The current dilemma for Australian businesses is how much to invest in cybersecurity solutions for their IT infrastructure. Comprehensive cybersecurity can be effective but expensive and on the other hand, inexpensive solutions come with a higher risk of errors and reputational consequences down the line.
For businesses that have already invested in cybersecurity, automated incident prevention is the popular choice. AI-initiated or automated cybersecurity is effective in reducing costs and human errors. However, even the most sophisticated AI depends on previously attained and learned experience and can’t combat the ever-evolving malicious activities of attackers.
Experts across the globe agree that in 2022, the involvement of human touch in cybersecurity measures is critical. Furthermore, the most ideal cybersecurity scenario for an organization is when you combine automated solutions with human skills.
In all the conversations surrounding cybersecurity, it is often forgotten that cybercriminals, like you and me, are human beings. They have motivations for what they do and the cognitive abilities to quickly adapt to counterattacks. Attackers are constantly sharpening their skills, implementing innovative tactics to bypass IT security systems and using employees to gain access to IT infrastructures. Meanwhile, on the organization’s side of things, the human involvement element is not quite as vigorous.
“This is not to say that cybercriminals don’t use automation in their activities but the imbalance in human skill/involvement between the ‘good’ and ‘bad’ sides creates a gap that automation isn’t designed to fill.”
Let’s look at 3 cybersecurity practices that AI can’t perform alone and can be bolstered with effective human involvement:
Complex threats are defined as legitimate actions performed by attackers that can easily be confused with system admin or common user activity. Cybercriminals widely use fireless attacks, LOLBAS tools, downloaders, runtime encryption and packers to breach security controls and solutions. Even the most carefully configured AI sensors have limitations in detecting previously unknown malicious activities.
Let’s deconstruct this with an example of how situational awareness plays a role: AI can confuse employees conducting research with human-driven APT because of the lack of situational context. It is critical to distinguish real incidents from false-positive alerts even if the alert logic follows a specific attack technique, pattern or anomaly and AI lacks the situational awareness capabilities to do this.
Even with hunting for new threats, proactive manual hunting by skilled analysts allows IT security teams to identify current cybercriminal activity, decode the motivations and sources and plan out a mitigation plan that helps avoid future attacks.
Essentially, a joint force approach between a well-configured AI threat detection, highly skilled human involvement and continuous AI algorithm adjustments allows an IT security team to combat even the deadliest attacks.
Automated solutions in the market are designed perfectly well to unearth commonly known vulnerabilities within a strictly defined IT system. What it can’t do is detect the IT systems’ defence against unconventional behaviour and sophisticated attacks.
Advanced security assessments such as penetration testing which simulates an actual cyberattack is conducted by specialists using thorough knowledge of appropriate techniques, procedures and tactics. It is with human involvement through pen testing specialists that an organization can curate its cybersecurity practices to stay ahead of the unpredictable behaviours of attackers.
Cybercriminals are great psychologists and always have a keen eye on current events of the globe. From a pandemic to a hot new TV show, they use everything that’s in conversation to deliver their disguised grenades through phishing emails, texts and suspicious websites. To keep up, IT security professionals need to be on their A-game, especially with awareness and understanding of cybercriminal trends and motivations.
This isn’t limited to just IT security teams – cybersecurity awareness must percolate to non-IT employees of an organization through training courses and programs designed to make the daunting world of cybersecurity engaging and digestible. The human touch that this blog champions can only reach its full potential when cybersecurity awareness is present at all levels of an organization.
In conclusion, it’s not about human touch vs automation. Instead, it’s about finding the right balance between the precision of AI automated cybersecurity measures and harnessing the power of employee skill, knowledge, creativity and spontaneity that creates the most comprehensive cybersecurity defence against the murky waters of cybercrime.