There is no doubt that automated cybersecurity defenses will play a larger role in the future, but businesses must resist the urge to move too quickly. To get the most out of this new technology, they must go with a well-thought-out approach rather than blind faith, and keep overall expectations in check.
According to IBM’s 2020 Cost of a Data Breach Report, the average cost of a data breach is US$3.86 million, with an average detection and containment period of 280 days. Any solution that can lower those numbers is a good thing, so it’s no surprise that artificial intelligence (AI) and other automated defenses are gaining popularity.
While AI-powered technologies and machine learning have a lot of potential, they are also a double-edged sword. Threat actors can use the same strategies as enterprises to exploit automated systems. Misconfiguration and disruptive collisions between overlapping systems are possible because these technologies aren’t mature or well understood by the IT team.
Automated Defense Technology
A new generation of automated defensive technologies is being lauded as the solution to skills shortages and rising attack levels. The issue is that their abilities are sometimes overstated, and the issues they cause sometimes exceed the advantages.
Adoption is difficult in most enterprises due to their size and complexity. To realize the benefits of an automated system, sufficient planning and infrastructure are required. There’s also the risk of pushing these new technologies to do things they weren’t supposed to do, especially after making a substantial investment.
While automated solutions may provide cost savings in the long run, proper integration and monitoring can increase costs in the short term. Expectations that are unrealistic and complacency might lead to disaster.
One of the most serious risks of putting faith in an automated system is that it can be hacked by cyber criminals. The target organization has no way of knowing whether the system has been compromised. It’s all too easy to infiltrate automated systems with corrupt data. This could bias machine learning algorithms in a hazardous way over time, or cause legitimate traffic to be identified as suspicious in the short term.
Threat actors don’t have to trick the system – they can just overload it, causing services or networks to shut down, possibly locking everyone out. Even if there are no threat actors on the network, some automated defenses may conflict with other systems and tools.
Lack of understanding
The field of automated cybersecurity is competitive. According to 360 Research Reports, the SOAR market is predicted to reach US$1.3 billion by 2026, up from US$721 million this year. Naturally, the leaders are adamant about safeguarding their intellectual property. Many machine learning systems also use a black-box model, which means that very little, if any, information about how they work is available.
How can customers understand why decisions are made if the vendors don’t understand why they’re being made?
Putting this much faith in an unproven autonomous system is quite dangerous. To make matters worse, there’s a knock-on effect in terms of the workforce’s abilities deteriorating. There will be fewer hires and less motivation for training as automated systems take over in the hopes of filling the skills gap.
How enterprises should approach adoption
While there are concerns, automated cybersecurity defenses can offer significant benefits. They must, however, be handled with caution. Adoption should be well-thought-out, with fair expectations set and internal capabilities in place to adequately configure and understand the automated system.
It’s crucial to assess the level of autonomy these systems have and limit their ability to shut down services without some human oversight. Build trust slowly. Closely examine the sources that automated defenses rely upon, and find a way to continuously monitor the data sets to guard against poisoning attempts.
Organizations should prepare incident response plans for various automated system failure events to reduce risk. They should rehearse the response strategies and make any required adjustments to ensure that they are effective. Furthermore, to avoid overreliance on any automated system, careful testing and change management should be implemented.
For more such updates follow us on Google News ITsecuritywire News.