Christian Wiens is Director of Marketing at MixMode. He has 10+ years of experience as a cybersecurity professional. He has his BA from The University of California, Berkeley and resides in Austin, TX.
850 senior executives from Information Security, Cybersecurity, and IT Operations in seven industries across ten countries were recently surveyed by consulting and technology services firm, Capgemini, in their “Reinventing Cybersecurity with Artificial Intelligence” report. The goal being to understand today’s benefits, complexities, and levels of implementation of AI in cybersecurity across IT (information technology), OT (operation technology) and IoT (internet of things).
In their research, Capgemini found that most organizations have already started using AI in their cybersecurity initiatives or are planning to introduce it shortly and that the majority believe AI improves the accuracy and efficiency of cyber analysts.
The report explores four key topics, the first three of which we will focus on and share our key insights and takeaways here:
• Why AI-enabled cybersecurity is increasingly necessary
• How organizations are benefitting from AI in cybersecurity
• Where organizations should focus their cybersecurity initiatives
• Building a roadmap for implementing AI in cybersecurity
Why AI-Enabled Cybersecurity Is Increasingly Necessary
If you could put into one word why AI is necessary in cybersecurity, the word that comes to mind after reading this report is, “overwhelming.”
Enterprises are overwhelmed by the volume, velocity, and variety (the three V’s of big data) of the current levels of data touching their firewalls. It’s at an impossible level for the human brain alone to process and parse.
Both the attacker and the defender are looking to use AI for different motivations but with the same understanding: AI algorithms enable machine-speed activity which is far superior to human reactivity.
The issue of monitoring, identifying, and investigating alone (forget proactive threat hunting) are impossible in the era of big data without the support of AI:
- 61% of organizations acknowledge that they will not be able to identify critical threats without AI
- Over half (56%) say their cybersecurity analysts are overwhelmed
- Close to a quarter (23%) are not able to successfully investigate all identified incidents.
- 43% of executives noted an increase in machine-speed attacks (ransomware and other automated attacks)
Source: Capgemini Research Institute, AI in Cybersecurity executive survey, N = 850 executives
Another “overwhelming” figure that multiple organizations fear as a result of recent widespread cybersecurity breaches are the potential millions of dollars that could be removed from their bottom line – through theft / ransomware demands, lost productivity, or decreased customer loyalty as a result of a breach.
Simply put, enterprises are paying a heavy price for cybersecurity breaches.
Twenty percent of the organizations surveyed reported a loss of more than $50 million as a result of a cybersecurity breach. Additionally:
- 40% of Telecom firms reported financial damage of more than $50 million in 2018
- 35% of firms said that critical operations (such as website/apps or factory/power grid) were impacted by cybersecurity breaches
- A leading manufacturer that was surveyed suffered an attack that led to a partial shutdown of its production lines for three days, dropping production output by 50%
How organizations are benefitting from AI in cybersecurity
For those organizations implementing AI today in their cybersecurity program, the report found they are realizing significant benefits. While at first glance, new tools and growing development teams focused on AI technology would seem like an added cost center, the majority of respondents (two out of three) said that AI increases the ROI on cybersecurity tools.
Additional benefits cited:
1) AI lowers the cost to detect and respond to breaches
Sixty-four percent of the executives surveyed said that AI lowers the cost to detect and respond to breaches:
“AI offers huge opportunities for cybersecurity,” says Oliver Scherer, CISO of Europe’s leading consumer electronics retailer, MediaMarktSaturn Retail Group. “This is because you move from detection, manual reaction and remediation towards an automated remediation, which organizations would like to achieve in the next three or five years.”
Source: Capgemini Research Institute, AI in Cybersecurity executive survey, N = 850 executives
2) AI makes organizations faster at responding to breaches
To secure their organization from cyber attacks, a fast response by the security team is imperative. With AI, the overall time taken to detect threats and breaches is reduced by up to 12%. Dwell time – the amount of time threat actors remain undetected – drops by 11% with the use of AI. This time reduction is achieved by continuously scanning for known or unknown anomalies that show threat patterns.
3) AI results in higher efficiency for cyber analysts
Alert fatigue is a huge issue for SOCs globally due to the false positives epidemic. When AI is enabled for monitoring, it can help carry the incident investigation workload, and cyber analysts can spend more quality time analyzing the incidents identified by context-aware AI.
4) AI results in new revenue streams through cybersecurity offerings
The attack surface is wide and easily penetrable with the rise of wireless, connected devices across the IoT and weaved throughout the Enterprise. This creates opportunity, the report states, to sell cybersecurity to manufacturers that sell smart products (among many other enterprising ideas). The report identifies AI-powered products by GE and Siemens’, but at a high-level, technology companies using AI to detect attacks and protect vital industrial systems, are looking at a multi-billion dollar market opportunity.
Where organizations should focus their cybersecurity initiatives
The executives surveyed in this report were clear that a big challenge to implementing AI in their organization is a lack of understanding on identifying where to implement it that will have the quickest benefits, or the highest-potential use cases.
Therefore Capgemini took twenty use cases across IT, OT, and IoT and ranked them according to their implementation complexity and resultant benefits (in terms of time reduction). In the “high potential” use case category, 5 use cases rose to the top, 3 of which were OT applicable:
- Fraud detection (IT): Use machine learning to detect possible fraud threats, reducing financial loss while also enhancing the user experience.
- Malware detection (OT): Use previously-identified characteristics of malware to predict potential future malware infections that signature-based approaches may not be able to detect.
- Scoring risk and network (OT): Compile risk ratings scores that are data-driven, quantitative, and that do not depend on domain insights from cyber analysts. The score provides estimates of scaled risk as well as data-driven uncertainty bounds, which allows faster prioritization of high-risk threats.
- Intrusion detection (OT): Rapidly detect, analyze and defend against cyber attacks in real-time through automated, highly accurate insights into malicious activity.
- User / Machine Behavior Analysis (IoT): Identify behaviors that are unlikely to represent human actions. This behavior-based technology allows organizations to detect and block the most sophisticated new forms of cyberattacks in real time with high accuracy. It also helps to improve application security by detecting compromised accounts through suspicious user behavior.
Source: Capgemini Research Institute, AI in Cybersecurity executive survey, N = 850 executives Average implementation: Share of organizations that have deployed the use cases in quadrant at first level, multiple, or full-scale deployment.
In-house or vendor-supplied tools for your AI roadmap
The final piece of the report covers building a roadmap for AI in organizations but at a pretty broad, high level. What it does not not reveal is if the AI being used by these respondents is being developed in-house or bought from a security vendor – either through single tool purchases or via MSP / MSSP services.
While building solutions in-house may be possible for the largest of enterprises, it would be difficult for small to medium-sized organizations to have the time, resources, and talent to both deploy AI solutions and keep up with their current cybersecurity program.
One fact remains from the report that the investment in AI is rising and organizations will be increasing budgets for it by over 29% in fiscal year 2020 to bolster their defenses. Whether they build internally or purchase the tools and services needed – that is all dependent on each organization and their bandwidth for AI innovation.
By Christian Wiens, Director of Marketing at MixMode