, combine the best technology with the CISO’s human intelligence resources.

If clear guidelines can be distilled in the form of training data for AI, technology can do a far better job than humans at detecting security threats. For instance, if there are guidelines on certain kinds of IP addresses or websites that are known for being the source of malicious malware activity, the AI can be trained to look for them, take action, learn from this, and become smarter at detecting such activity in the future. When such attacks happen at scale, AI will do a far more efficient job of spotting and neutralizing such threats compared to humans.

On the other hand, humans are better at judgement-based daily decisions, which might be difficult for computers. For instance, let’s say a particular well-disguised spear phishing email talks about a piece of information, which only an insider ‘could’ have known. A vigilant human security expert with that knowledge and intelligence, will be able to connect the dots and detect that this is ‘probably’ an insider attack and flag the email as suspicious. It’s important to know in this instance, that AI will find it difficult to perform this kind of abductive reasoning and arrive at such a decision. Even if you cover some such use cases with appropriate training data, it is nigh on impossible to cover all the scenarios. As every AI expert will tell you, AI is not quite ready to replace human general intelligence or what we call ‘wisdom’ in the foreseeable future.

But…humans could also be the weakest link

At the same time, humans can be your weakest link. For instance most phishing attacks rely on the naivety and ignorance of an untrained user, and get them to unwittingly reveal information or perform an action which opens up the enterprise for attack. If all your people are not trained to recognize such threats, the risks increase dramatically.

The key is to know that AI and human intelligence can join forces and form a formidable defense against cybersecurity threats. AI, while being a game-changing potent weapon in the fight against cybercrime, cannot be left…