Artificial intelligence (AI) is developing at a rapid pace, igniting conversations and dividing opinions about both its beneficial and disruptive potential across industries. In cybersecurity, AI is a double-edged sword: it can be used for good by defenders to prevent cyberattacks, but it can also be used by bad actors to launch more sophisticated and effective attacks.
Recently, an expert panel of CISOs in Melbourne discussed the role of humans and AI in cybersecurity. They emphasised that humans are both the problem and the solution in this field, with AI driving innovation on both sides of the security war but not replacing human creativity.
The panel which was convened by cybersecurity provider Bugcrowd, met at the AISA conference and brought together 5500 security professionals from across the industry. Bugcrowd's CEO, Dave Gerry, highlighted the increasing cost of data breaches which is predicted to reach US$4.35mn according to Ponemon Institute, and on top of this, IDC expects the growing global spend on cybersecurity to reach US$219bn in 2023, up 12% from the previous year.
The Asia-Pacific (APAC) region faces some unique challenges due to the high penetration of hybrid working (60%), placing the majority of the workforce outside of the enterprise security perimeter, and extending the attack surface.
Why are we seeing more threats?
The growth of IoT and interconnected devices are posing additional risks to healthcare organisations, with them being particularly vulnerable to cyber attacks. CISO Ryan La Roche who works for Australia’s largest not-for-profit healthcare provider, St John of God, says: “Everything is interconnected, with healthcare monitoring devices talking to one another exchanging data. That creates incredible benefits for a healthcare outcome, but it creates some very interesting risk and can make a healthcare organisation a really serious target.”
Hackers are becoming more and more sophisticated, with vulnerabilities being discovered and exploited within hours. Dan Maslin, Group CISO at Australia’s Monash University, explains: “We’re seeing zero days being discovered and exploited within 24 hours. I think that’s going to get worse.”
He also warned that security perimeters are becoming more porous as organisations collaborate with numerous digital partners. “It doesn’t matter how hard you make the shell of the organisation, you’ve got hundreds or even thousands of third parties connected in. They could become the Achilles heel for many organisations for the rest of the decade.”
How will AI help humans improve cybersecurity?
Luke Barker, Group Owner for security at Telstra comments: “From a detection and response perspective, I think we’ll see some significant advancement in leveraging the power of GenAI to reduce the human effort in becoming more proactive to respond to threats. I see a shift from pure volume of analyst numbers, to be more pivoting towards engineering capabilities to harness the power of GenAI to keep ahead of the threat”
Although AI will continue to play a significant role in cybersecurity, helping with both offence and defence and reducing the human effort required for threat detection, ethical hackers believe that this tool won’t replicate human creativity.
Gerry says: “AI is going to help make this entire industry more efficient, we’re going to become more productive, but it’s going to introduce a lot of new risks. No matter how many tools are deployed, no matter how many new solutions and services and vendors are brought on board, this ultimately still comes down to the human being, and how do we make sure that we’re securing our teams or securing our infrastructure, but we’re doing this from a human first approach”.
Gerry quoted Gartner's prediction that by 2027, half of enterprise CISOs will have adopted human-centric security design practices, which consider the impact of human behaviour and error on security.
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.