The increasing sophistication and automation of attacks is leading to an AI arms race, but RoI is hard to prove
With the growing range of automated attacks, ransomware and APTs from criminal gangs, state actors and collaborations between the two, it's no wonder that security teams feel they need a little help.
As part of a programme of research into security solutions for Computing Delta, we asked 130 IT leaders who had deployed or were looking to deploy AI-enhanced cybersecurity tools to gauge how much they agreed with this statement: ‘AI-enhanced cybersecurity is necessary to operate in today's threat landscape'.
On a seven-point scale, the average level of agreement was 5.5 - or about 80 per cent. AI was generally deemed to be necessary in view of the increasing use of automation by attackers but insufficient on its own, adding to rather than replacing existing defences.
"Most cybersecurity extensions now are additive - you very rarely see something which is a replacement", said a CIO in higher education.
"I would never have that alone. I use it on top of what I already have", added a director of technology in the public sector.
However, an IT director from an architectural firm noted that the cost of some AI-enhanced security solutions means that retaining the other protections may not be possible: "We'd use it with other layers for testing, but when it comes to implementation that would be my whole budget gone."
Most agreed that increased automation is essential, particularly in network, email and endpoint defences, but difficulties around measuring the effectiveness of AI-enhanced solutions, the newness of the market and generally high costs currently make them hard to justify in terms of RoI when making a case to the finance director.
But with security tools this is nothing new. Organisations tend to be wise after the fact when either they or another firm like them - an Experian or Travelex for example - have become a victim.
Minimising corporate risk was one of the main drivers, just after staying ahead of the threat landscape. Third was easing the burden on IT - a big promise of AI is that by learning what anomalies look like it can potentially reduce the number of alerts and the amount of manual processing. However, a large majority of those we spoke to said they'd be reluctant to dial up the levels of autonomy just yet, at least for the on-premises systems fully under their control. Handing decisions over to machines is a stepwise approach.
"The term ‘AI-enhanced' is about right for now," said the CIO in higher education. "You've got cybersecurity tools and you start to AI-enhance them, and then in the future, you might just have AI cybersecurity solutions without the ‘enhancement' bit."
AI-enhanced security solutions will be a topic under discussion next week at our virtual Deskflix event: Cybersecurity: new threats, new approaches. Click here for a full agenda.