AI Looms as Major Variable on Cyberthreat Landscape

Sandra Ajimotokin
Author: Sandra Ajimotokin, CISA, CDPSE, Senior Security Consultant, Cox Communications Inc.; member, ISACA Emerging Trends Working Group
Date Published: 27 July 2021

Artificial intelligence is one of those big, scary topics that can incite fear, excitement, or a bit of both. Security professionals such as myself wonder how increased usage of AI and machine learning will help to shape the future state of our work.

There’s been a slight increase in the use of artificial intelligence (AI) in security operations, according to Part 2 of ISACA’s State of Cybersecurity 2021 report. With the increase of high-profile attacks, such as SolarWinds and Kaseya, AI-enabled response could be the edge security professionals can arm themselves with to monitor and mitigate complex cyber threats efficiently and effectively. Although the technology is relevantly new and we’ve just begun to explore all the use cases, I believe AI can be used to simplify complex processes, enhance security posture and minimize threats.

ISACA’s State of Cybersecurity report also sheds insight on how companies are continuing to mature their cyber programs. I believe we’ll start to see increased use of AI in areas of monitoring and detection, such as incident response and penetration testing. Thinking ahead, this could mean we'll see a larger chunk of budget increases going toward updating and implementing AI technology. While this could be an expensive endeavor in the present, with more research and development, we could see cheaper solutions as we’ve seen with cloud computing and Software as a Service (SaaS). With these maturity efforts, we could also see an increase in roles that require designing, monitoring and auditing security systems, and creating and debugging algorithms.

I don’t want to pretend like AI is the silver bullet that will magically solve all our problems. There are several reasons to approach AI with caution, especially given that the same capabilities the technology provides security professional to protect their IT environments can be exploited by malicious actors. It’s also such a new and promising technology that the complexity could be beyond our human capabilities. Lastly, to state an obvious fear, the uncertain impact of AI on some job roles will be top of mind for many in the industry.

While there will always be a fear of robots taking over jobs, in the field of cybersecurity, where professionals tend to be curious-minded people and where continuous learning is a necessity, I’m excited to see how we can develop our skills to accommodate this new technology and, partnering with enterprise leaders to reskill as needed, use it as an advantage to get ahead of cybercriminals and protect our organizations. Our executive leaders are tasked with determining the costs and benefits of this technology and deciding whether it fits their organizational needs. Either way, it’s pretty clear that AI is knocking on the door and here to stay. Stay tuned to see what the future holds.