Public and private sector enterprises need to consider expanding their use of AI-augmented cybersecurity tools to better defend their networks and assets.
As the range of cyberthreats continues to expand, and organizations remain hard-pressed to hire enough talent to keep up, cyber leaders recommend that executives explore AI tools to help assess and automate their security posture.
Security veteran Irfan Saif says that AI represents a range of different concepts such as intelligent automation, analytics and conversational AI as well as more sophisticated capabilities that start to approach what may be considered human intelligence, he says.
Saif, a principle and board member at Deloitte, also urges enterprise executives to think about AI in the context of machines helping humans, which he sees as “a much more viable, sustainable and scalable approach rather than thinking about AI in the context of human replacement,” he explains.
Adding to the discussion, Deborah Golden, lead for Deloitte’s U.S. Cyber Risk Services Practice says that this idea of partnership between people and AI-enabled technology will help organizations address the shortage of cybersecurity talent.
Golden and Saif share recommendations for executives leading public and private sector organizations on ways AI can combat new cyberthreats in the latest episode of the “Cyber Everywhere” podcast series produced by CyberScoop and underwritten by Deloitte:
Changes occurring in the cyberthreat landscape
“Bad actors — particularly those on the more sophisticated end of the spectrum — tend to adopt and adapt to changes in the technology landscape a bit faster than those that they are trying to attack,” says Saif.
He cautions that AI is being used against enterprises, noting instances where AI has been used to mimic the activity of legitimate users and bypass various detection measures, he says.
Business case for AI-enabled tools
Golden says CIOs need to consider adopting AI-enabled tools to help available cyber talent achieve greater efficiencies at scale.
As the cyberthreat landscape continues to grow at exponentially, enterprises will need to keep investing in “structured and unstructured machine learning in a way that perhaps we’ve never looked at before,” just to keep pace, she says.
Developing strategies and governance for AI
Saif says that the notion of “trustworthy AI” is gaining currency among security experts. The goal is to build a common language and framework to govern AI as a strategy and as a program “from the boardroom down to the server room.”
“That is effectively taking critical principles of trust — whether that’s ethics, whether that’s explainability — all the sorts of things that people really want to understand when it comes to how to apply AI to business problems, how to manage and govern the data, and the inputs, the outputs and the use of that information,” Saif says.
Irfan Saif currently co-leads Deloitte’s U.S. artificial intelligence and cognitive advisory offering. He has more than 20 years of IT consulting experience, specializing in cybersecurity and risk management.
Deborah Golden has more than 25 years of IT experience spanning numerous industries, including government, life sciences, health care and financial services. She specializes in cybersecurity, technology transformation and privacy and governance initiatives.
Listen to the podcast for the full conversation on AI-augmented cybersecurity. You can hear more coverage of “Cyber Everywhere” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by Deloitte.Deloitte is formally known as Deloitte & Touche LLP, a subsidiary of Deloitte LLP. For more details, see www.deloitte.com/us/about.