Humans plus AI improves cybersecurity risk response
With an estimated 3.5 million cybersecurity positions expected to go unfilled by 2021 and with security breaches increasing some 80% each year, combining human intelligence with machine learning and artificial intelligence tools becomes critical to closing the talent availability gap.
That’s one of the recommendations of a report called Trust at Scale, recently released by cybersecurity company Synack and citing job and breach data from Cybersecurity Ventures and Verizon reports, respectively. In fact, when ethical human hackers were supported by machine learning and artificial intelligence, they became 73% more efficient at identifying and evaluating IT risks and threats.
For HR, that means IT professionals who augment their surveillance with AI gain 20 times more effective attack surface coverage than traditional methods, meaning they can find and remedy critical security vulnerabilities 40% faster.
Synack uses a crowdsourced model to provide customers with the services of vetted ethical hackers who provide real-time data about vulnerabilities and fixes, letting the inhouse IT cybersecurity team correct vulnerabilities. They use AI to augment their IT talent’s capabilities.
“There’s a lot of fear about artificial intelligence,” says Aisling MacRunnels, Synack’s chief marketing officer. “A lot of people think artificial intelligence is going to take over completely. What we have found is that there are definitely things that humans are wonderful at and there are things that machines are wonderful at and oftentimes they’re very different things.”
Machines can increase the amount of work humans can do by taking on repetitive tasks such as finding the most common types of security threats, conducting reconnaissance to build a more in-depth threat landscape, and assessing data more accurately than human analysts.
Harnessing AI and machine learning in the workplace will require not only smart implementation but also addressing the worries people may have about how technology will take over certain job duties, experts say.
“Humans are wonderful at finding vulnerabilities that require business logic, authorization/permission or sub-domain takeovers,” MacRunnels notes. Machine-led testing reduced the “noise” human testers had to wade through to find high-priority vulnerabilities, making them 20 times more efficient.
“The optimal alignment is when you augment the human with machine because there aren’t enough talented humans out there to be able to find the number of vulnerabilities,” she says. “What we always say is that humans are creative but finite, and you can use the machine for some of the tedious but large-scale work that would be very hard for humans to scale.”