Adopting AI: the new cybersecurity playbook

Adopting AI: the new cybersecurity playbook
(Image credit: Pixabay)

Accelerated digital innovation is a double-edged sword that hangs over the cybersecurity threat landscape in 2019. As businesses rapidly chase digital transformation, and pursue the latest advancements in 5G, cloud and IoT, they do so at the risk of exposing more of their operations to cyber-attacks. These technologies have caused an explosion in the number of end-user devices, user interfaces, networks and data; the sheer scale of which is a headache for any cybersecurity professional. 

In fact, recent Capgemini research has revealed that over half (56%) of senior executives have admitted that their cybersecurity analysts are overwhelmed by the unparalleled volume of data points they need to monitor to detect and prevent cyberattacks. In 2018, Cisco alone reported that they blocked seven trillion threats on behalf of their customers.

The problem lies in speed. Every step it takes a business to manage and protect its digital future, cyber criminals are innovating at a greater pace. Hackers are already using AI to launch sophisticated attacks – for example AI algorithms can send ‘spear phishing’ tweets six times faster than a human and with twice the success. 

In order to aggressively turn the tide, cyber analysts can no longer avoid AI adoption. By deploying intelligent, predictive systems, cyber analysts will be better positioned to anticipate the exponentially growing number of threats. Here is a three-step programme organisations should follow when implementing AI into their cybersecurity defences: 

About the author

Richard Starnes is the Chief Security Strategist at Capgemini.

Identify data sources and create data platforms to operationalise AI

AI effectiveness depends heavily on huge quantities of data to learn, and thus requires high-quality, diverse, and dynamic data inputs. In order to be successful, organisations must create an integrated data platform. This means connecting data sources to platforms to provide inputs for AI algorithms

This step often proves the most difficult for organisations who lack the necessary AI-supported infrastructure and data systems. Legacy security software and database prevention are hindered from identifying threats in real-time, leaving organisations vulnerable to attacks. Whilst cost considerations are often the biggest barrier to implementing new IT, our research found that AI lowers the cost of detecting and responding to breaches by 12%, on average. Creating an integrated data platform is the most important step in truly unlocking the benefits of AI in cybersecurity. 

Collaborate externally to enhance threat intelligence

Once a concrete data platform is in place, organisations must collaborate with external security professionals who are knowledgeable about the latest malware impacting the threat landscape. This form of collaboration plays an integral part in improving the logic of AI algorithms to detect threats efficiently. 

Organisations can also create proprietary platforms, such as Facebook Threat Exchange and IMB X-Force Exchange, to collaborate with peers to discuss and share the latest threat data. Our research revealed that only one in two executives share threat intelligence outside of their organisation. Failing to do so leaves businesses with an extremely vulnerable AI model incapable of retraining itself to capture additional data sources and insights. 

Deploy security orchestration, automation and response to improve security management

The next step is to deploy SOAR (Security orchestration, automation and response) processes to allow collecting security data and alerts from difference sources. SOAR technology enables incident analysis and triage to be performed, which leverages a combination of human and machine power. Such processes help define, prioritise and drive standardised incident response activities according to a standard workflow through connections to data sources and platforms. 

Surprisingly, our research found that only 36% of organisations have deployed SOAR. In order to increase alert triage quality, reduce onboarding time for cyber analysts, improve security and operations centre management, organisations must adopt SOAR technologies. 

Overall analysis

The three above steps are all integral to successfully leveraging AI for cybersecurity defences. However, they all depend on one fundamental parameter – the right human talent. The skills deficit is a growing business challenge, given the shortage of three million experts and data scientists globally. Our survey data showed that 69% of respondents struggle to source qualified experts who can build, optimise and train AI algorithms to detect threats efficiently. For implementation to be successful, organisations must plug this skills gap and invest in upskilling employees to be AI literate. 

In order to bolster cybersecurity defences, organisations must outpace the threat   of cybercriminals by adopting AI solutions. To realise the full potential of this technology, security professionals must develop a concrete roadmap that addresses infrastructure, data systems, application landscapes and skills gaps. When it comes to falling foul of a breach, it is never just the IT team who is affected. Everyone across the business, including customers and vendors may also feel the impact which has lasting repercussions on being able to trust the company. Following these steps will enable organisations to avoid unnecessary losses and ensure they get the most of out their investment in AI.


Richard Starnes is the Chief Security Strategist at Capgemini.

Richard Starnes

Richard Starnes is the Chief Security Strategist for Capgemini, where he is responsible for thought leadership, professionalism and operational cybersecurity for several of our company’s largest clients. He is a leading international voice in cybersecurity with twenty plus years of experience implementing information security management programs in both the US and UK. He works closely with corporate executives and the board to approach their enterprise information security program requirements from a risk management perspective. He has developed, implemented, and managed the overall cybersecurity security strategy, associated architecture, policies, standards, guidelines, tooling, vendor and third-party management and training and awareness at an enterprise level for numerous global and national companies. He also regularly speaks at conferences, publishes and is interviewed on cybersecurity matters.

His contributions to the cyber-security community include being a Liveryperson of the Worshipful Company of Information Technologists (WCIT) where he is also a member of their Security Panel. He is a Fellow of both the Information Systems Security Association (ISSA) and the British Computing Society (BCS). He holds a Master of Science in Information Security from Royal Holloway, University of London, and is a former senior instructor for the (ISC)² CISSP CBK seminar.