For the UK public sector, artificial intelligence (AI) can be used to reduce costs, improve efficiency, and complement traditional cybersecurity practices. However, it is important that AI not be viewed or deployed as a replacement for cybersecurity. The UK government is working hard to convey this message to public sector businesses in the interests of strengthened cybersecurity situations.
There are many reasons for this emergent interest in AI. Public sector bodies are dealing with enormous amounts of data and network traffic from many different sources, including on-premises and hosted infrastructures, and in some cases a combination of both. The sheer volume and variances in the source of the data makes it a near-impossible task for humans to sift through the masses of information, making managing security a task that cannot be exclusively handled manually.
AI alleviates many of these challenges. Machines have the ability to automatically comb through copious amounts of information and detect suspicious behaviour. The more data these machines analyse, the more intelligent they become, and the better they are at noticing, or predicting, potential security breaches. This allows public sector IT managers to focus on other mission-critical tasks, and new and innovative technologies that will help advance their organisation’s agendas.
However, while AI offers a number of great benefits, it should not be considered as a replacement for human intervention, or a 1:1 replacement of existing network monitoring tools. Instead, it should be used to support the people and tools that organisations are already using to keep their networks safe.
The human factor is crucial
Even though machines and systems can be highly effective at preventing suspicious behaviour; businesses must continue to rely on their security managers to train employees on everything from potential attack techniques to simple daily habits that can help protect its networks. This is particularly important for public sector bodies that host extremely sensitive data.
AI can aid in preventing malicious or careless insiders from doing damage, but it is only one piece of a larger security plan. The automatic detection of suspicious activity and immediate alerts can help public sector IT managers to respond quickly to potential threats. It can also be used to fill in gaps resulting from a lack of human resources or security training, and significantly decrease the time it takes to analyse data against known Indicators of Compromise (IOCs). As such, AI can reduce Mean Time to Resolve (MTTR) times from days to hours or even minutes.
Although AI can help in certain areas, humans will still be required to react to and implement those responses. It cannot be stressed enough that the human factor remains a critical piece of the cybersecurity puzzle.
Source: Gigabit Magazine