Balancing AI with Human Intelligence in Cybersecurity

By Landon Lewis, CEO, Pondurance

Although artificial intelligence (AI) has been around for more than half a century, the advancements and hype surrounding the technology over the past couple of decades have led to much discussion and confusion about whether machines will someday replace humans in the workforce.

A quick Google search reveals stories about various industries replacing workers with robots for automated tasks. The late, great Stephen Hawking even warned that AI could be a threat capable of ending humanity. There is no shortage of FUD-based rhetoric when it comes to AI, but there is a much greater story to be told when it comes to cybersecurity. AI-driven automation needs to be balanced with sophisticated human understanding, which will pave the way for unparalleled success.

The Promise of AI

In cybersecurity, the growing interest in AI has arrived at the perfect time, as organizations of all sizes have never been more under siege by attackers. According to a recent study, 2018 is on track to have the second highest number of reported data breaches since 2005. No company is immune from the malintent of organized criminals, nation-states, disgruntled employees and social hacktivists. Every industry is susceptible, especially companies in health care, education, government, finance and manufacturing.

Cybercriminals know that IT departments are overwhelmed, and they are aggressive in their efforts to exploit any weakness. And while there is no shortage of IT vendors poised and ready to come to the rescue, organizations that respond to the increase in sophisticated cyberthreats by adding more solutions to their technology stack find themselves flooded with thousands to millions of security alerts, all of which must be evaluated and investigated quickly. But many companies don’t have the resources to handle this volume of work due to a crippling talent shortage that is predicted to result in a significant global analyst shortfall, with 3.5 million cybersecurity jobs unfilled by 2021.

This is where AI provides value and plays an important role in cybersecurity. AI and automation technologies act as an extension of a security analyst’s hands,  allowing for the quick analysis of massive amounts of data at scale – with an efficiency no human analyst is capable of matching. AI can be trained to categorize and prioritize anomalies, reducing the number of alerts requiring human analysis to a manageable level. AI is also capable of detecting unknown threats, as it can learn how to identify anomalies in network activity.

The Caveats

The promise of AI in cybersecurity is so great that the term has quickly evolved in the industry from FUD factor to buzzword. The marketing hype from a growing multitude of vendors promises their new AI-based solution is exactly the solution every CISO needs. However, believing AI is the silver bullet that can address all cybersecurity challenges is as dangerous as the bad actors themselves. Although it can be used to detect unknown threats, to be most effective, AI still needs humans to provide reliable data. A lack of quality data leads to poor results. Even with quality data, trained AI tends to produce false positives and is not very good at explaining how it arrived at a certain conclusion, as it lacks the ability to understand context. For this reason, humans remain a critical part of the equation. They are still needed to fine-tune AI systems and to investigate the alerts, validate and stratify the severity of threats, and determine the best way to remediate an attack.

There is no question that AI makes work easier for people, but by applying a layer of strategic intellect and context, humans make AI better. Balance is key. No matter how advanced technology becomes, organizations will still need the most knowledgeable human experts, who live and breathe cybersecurity day in and day out, to proactively hunt attackers to help protect data, defend systems and manage risk.

Cybercrime vs. cybersecurity is a battle of knowledge, intentions, capabilities and resources fought not by technology but by people using technology to outsmart and outmaneuver one another. The side that has more of these competencies will win. As long as there are human adversaries, there should be human experts who understand the game theory that predicts how adversaries will attack. A strong and sustainable security posture powered by the right balance of cybersecurity experts and AI tools is the surest way to combat cybercriminals and effectively manage organizational risk.

Landon Lewis is the CEO of Pondurance, a cybersecurity services provider specializing in managed detection and response. He has more than 18 years of experience helping organizations manage reputational, financial and regulatory risk.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.