Cybersecurity is a great priority for enterprises, but it often seems like an insurmountable challenge with businesses scrambling to react to an ever-increasing array and sophistication of threats. The explosion in digital data creates greater security risks but also represents a tremendous opportunity for organizations that harness AI to derive novel insights from this data in order to proactively address the increasing velocity, variety, and volume of cybersecurity risks.
In our view, the biggest winners in next-gen cybersecurity are going to be Intelligence Augmentation (“IA”) companies— companies that deliver or leverage AI technologies to aid and amplify knowledge worker productivity and decision-making ability. Intelligence Augmentation (IA) solutions combine the best of machine intelligence (e.g., the ability to scalably mine vast amounts of data and detect patterns that humans alone can’t find) with the best of human intelligence (e.g., the ability to bring context recognition and business judgment to reduce false positives). At the same time, IA solutions automate many lower-level tasks, enabling highly trained and expensive cybersecurity analysts to focus on higher-value work.
“Humans are designed to think and handle imprecise logic and association very well. When we ask a question, we are capable of seeing the results from different points of view, and our brains make connections machines can’t because we understand context. In this way, the AI or the machine is feeding the humans the information they need and augmenting human intelligence—that is intelligence augmentation (IA).”
AI-enabled solutions, the explosion of digital data, advanced analytics, and the proliferation of connected devices (Internet of Things or “IoT”) means that enterprises are exposed to a growing number and variety of cybersecurity risks. Connected Devices potentially create hundreds of millions of new entry points where companies are connected to the Internet.
As the attack surface for threats is changing, most organizations have been inconsistent in appropriately evolving their security models, processes, and protocols. Given recent high-profile breaches at major corporations, it goes without saying that just possessing the latest firewall and malware software is not nearly enough to stay protected from increasingly sophisticated hackers. Secondly, even as organizations have made large investments in cybersecurity, we have yet to see commensurate investments in managing the growing complexity of data infrastructure. In the typical enterprise, data sits in multiple silos and is often inconsistently tracked.
Today’s IT approach to threat management is based largely on the SIEM (Security Information and Event Management) paradigm—cybersecurity teams typically use predefined rules and processes for threat detection via static dashboards. This framework makes it easy to miss substantive threats lurking in hidden corners of the enterprise or to uncover new insights.
Using artificial intelligence and machine learning to manage risk is a key recent advancement in cybersecurity management. However, relying on AI alone is not enough. In our opinion, the approach that works best is Intelligence Augmentation (IA)— using machines to execute processes and drive automation, but recognizing that intelligent software cannot substitute for humans interpreting meaning.
The much more effective approach is a hybrid model that uses AI to complement human intuition and creativity in investigating and mitigating cybersecurity threats. Combining human intelligence with intelligent software enables organizations to transcend static cybersecurity paradigms and get actionable insights much more quickly and comprehensively than traditional approaches.
Augmentation also provides a practical solution to the severe shortage in trained cybersecurity analysts. In 2017, the National Initiative for Cybersecurity Education (NICE) reported that 285,000 cybersecurity roles went unfilled in the U.S. alone. Recent advances in natural language processing (NLP) are enabling non-technical personnel to query machine data using natural language instead of complex scripts. Intelligence Augmentation cybersecurity solutions that automate low-level tasks and augment human intelligence to enable nontechnical personnel to play a role in cybersecurity management, successfully mitigate some of the pressure caused by shortages in the number of available experts.