Powering up cyber security defences with AI

AI holds great promise when it comes to securing valuable, and vulnerable, data, but security teams face some challenges if they are to get the best out of it, writes IBM’s Christopher Meenan

Christopher Meenan

Published: 18 Jan 2024

Data has never been more valuable. It’s the lifeblood of modern business and is simultaneously increasingly vulnerable to attack. The growing use of hybrid cloud and remote working means that bad actors have a larger attack surface than ever before. The result? A rapidly evolving threat landscape that’s progressively more difficult to police.

On top of increasing avenues of attack, managing the growing volumes of information is creating data overloads, putting added pressure on an ever more stretched workforce. Add in new apps and IT infrastructure, as well as skills shortages, and the situation starts to look problematic. It’s therefore not a huge surprise that security is often lagging behind where it needs to be to be effective in today’s digital-first world.

All of this means it’s never been more essential for IT managers to quickly find ways to bring a disparate number of elements behind a unified set of defences. Fortunately, this is an objective that is increasingly being achieved by the implementation of next generation AI tools, and IT managers can use the technology to help get ahead of potential attacks.

A complex security landscape

The need for organisations to more effectively monitor their IT security infrastructure, combined with making sense of their growing volumes of data, requires a high degree of expertise and a lot of time. This can cause organisations and IT leaders specifically to feel like they’re on the back foot against their attackers. In addition, this highly diverse environment employs lots of different security methodologies. For example, securing your endpoints is very different to securing an S3 bucket in the cloud. Enter AI.

Traditional AI is very effective at classification, so it’s especially useful at sifting and sorting events across a diverse IT environment. There’s always activity happening that could be ‘bad’, but 80% of it is likely to be harmless. However, the opportunity for malicious activity always exists. No one wants to miss an attack or data-related issue, which risks everything being ranked as important. Fortunately, AI is brilliant at ranking events from high to low priority, ensuring action and effort can be diverted where it’s most urgently needed.

With the introduction of generative AI, there’s a second defensive front opening. There’s potential to make a real impact on the ongoing skills shortage through its use of natural language processing (NLP). By translating security alerts into plain English, security teams receive notifications that are clear and immediately actionable.

Financial pressures vs. rapid action

Of course, security teams don’t want to be a roadblock for organisations, and they certainly don’t want to get in the way of business development plans. The basic question faced by security leaders and their teams is, “How do I move faster?” To achieve this, they must be able to extract insights from their IT environment quickly and accurately. Only then will they be able to better defend against attacks.

Unfortunately, security teams are not immune to what’s happening in the wider economic environment. The pressure is on to do more without access to major additional resources. As a result, they need to streamline their operations and become more efficient, which is especially difficult because of the growing attack surface and subsequent increasing threat level.

AI-based security tools offer a way forward to help alleviate some of that pressure, and more than half of executives (52%) already recognise that AI will help them better allocate resources, capacity, or skills. However, there is a hurdle to overcome. Security professionals overall aren’t, by nature, trusting of IT, and AI output is no different. Questions will be asked about the validity of the data it provides and the source of its insights. Without transparency it can be difficult to build trust, so openness must sit at the centre of any AI implementation.

Assembling the most appropriate set of AI-based tools isn’t a one-off task; the ingenuity of bad actors will see to that. By 2025, AI security budgets are expected to be 116% greater than in 2021 as businesses plan for the future while at the same time securing the present, quickly and efficiently. Choosing the right technology partner will be a cornerstone of this strategy. Cyber criminals only need to get lucky once, but your defences have to be up to the job all the time.

Christopher Meenan is vice president of security product management at IBM

Read more on Business continuity planning

The Security Interviews: Talking identity with Microsoft’s Joy Chik