How AI can strengthen cyber-resilience 

Dr Ann Irvine at Resilience Cybersecurity explains that, while AI cyber-security tools have many strengths, people still make up an essential part of any infosec operation

 

Most readers would be surprised to be told that AI is making the task of cyber-security more difficult. Yet a report from the World Economic Forum (WEF) suggests just this. It relays that AI lowers the technical barriers to entry for cyber-crime and AI owners.

 

However, AI is also giving us new tools to fight cyber-crime. AI can analyse cyber-security data, simulate cyber-attacks, automate routine cyber-defence measures, and detect and monitor threats. These tools can, in turn, help company boards and CISOs make more informed decisions when managing cyber-risk and determining cyber-security investment.

 

Yet, it is still essential to have a ‘human in the loop’ to achieve effective cyber-security. This human input is vital for numerous reasons, including incident response and crisis management, contextual judgement and decision-making, interpreting false positives and negatives, incorporating ethical and legal considerations, and detecting social engineering – something that AI still struggles to detect. 

 

Enhancing security through AI 

Cyber-security is the practice of protecting systems, networks and data from digital attacks, unauthorised access, damage or theft. A key aspect of this is analysing large amounts of data to monitor for threats and learn from incidents. AI tools can automate the more routine aspects of these data analytics. 

 

AI data analytics can also give businesses an overall picture of the threats they face, which helps ensure they invest in security solutions appropriate to their needs. For instance, AI can identify patterns in incoming emails and communications to flag phishing attempts and malware. These automated analytics will ensure that CISOs and boards can access a ‘dashboard’ of cyber-threats at all times.

 

A key benefit of AI is that AI-powered systems can quickly analyse huge volumes of online traffic and transaction information to detect unusual activity that may indicate cyber-threats. This represents a major improvement on previous ‘signature-based’ approaches to risk monitoring, in which traffic is manually checked against a list of known threats  – an approach that is not only time consuming, but, due to its reliance on known threats, often flat-footed in the face of new ones. 

 

AI is also a useful tool for cyber-security professionals after an attack, providing the ability to analyse the large amount of cyber-event data gleaned post-incident, which can help identify flaws in existing systems. 

 

Seamless simulation-building

A key aspect of cyber-resilience is breach simulations, which expose weaknesses in a company’s security architecture. AI tools can be used to create these scenarios, resulting in better simulations designed to dynamically probe a system’s weaknesses and increase the number of tests that can be run. 

 

This greater volume and sophistication of breach simulations can give CISOs, company boards and IT professionals an up-to-date picture of their systems’ main areas of exposure. Increasingly, these simulations are not just technical exercises – they can also help translate cyber-risks into financial terms, giving businesses a clearer sense of the potential impact of different threat scenarios. 

 

Tools from cyber-security vendors can provide live, real-world scenarios that connect IT vulnerabilities to measurable financial risk. This, in turn, will better inform decisions about cyber-security and insurance investment. For instance, commercially available tools can deliver in-depth risk assessment of a business’s cyber-security defence – before recommending implementable measures to reduce the business’s insurance premium – an approach that supports security and financial efficiency. 

 

Dynamic defences

CISOs and security teams have to work quickly to secure a company’s data and IT systems during a cyber-security breach. This is a complex task with many moving parts – and often a difficult one for smaller organisations. 

 

AI can help by automating many of the more routine aspects of incident response, such as isolating compromised devices, blocking IPs and domains, and applying firewalls. This reduces the time it takes to put these routine security measures into effect, limiting damage in the event of a breach.

 

By automating these processes, these tools also free up CISOs and security teams to spend more time on other tasks during an incident. 

 

Need for a human-in-the-loop

None of these tools is perfect and, like all automated systems, there is the potential for error without clear management, which means there is still an abiding need for human involvement to correct errors and provide high-level oversight.

 

As cyber-security becomes more complex, businesses increasingly rely on centralised hubs that combine technological innovation with expert human input. For example, our Risk Operation Centre brings together AI-driven monitoring with skilled analysts to contextualise threats, ensure the right priorities are set, and guide real-time decision-making.

 

More generally, trends in cyber-security are making the human element more important than ever. After Russia’s invasion of Ukraine and the increase in hacker activity that accompanied it, cyber-attacks are now a fact of life for businesses. Consequently, cyber-resilience has shifted from a security matter to a business one: companies must decide how much cyber-risk they are willing to tolerate, and how much to invest in mitigating this.

 

These are decisions that require judgment, experience, and an understanding of the broader business context, which are qualities that cannot be outsourced to AI.  Instead, they can best be achieved through human-led, AI-augmented operations.

 

AI is a powerful means to automate the routine aspects of cyber-security, saving considerable time and money. But every organisation must still decide on its own cyber-resilience strategy, balancing risk with other key considerations.

 

In today’s business landscape, every business needs to harness AI to improve its cyber-security, yet human management remains vital in decision-making. Our ability to weigh context, ethics, and emotion is a capability no algorithm can fully imitate. 

 

---

 

Dr Ann Irvine is Chief Data and Analytics Officer at Resilience Cybersecurity

 

Main image courtesy of iStockPhoto.com and David Gyung