CASE STUDY lifecycle such as the organisation , processes , tasks and structure of cybersecurity departments . They also need to constantly consider the kind of data to collect as new systems are being developed , which workloads to move to the cloud , what new applications are being leveraged and a system for hiring and onboarding remote workers .
Cybersecurity vendors historically have been good at exploring AI through their area of expertise and the data they collect . For example , EDR vendors focus on endpoint data while NDR vendors focus on network data and SIEM vendors focus on log data . Threat actors on the other hand did not have this siloed approach to using AI to analyse data types and have leveraged any type of data they get their hands on . For defenders to catch up , we are experiencing the rise of integrations such as the XDR concept where data can be collected from a wide range of sources and analysed in one location to provide a single source of truth . Although many vendors are marketing and selling these products today , the realities of collecting large amounts of data , normalising data from different sources , applying Machine Learning across different
THE RAPIDLY DEVELOPING CAPABILITIES OF ADVERSARIES MAKES THE NEED FOR AI ASSISTANCE EVEN MORE URGENT .
datasets and producing automation for response are still very challenging and in an infant stage .
What should be considered when using AI to help defend organisations in both private and public sectors ?
AI is changing the way organisations think about every aspect of work including who they partner with and how they protect their most valuable assets . As cyberattackers will use AI to launch more sophisticated attacks , defenders must use AI-based tools to analyse complex datasets , accelerate and automate decisions which makes it easier to digest complex streams of information . Although AI capabilities are sometimes hyped and exaggerated , it is important to have a clear-eyed view of how AI tools can advance cyberdefences including the choices companies make to ensure they get the most value out of vendor relationships and the tools they invest in .
Also , as most cybercriminals leverage the same tools , cybersecurity professionals for both public and private sector organisations need to stay on the edge of AI ’ s development whether they are building , using new tools and processes to detect intrusions , analysing alerts or educating other professionals .
How can AI and the improper deployment of AI on an organisation benefit threat actors ?
Threat actors are leveraging AI and are benefiting from a lower barrier of entry . Reconnaissance and intrusion techniques that required advanced skills can now be executed with far less effort . AI can assist in complex distributed denial of service ( DDoS ) attacks , brute forcing of credentials , accelerated data exfiltration , vulnerability detection , observation of network traffic and the establishment of command and control ( C2 ) channels .
Furthermore , attackers can focus on the AI tools defenders use and potentially corrupt training data to skew outputs . Model poisoning has far-reaching implications for business at large . It could result in an attacker manipulating algorithms with the intention of making their activity appear normal or obscuring activity which uncorrupted models might detect . This reality underscores the need for SOCs to attain proficiency in monitoring the AI-powered tools they use . The tools themselves expand the enterprise ’ s attack surface .
How can organisations make the right decisions when it comes to leveraging AI for cybersecurity ?
It can be difficult for enterprises to choose which investments will best support their business objectives and SOC teams while also creating defences that best mitigate their cyber-risk and assist in compliance with evolving industry regulations and standards . To make decisions about where and how to invest in AI-powered cybersecurity technologies , it can be helpful to assess the current state of the technology and where it can provide security teams and the enterprise with a strong return on investment and improved cyberdefence .
What are some negative effects of AI on organisations and why should they be concerned about these effects on their security ?
There are many negative effects of the application of AI on organisations including a false sense of
58 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com