AI As A Standalone Cybersecurity Solution 

Uploaded on 2024-03-20 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

AI is a hot topic. Set to revolutionise the way we live, work and interact with technology, it is shaping our future extensively. In almost every industry sector AI is altering processes, driving innovation, and transforming business models, ushering in a new era of efficiency and opportunity. And the world of cybersecurity is no exception. 

Presenting somewhat of a double-edged sword, AI is tipped to make cybersecurity more challenging by empowering threat actors to be more sophisticated, effective and believable on the one hand, whilst also offering improvements in defence mechanisms, leading to huge accelerations in the capability of threat detection.

There’s a lot of noise about how we can leverage AI in security and, whilst I agree its use will be beneficial, what concerns me is the inference that AI, like some of the security products and services hailed before it, could become a standalone solution which will somehow negate the requirement for an effective Security Operations Center (SOC). 

In my opinion, this is what the threat actors want. For us to absolve ourselves of responsibility, accountability and judgement and put our trust in a tech solution. 

The reality is that the same reasons that make AI a compelling threat are the very reasons that should make us pause and proceed with a good deal of caution and scepticism when considering AI as a security solution.  
AI models are fed by data and their reliability is dependent on the quality of the data they ingest.  If the data is contaminated or unreliable, the results can be biased and can even create a new attack surface for threat actors to exploit. AI models also make decisions in ways that humans can't easily understand and are readily open to manipulation.

A potential attacker for example, could trick the machine learning model into misclassifying threats to enable them to make breaches undetected thus posing a significant risk to cybersecurity.  

Whilst not a cybersecurity issue, Amazon’s attempt to lead the world in AI driven recruitment is a great example of this. Trained to find applicants by following patterns in resumes/CVs that had been received over the preceding decade, the high numbers of men in tech meant that the AI ‘learned’ that males were a preference for the company and started to penalise any reference to women or female. Amazon thought it was giving the AI the responsibility, but it didn’t, it gave it the authority to act on its behalf. The result almost managed to set the company’s diversity objectives back decades and was a huge problem to fix.

AI’s inability to contextualise is another reason why it shouldn’t be relied upon as a sole cybersecurity solution. It doesn’t have human-like situational awareness, judgment, or prioritisation abilities. It doesn’t understand the nuances of the wider environment it’s being used in, the industry or market context. Human intuition is essential in cybersecurity, enabling threat levels to be assessed in context, prioritised based on risk, and adjusted accordingly. Without it, AI may misinterpret situations, leading to ineffective responses and increased vulnerability to evolving threats.

Behind every cyber attack is a human ready to adapt; to change their method and evolve their approach. Relying solely on AI tools and removing the human element risks facing adversaries that outpace the machine's capabilities.

That human expertise is also the reason why a SOC centre is essential. Yes, an AI security model may well be able to process massive amounts of data and flag threats with amazing speed. But then what? Most IT teams are already drowning in alarms and alerts, they need guidance and support from other human experts, not another data source without direction.

Just as threat actors try to rush, distract and manipulate their victims, we shouldn’t be distracted from our security goals by the shiny thing that is AI. The risk hasn’t changed. The threat is just faster, stronger and harder and a standalone AI cybersecurity solution won’t suffice in beating it.

Image: Ideogram

Chris Stouff is Chief Security Officer at Armor

You Might Also Read:

AI-Driven Cyber Security Is Booming:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« A Deep Dive Into Deepfakes & The Threat To Digital Identity Verification
2024 & Beyond: Top Six Cloud Security Trends: »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSA Events

CSA Events

Cloud Security Alliance conducts a series of conferences around the world. This listing provides a link to details of upcoming events.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

Carson & SAINT

Carson & SAINT

Carson & SAINT is an award-winning consulting firm with deep experience in cybersecurity technology, software, and management consulting.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.

Cloudbrink

Cloudbrink

Cloudbrink is purpose-built to deliver the industry’s highest performance connectivity to remote and hybrid workers, anywhere in the world.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

GlassHouse Technology

GlassHouse Technology

GlassHouse supports customers in their digitalization journey with our deep technical expertise in Managed Cloud and Security Services, SAP Infrastructure Service and Business Continuity Services.