The substantial rise in cybercrime in the past few years has generated a tremendous market for artificial intelligence (AI)-driven cybersecurity products. The global AI market totaled $428 billion in 2022 and is expected to surge to more than $2 trillion by 2030, according to Fortune Business Insights. The introduction of ChatGPT, the OpenAI tool that can write stories, solve math equations, and program code, showed the enthusiasm and rapid adoption of AI among corporations and individuals. ChatGPT launched in November 2022 and, in just two months, set a record as the fastest app ever to reach 100 million active users.
Decision-makers may want to believe that they can execute AI for their networks to solve all of their cybersecurity problems, but that’s not the reality. Cybersecurity professionals currently use AI and automation to detect and respond to cyber threats. But using technology alone is not enough. Human attackers must be confronted by human defenders, making people the most important component of any comprehensive cybersecurity program.
The Need for Humans
Just as cybersecurity professionals are using AI to defend against cyberattacks, cybercriminals are using AI to launch cyberattacks. Using AI, they may employ any number of innovative ways to infiltrate a network. They could design malware signatures that would constantly change to avoid detection by firewalls, create highly sophisticated phishing emails to fool victims into clicking on them, or use deepfake audio technology to impersonate the voice of a co-worker. Since these would be new means of attack on a network, AI alone would not have the learning or logic required to identify these attack methods. Such evolving threats would require human expertise.
When detecting and responding to an attack, human experts have definite advantages that technology alone does not have. Consider a ransomware attack, for instance. A human can identify malicious code and warning signs, distinguish false positives from alerts, and understand the context, relevance, and attack motivation of the cybercriminal in ways technology can’t.
Technology research and consulting firm Gartner now recommends humans as well. The firm suggests that organizations “use MDR services to obtain 24/7, remotely delivered, human-led security operations capabilities when there are no existing internal capabilities, or when the organization needs to accelerate or augment existing security operations capabilities.” That way, an organization can have access to human analysts, threat responders, and security experts who can function as a cybersecurity team or extended team to provide dynamic detection and prevention controls.
Of course, humans working hand in hand with advanced technology is the best cybersecurity protection against cyber threats. In particular, the team should work with technology that ensures 360-degree visibility across all networks, endpoints, logs, and clouds for 24/7 comprehensive monitoring and detection of malicious activity.
A real-world example
Cybercriminals take bold steps to gain access to networks, and these methods can sometimes bypass established technology. Recently, Pondurance helped a client through a cyber incident where a large hospital faced a ransomware threat that was not detected by the endpoint detection and response (EDR) solution.
In June, a hosting provider notified the hospital that it was seeing suspicious activity coming from the network. As the hospital’s managed detection and response (MDR) provider, Pondurance quickly performed a full analysis. The team identified a malicious backdoor and found a remote access trojan on a system in the hospital’s digital envelope that had been downloaded as a result of search engine optimization (SEO) poisoning.
The victim had simply entered keywords in a search, clicked on one of the search result entries, downloaded the file she was looking for, and opened it. Then, the file executed a backdoor and gave the threat actor an entry vector into the network.
The average cost of an endpoint attack is $1.8 million, with system downtime being the most significant cost consequence of an endpoint attack, according to a 2022 Ponemon Report. Ransomware is considered the greatest threat to endpoint security, with zero-day exploits, distributed denial-of-service attacks, credential theft, and distribution point sprawl also ranking as high-priority cybersecurity concerns for organizations.
Because the EDR solution did not detect the malicious activity from the threat actor, a human response was needed. Learn how the Pondurance team took further action to contain the threat for the hospital.
Technology alone isn’t enough to keep your organization safe from cybercriminals. Human attackers must be confronted by human defenders. Make sure your organization has the humans and technology it needs to protect against a cyberattack.