Against this background, the cybersecurity function is itself an excellent candidate for AI adoption. Indeed, AI has already proven to be a game-changer in this area, with an average accuracy of 92% in detecting spam, malware and network intrusions according the paper “Performance Comparison and Current Challenges of Using Machine Learning Techniques in Cybersecurity” (Shaukat, et. al. 2020).
We believe AI will continue to uplift the cybersecurity space by assuming three novel functions:
- AI companion
- AI cybersecurity specialist team member
- AI-empowered cyber tech landscape
To understand how the AI companion could elevate quality, speed and the people experience for cyber teams, EY developed four personas that reflect the key characteristics, needs, behaviors, motivations and pain points of the cyber team.
The leader and strategist
Management and governance-oriented CISOs as well as cyber risk managers and assurance leads stand to benefit from the general support of an AI companion. CISOs have always been asked to quantify their risks and support their planning by data-driven insights. In this period of rapid AI and GenAI evolution, CISOs and other leaders in the cybersecurity space have to gather and process developing information at speed. This pressure is compounded by a growing workload at all levels of the team.
Predictive AI tools can help uplift quality of forecasting and threat intelligence, and keep these insights at leaders’ fingertips at all times through a chatbot-like, generative AI-driven “CISO AI companion.” [NS2]
Key insight:
As senior team members, CISOs (and similar roles) are well placed to quickly grasp AI and become trusted experts in its use by applying it to their own area.
The builder
Integrating GenAI into software engineering and content creation has been a resounding success story in AI adoption. Security engineers, security architects, SOC engineers, cyber awareness specialists and any other role creating or maintaining tools and concepts can benefit from a balanced mix of GenAI and predictive AI.
Perhaps most obvious is the faster vulnerability fixing. Software engineers, in particular, are already using AI for fast-fix suggestions.
Building is a team effort and relies on other teams for asset management, good solution views, data flow views and many other things. GenAI can work like an extra team member, suggesting multiple options and scenarios to broaden the range of options available and optimize solutions beyond those already in the repertoire of the individual builder’s profile.
To benefit from the AI uplift and especially from the much-needed document, graphics and content generation, builders need to be particularly confident in conversing with GenAI, including questioning and improving outputs manually when needed.
Key insight:
With AI, it is easier to see the benefits of good architecture[NS3] . Builders can [NS4] expand on success for more automation and higher quality deliverables.[TS5]
The operator
On-the-ground roles like SOC analysts, incident responders and crisis managers deal with exploding complexity and supercharged adversaries. While the delicate strategic thinking involved in managing incidents and crises can’t be automated, many of the underlying processes can be offloaded to AI. Indeed, one of the first AI use cases to be deployed in practice – decades ago – was cybersecurity operations. Fluid architectures of the future and unexpected AI-driven attack vectors could lead to many incident alerts, including many false positives. AI can help SOCs stay on top of daily triage.
Operations require AI cybersecurity solutions that span the entire organization to be truly effective. This needs time to set up, both conceptually and practically. However, the investment will pay off: as technical cyber defense steps become more automated, SOC analysts can focus on strategically orchestrating defense activities.
Key insight:
Operators are often keen to experiment with AI and embrace the opportunities it offers. While they may feel frustrated at any perceived hurdles standing in the way of widespread adoption, they can also serve as pioneers within the company.
The control function
Cybersecurity team members tasked with checking policies and solutions against requirements, standards and regulations are faced with moving targets. As technology landscapes (incl. AI) shift, regulations multiply and internal requirements fall quickly out of step with the current reality. Audit staff, penetration testers and InfoSec governance managers benefit from AI-driven support in comparing policies and paragraphs with tools and configurations.
Few other staff profiles are so easy to augment as control functions. The standardized and often text-based nature of their outputs lend themselves to GenAI content generation and analysis. The focus needs to very much be on the repetitive, standard check-the-box exercises. This would effectively relieve the burden on the team, freeing up human capacity for tasks demanding more intellectual acuity, precision and strategic thinking than AI is likely to muster in the near future. Examples include formal legal opinions or audit reports, which regulators demand must be human generated.
Key insight:
Those working in control functions, by the nature of their work, may have concerns over responsible AI, especially when applying GenAI. A robust framework defining permissible applications and necessary controls will help alleviate those fears.
