A New “(HI)brid” Approach To Cybersecurity

Posted by Darien Kindlund on September 29, 2018

75% of IT experts consider cybersecurity to be a top priority, according to a recent McKinsey survey. But only 16% of respondents said their companies are well prepared to deal with cyber risk. The problem is that the growing complexity of digital applications and the integration of cloud services is making companies more vulnerable to threats, and the majority are unprepared to defend against them.

According to the report, the current state of cybersecurity is not as efficient as it could be. CSOs and CISOs are employing large teams, and companies are being forced to overspend on security technologies that are not turning out the results they hoped for. With all of the moving parts in play, it can still take 101 days on average to detect a covert attack. — 101 days is far too long to ward off an attack.

While augmenting alert frameworks with automation and artificial intelligence to manage risk is integral to successful cybersecurity management, relying on AI alone is not a the magic bullet. A new approach to cybersecurity is emerging, and it lies at the intersection of AI and Human Intelligence. It’s all about utilizing machine learning to augment human capabilities, and is known as IA or intelligence augmentation.

Companies often defer security problems to IT departments, but this approach isn’t foolproof. As McKinsey’s report states, “…defending a business is different from protecting servers. Defending a business requires a sense of the value at risk, derived from business priorities; the business model and value chain; and the company’s risk culture, roles, responsibilities, and governance.” The human element of cyber security is what enables companies to take these things into account when assessing and addressing risk.

This is not to say that AI isn’t a valuable tool in the battle for cybersecurity. It’s using IA that creates a hybrid approach to address cybersecurity in a more effective and creative way. Companies should use automation to take inventory of their machine data, and then through personal attention prioritize use cases and queries to support critical security projects. While AI enables us to view, organize, and manage machine data that enables security teams to pinpoint weak spots more efficiently, Humans add the business context, experience, and creativity that AI cannot.

Because this new hybrid approach allows data analysts (and even non-technical users) to discover threats they otherwise may never find and hone in on the root of the problem quickly, companies can stop attacks in their tracks, and make better use of their cybersecurity budgets. Per McKinsey’s report, refocusing investment on truly crucial assets can save up to 20 percent of cybersecurity cost, due to the fact that up to 50 percent of a company’s systems are not relevant in conducting successful cybersecurity operations.

Insight Engines understands the gaps left by traditional big data and AI approaches and aims to close them. With Insight Engines’ Natural Language Processing (NLP) search technology, even non-technical professionals can ask questions of your data in simple English language to uncover insights and possible threats hidden in any corner of your data. This helps organizations more efficiently identify areas where your company is vulnerable and use human intuition to ask intelligent questions, and logical follow-up questions, only an analyst would know to ask.With machines augmenting human ingenuity, cybersecurity efforts are elevated to a new level.

Through our work with customers, we’ve seen another critical area where contextual human understanding comes into play, and that’s in data discovery. With the explosion of big data coming in through different outside sources and/or hidden in disparate systems across the enterprise, most organizations don’t know the state of their data — where it is, how much they have, and/or what might be missing — to stay on top of current threats. Again, this is where human intelligence comes into play for a more complete threat awareness. When you empower people to use their intuition, experience, and creativity to ask the right questions at the right time, you gain true value from your data. Now your data is serving you rather than you serving your data.

A shifting cybersecurity landscape requires a major shift in the way we fight it, and the importance of Human Intelligence role in that battle cannot be overstated. As the McKinsey report so powerfully states, “No matter how refined the technology, it is the human factor that will win the war.”

Sign up for the Security Insights Weekly Newsletter.