vchalup - stock.adobe.com
Not all AI is created equally – and neither are humans
Lance Williams, CTO at Distology, is convinced that the human factor should not be underestimated in the frontline fight against AI-generated threats
Humans cannot analyse at the same continuous speed as artificial intelligence (AI), but AI cannot contextualise as well as humans. So, despite the growth of AI in cybersecurity defence, detection and response solutions, it’s about teamwork between AI and human intelligence (HI).
Fighting AI with AI is essential for the continual speed of data analysis and correlation, but as Simon Quicke recently wrote, “One of the problems with dubbing technology AI-capable is that it’s a label that covers a wide spectrum of outcomes.” Not all AI is created equally – and neither are humans.
Billions of dollars have been spent over the past 10+ years on security awareness training and testing (SATT), and the spend is predicted to increase to $10bn by 2027, according to Forrester. Yet, malware infections such as ransomware, business email compromise (BEC), and account take overs (ATO) continue to wreak havoc and are increasing year on year despite a huge spend. What are we to do?
When the game changes, game tactics need to change too. However, customers aren’t being served game-changing tactics because of the inertia in the solutions being offered by the cyber security channel that serves them. Few channel partners have a thorough understanding of the importance of identity and access management (IAM), which is an essential part as the backbone to any and all cyber security strategy.
It’s not all on the channel though. The best technologies entering the market are still targeted at enterprise and large enterprise – their tech isn’t necessarily limited to the upper end of the market, but the price tag is – because everybody knows that’s where to find the best and biggest money.
That leaves the lifeblood of every country – the midmarket – in limbo. There is a massive surface area of humans who sit on the digital frontline against the ever-sophisticated cyber threats being generated by state and private threat actors. Yes, threat actors are still after our and our organisations’ money, but state-sponsored threats are after our critical national infrastructure and national secrets.
AI can be beneficial
AI can seriously help in security operation centre (SOC) environments. The most advanced SOCs aren’t handing the keys and steering wheel over to Skynet though, they’re putting the AI in to do the continuous data crunching and analysis more consistently and efficiently than humans, and then layering in the human intelligence to provide the organisational and human-nuanced context that the AI can’t do.
AI can deliver moderate benefit on the IT endpoints – for example, within Outlook or the web browser. Organisations such as ThinkCyber are really exercising the copilot concept to help guide and educate IT workers as they work.
The generation of human risk management platforms, such as Keepnet Labs, are focused on generating greater depth of understanding and analysis of each IT workers’ behaviour to help automatically generate the most appropriate training and simulated attacks on the worker.
Simon Nicholls, vice-president of UK at Keepnet, said: “The human factor is still the weakest link in the security chain. This is why [Keepnet Labs] focuses on testing a wide range of human behaviour across email, voice, SMS, QR codes and call back requests to give a holistic risk score to individuals and teams within an organisation.”
No AI today can prevent a person clicking on a link in an SMS on their smartphone – and it’s these pocket-sized personal datacentres that we use the most both in work and in our own time.
Operational technology environments are the low IT tech honeypot for threat actors. You only need read a summary of the EU’s NIS2 directive to understand that these are high-profile, high-impact verticals that can knock an entire national economy off kilter.
In May 2023, Fortinet cited that three-quarters of operation organisations reported at least one intrusion in the previous 12 months. These largely low IT tech environments are being compromised via the low cyber security-educated OT professionals interfacing with digitally awakened OT equipment that largely don’t have cyber security defences. No AI will help this anytime soon, but enhanced HI will.
To summarise, while supportive of AI and recognising it as a critical innovation in the fight against the threat actors, we cannot take our eye off the value of HI on the frontline and in our SOCs. It is essential to have better understanding and harness human behaviour. Humans are powerful processing units, which can be used against ourselves, or for the betterment of all those around us.
The call-to-arms is to shed our flab of ignorance and tone our cyber security awareness knowledge. Combine this with state-of-the-art cyber defence, detection and response systems leveraging some help from our digital artificial intelligence companions, we stand a chance.
