Asia's Source for Enterprise Network Knowledge

Monday, April 22nd, 2019


The First Line of Defense Is Your Employee, Not AI

Today’s hyperconnected society—where almost everything is “smart” and connected to the network—comes hand-in-hand with a huge influx of data, which can cause a gap in security management. As cyberattacks constantly evolve, the ecosystem also needs to follow suit—or better yet, be one step ahead. This means that companies are under increased pressure to upgrade their cybersecurity strategy, which includes both technology and skills. But hunting down security threats and investigating protection capabilities can be challenging.

To help plug this gap, AI can be used to sift through the masses of information that otherwise would be difficult to manage and vulnerable to human error. IT professionals can leverage the comprehensive detective diagnostics, predictive insights, and corrective abilities of AI technology to filter and manage large amounts of information. Machine learning (ML) models learn from previous data entries, creating intelligence that can notice, predict, and prevent security breaches. This behind-the-scenes processing frees up time for IT professionals to manage higher priority tasks while being more innovative in the development and implementation of new technologies. When used collaboratively, AI can potentially eliminate these tedious tasks, allowing IT professionals to focus on other priorities, such as business operations and network security.

Human management is still essential

Though AI and ML tools can help mitigate cybersecurity risks to a large extent, breach incidents continue to grow in frequency and severity, with the lack of cyberhygiene contributing to the increased vulnerability of existing cybersecurity frameworks put in place to safeguard the data assets of enterprises.

While countries like Singapore have already set in motion the 2016 Cybersecurity Strategy to strengthen the resilience of the cybersecurity ecosystem, the current approach to cybersecurity still struggles to keep up with the sheer pace of change in the digital landscape. Case in point—the SingHealth breach, where 1.5 million patient records were stolen due to staff missteps and lack of cyberhygiene consciousness. As discovered by the Committee of Inquiry investigating the breach, the lack of adequate reporting guidelines was exacerbated by poor cyberknowledge and hygiene practiced by the overseeing staff, which led to a compromising gap that resulted in hackers gaining access to SingHealth’s data. Evidently, properly trained employees remain an essential cog in a secure cyberenvironment for businesses.

Even though machines and systems can be highly effective at preventing suspicious behavior, they are not great at training staff to adhere to agency policies or practice strong overall security hygiene. It’s important that companies rely on security managers to train employees on everything from potential attack techniques to simple daily habits that can help protect agency networks.

At the same time, however, AI can play a role in protecting employees from themselves. If a business can predict various events where carelessness may compromise security—such as bringing infected USBs to work, or sending sensitive documents to personal email accounts—IT can use those scenarios to “train” AI on what to look out for. From there, the AI systems should be able to gain greater insight over time into how employees behave, with feedback from IT managers helping them learn what particular heuristics to look out for with greater and greater accuracy.

That isn’t to say AI will replace cybersecurity pros at the front line. Human input still plays a major role in not only giving feedback to AI on what constitutes a risk and what doesn’t (helping to minimize false positives), but also making judgement calls on more complex or sophisticated threats—especially those an AI hasn’t seen before. When faced with a zero-day threat with little precedent, human ingenuity and inference remain the best bet for quickly comprehending and containing things before a major breach occurs. But AI will help cybersecurity pros better understand situations and respond faster, even in these more dire scenarios.

Traditional practices are just as important now as ever before

Keeping a strong security foundation is essential, and traditional solutions are just as critical as they were ten years ago. Configuration management and user device monitoring programs should remain at the core of business initiatives. AI’s role here is to separate the wheat from the chaff, identifying the critical signals that may indicate a threat out of the noise of day-to-day alerts and reports. That’s something software can do far more efficiently than humans—and a job few IT managers will hesitate to pass on for AI assistance.

Traditional network monitoring programs can analyze huge volumes of data, making them ripe for tie-ups with AI technologies. Using AI to analyze and process network data not only allows for more accurate automated threat intelligence alerts and contextual insights for managers to act on, but also allows for automated responses, such as rediverting traffic or shutting down certain compromised network segments as soon as a breach becomes apparent. In situations where the difference between a security scare and a massive breach can come down to just minutes or seconds, that instantaneous response could prove vital to a company’s ongoing operations.

Although AI is now becoming a common business tool, the need for human collaboration remains essential. In fact, this partnership could potentially prove to be the silver bullet in the ongoing fight against cybersecurity threats—though, as with any such prediction, we’ll have to wait and see.   


Thomas LaRock is the Head Geek at SolarWinds