The promised land of AI transformation poses a dilemma for security teams as the new technology brings both opportunities and yet more threat.
Threat actors are already using AI to write malware, to find vulnerabilities, and to breach defences faster than ever. At the same time, machine learning is playing an ever-more important role in helping enterprises combat hackers and similar.
According to Palo Alto Networks, its systems are detecting 11.3bn alerts every day, including 2.3m new and unique attacks.[1]
It is beyond human capabilities to monitor and respond to these attacks; it is also putting immense stress on security teams. How, then, can CISOs and CSOs build resilient security teams that can defend their organisations, and continue to innovate?
Arms race
Cybersecurity teams are in an “arms race” with attackers, as threat groups use AI to increase both the volume and speed of attacks.
“AI has created a powerful toolkit for threat actors, and it has changed the way that we’re seeing attacks,” warns Nick Calver, VP for Financial Services at Palo Alto Networks.
“Two or three years ago a ransomware attack would typically take 44 days before they could extract data or cause your systems a problem. Now we’re seeing that exact same attack happening in a number of hours,” he says.
This acceleration is happening even as businesses struggle with visibility of how AI is being used in their own organisations, and as regulators struggle to keep up with a fast-changing landscape.
“Everybody needs to be aware of AI,” says Calver. “Threat-based assessment is incredibly powerful, and I’ve seen it put to good use. It’s immediately helped improve organisations’ protection,” says Calver.
Threat assessment is just one area where AI can also play a positive role in security. AI has been in use in cyber defence for over 10 years.
“When you consider those attack volumes, it is not possible for humans to actually keep up and respond effectively,” says Calver. “Security technicians need to harness the power of AI.”
Resilience, and human factors
However, there is also a different side to an increasingly hostile security environment. Increasing threats are challenging organisations’ abilities to recover from attacks.
This is changing how security leaders think. Focus remains on preventing a breach, but increasing attention is being given to how to respond and recover from attacks. Regulations are helping ensure consistency in this area with DORA being just one example.
“Historically, we’d try to build a moat around the technology, and just stop anybody crossing in. But people do come in,” says Calver. “How do we actually segment and protect systems and provide a level of resilience?”
Architectures such as zero trust will also play a role in building resilience, he says.
But it is people who will ultimately secure an organisation. Even with automation and AI tools, businesses will only survive cyber attacks if their security teams can function under pressure.
This means bringing together technical tools, training, testing and above all support for those in the front line.
“Without people, we are nothing,” warns Calver. “Ultimately, the team, the people, that’s what actually makes an organisation successful, and that’s what protects the organisation too.”
Watch the full interview below.
For more information, please visit Palo Alto Networks’ Precision AI page.
[1] Foundry Interview with PAN’s Nick Calver
Read More from This Article: Building resilient and innovative security teams in the age of AI
Source: News