vchalup -

Not all AI is created equally – and neither are humans

Lance Williams, CTO at Distology is convinced that the human factor should not be underestimated in the frontline fight against AI generated threats

Humans cannot analyse at the same continuous speed as artificial intelligence (AI), but AI cannot contextualise as well as humans. So, despite the growth of AI in cybersecurity defence, detection and response solutions, it’s about teamwork between AI and human intelligence (HI).

Fighting AI with AI is essential for the continual speed of data analysis and correlation, but, as Simon Quicke wrote in his article last month, “one of the problems with dubbing technology AI-capable is that it’s a label that covers a wide spectrum of outcomes”. Not all AI is created equally. And neither are humans!

Billions of dollars have been spent over the past 10+ years on security awareness training & testing (SATT) and the spend is predicted to increase to $10bn by 2027 (Forrester, February 2024).  Yet, malware infections, like ransomware, business email compromise (BEC), and account take overs (ATO) continue to wreak havoc and continuing to increase year on year despite a huge spend, what are we to do?

When the game changes, game tactics need to change too. Yet, (and sweeping statement alert!) customers aren’t being served game-changing tactics because of the inertia in the solutions being offered by the cybersecurity channel that serves them. For example, it blows my mind that so few channel partners have a thorough understanding of the importance of identity and access management (IAM), like Okta, and its absolute essential part as the backbone to any and all cybersecurity strategy.

It’s not all on the channel though! The best technologies entering the market are still targeted at enterprise and large enterprise – their tech isn’t necessarily limited to the upper end of the market, but the price tag is – because everybody knows that’s where the best and biggest money. The biggest bang for your investor’s bucks. That leaves the lifeblood of every country in limbo – the midmarket. There is a massive surface area of humans who sit on the digital frontline against the ever-sophisticated cyber threats being generated by state and private threat actors. State and private! Yes, threat actors are still after our and our organisations’ money, but state-sponsored threats are after our critical national infrastructure and national secrets.

AI can be beneficial 

AI can seriously help in SOC environments. The most advanced SOCs aren’t handing the keys and steering wheel over to Skynet though, they’re putting the AI in to do the continuous data crunching and analysis more consistently and efficiently than humans and then they’re layering in the human intelligence to provide the organisational and human nuanced context that the AI can’t do.

AI can also deliver some moderate benefit on the IT endpoints, for example within Outlook or the web browser. Organisations like ThinkCyber are really exercising the copilot concept to help guide and educate IT workers as they work.

The generation of human risk management platforms, like Keepnet Labs,  are focused on generating greater depth of understanding and analysis of each IT workers’ behaviour to help automatically generate the most appropriate training and simulated attacks on the worker. Simon Nicholls, VP UK at Keepnet, told me, “The human factor is still the weakest link in the security chain. This is why [at Keepnet Labs] we focus on testing a wide range of human behaviour across email, voice, SMS, QR codes and call back requests to give a holistic risk score to individuals and teams within an organisation."

Bottom line, no AI today can prevent a person clicking on a link in an SMS on their smartphone and it’s these pocket-sized personal datacentres that we use the most both in work and in our own time.  

Finally, a quick word on the low-IT-tech honeypot for threat actors – operational technology environments. You only need read a summary of the EU’s NIS2 directive to understand that these are high profile, high impact verticals that can knock an entire national economy off kilter. Fortinet (May 2023) cited three quarters of OT organisations reported at least one intrusion in the previous 12 months! These largely low-IT-tech environments are being compromised via the low cybersecurity educated OT professionals interfacing with digitally awakened OT equipment that largely don’t have cybersecurity defences. No AI will help this anytime soon, but enhanced HI will.

So, to summarise, I am a fan of AI and recognise it as a critical innovation in the constant fight against the threat actors, but let’s not take our eye off the value of HI on the frontline and in our SOCs – better understanding and harnessing human behaviour is essential. We humans are powerful processing units, which can be used against ourselves, or for the betterment of all those around us. The call-to-arms is to shed our flab of ignorance and tone our cybersecurity awareness knowledge. Combine this with state-of-the-art cyber defence, detection and response systems leveraging some help from our digital artificial intelligence companions, we stand a chance!

Read more on Data Protection Services