AI hot air creating real risks for enterprises

Next story

The hype around artificial intelligence (AI) in cybersecurity has reached a fever pitch.

You just have to scan the news to see that the media is awash with stories about how AI will transform cybersecurity practices – making threat detection faster and more accurate than ever before. What’s more, marketing materials from next-generation vendors further claim that their AI-powered platforms are ‘truly innovative’ solutions that can protect your business from the rising number of cyberattacks.

This hype is having the desired effect. Three in four IT decision-makers now believe that AI is the ‘silver bullet’ to solving their cybersecurity challenges – as revealed in our recent survey conducted with OnePoll. Interestingly, respondents from the US were mostly likely to believe this, in comparison to their European counterparts – 82% compared to 67% in the UK and 66% in Germany. The majority of respondents said that AI, and its sidekick, Machine Learning (ML), would help their organisation detect and respond to threats faster (79%) and help solve a skills shortage (77%).

Of course, when you consider the rising number of data breaches enterprises face each day, and the fact that hackers are only becoming more complex and targeted in their tactics, you can understand why businesses are wanting to believe there is a ‘silver bullet’ solution for their ongoing battle against cybercrime.

However, while it would be nice to believe that this ‘silver bullet’ exists, it’s simply not true. The claims are misleading, and the hype, we argue, could be putting businesses at greater risk.

No one-size-fits all solution

If the past decade has taught us anything, it’s that things in cyberspace do not have an easy solution – change comes rapidly, and the playing field can shift in a matter of minutes. It would, therefore, be unwise to rely solely on one technology to build a robust cyber defense. It’s worrying, then, to see that the hype around AI and ML is causing so many IT decision-makers – particularly in the US – to consider putting all their eggs in the AI basket, so to speak.

However, it’s also concerning to see such a gap in the responses from US IT decision-makers and those in the UK and Germany. Could it be that all the hype is causing European IT decision-makers to tune out and turn a blind eye to the benefits that ML has in cybersecurity? 

This, too, could pose real risks. ML is invaluable in today’s cybersecurity practices, particularly malware scanning. ML refers primarily to a technology built into a company’s protective solution that has been fed large amounts of correctly labelled clean and malicious samples to essentially learn the difference between the good and the bad. With this training, ML is able to analyse and identify most of the potential threats to users and act proactively to mitigate them.

But it needs to be just one part of your overall cybersecurity strategy.

Time to face facts

During our research, we also asked our respondents whether they felt their company understood the differences between the terms ‘AI’ and ‘ML’. Just 53% of IT decision-makers said their company fully understands the differences between the two.

Sadly, the terminology used in today’s media and marketing materials when talking about AI and ML is often misleading. In many cases, the term ‘ML’ is wrongly interchanged with ‘AI’. Put simply, AI happens when machines conduct tasks without pre-programming or training – this does not yet exist.

ML, in comparison, relies on training computers, using algorithms, to find patterns in vast amounts of data and identify data based on rules and information they already have. ML is nothing new; it has been present in cybersecurity since the ‘90s. In fact, the majority of IT decision-makers we surveyed have already implemented ML in their cybersecurity strategies, with 89% of German respondents, 87% of US respondents and 78% of UK respondents saying their endpoint protection product uses ML to protect their organisation from malicious attacks.

In today’s business environment, where the threat landscape is only becoming trickier to navigate, the industry needs to be making things much clearer for IT decision-makers. Businesses cannot afford to be confused – the cost is too high. There needs to be greater clarity because, right now, the hype is muddling the message for those making key decisions on how best to secure their company’s networks and data.

It’s time to turn down the heat on the AI hype. You need to fully understand the challenges your business specifically faces; only then can you consider the solutions that will best meet your specific needs. ML will help – but it’s not the sole answer. It’s simply not mature enough to be the only layer standing between your business and cyber-attackers. Multi-layered solutions, combined with talented and skilled people, will be the only way to stay a step ahead.

Want to find out more? Read our white paper, Is all the AI hype putting business at risk?’