Navigating AI disruption in cybersecurity: Practical steps for leaders

Security leaders live under the constant pressure of evolving and scaling threats, technology trends, and business requirements. Many of us have had to play the rough catch-up game when we failed to ‘surf the wave’ of a movement and didn’t have quite the right skilled team ready. If it hasn’t happened to you yet, congratulations, stick around in this industry long enough, and it will. Of course, security leaders are now concerned with the strategy to be ready for AI – yes, as a business technology, but also the unique impact it will have in different cybersecurity disciplines/tools over time.

Whether you are in the camp of wildly impressed with the present iteration of AI or scorning its hallucinations, there seems little doubt that there will be further and significant disruption. It’s easy to imagine the impact on SOCs, or forensics, chasing down details in incidents, and so on. I also believe that the value in offensive is outpacing defensive, but that this will rebalance over time.

Wild technology problems like AI always attract an army of vendors, evangelists, and experts professing to have a crystal ball. Their suggested futures can be exciting and help shape where the technology will go, but none of them tend to have enough certainty to build a plan. So, what kinds of things are leaders doing now to prepare for AI in cyber security?

  1. Security teams always tend to run hot at 100% or even 105%. You should consider your strategy to build capacity for AI projects, particularly if you want to fast follow developments – AI security technology evaluations, building custom tooling, or responding to business requirements. Build the bandwidth now.
  2. Technology familiarization programs are a must. Many are embedding AI tools into their everyday activities anyway (in some ways good, in some ways requiring policy and working practice interventions!) but that doesn’t mean the teams you expect to jump on a future project are and may just be too busy. You need to create positive excuses to engage.
  3. Embed a few deep experts. Most see the friendly side of AI: chat-like interfaces that make it easy to ask questions. Behind these technologies are machine learning and statistical methods. AI likely doesn’t have one major use case but turns up in lots of tools and processes, which means your team needs to prioritize and separate the wheat from the chaff. Understanding the methods behind these tools helps evaluate them and understand their best use for your organization. At SANS, we’ve noticed many security leaders putting their tier 3 people into our classes, like SEC595, to know more than the layman; understanding the power behind AI technologies and how to prioritize it.
  4. Interestingly, (I’ve observed this in many major organizations) with many hot trends folks ‘wait for it to happen’ to them. “I’ll wait for AI to develop and figure it out later”. You can incentivize your team to engage now with webinars, summits, hackathons, and more.

Building bandwidth for your teams, and skills and making sure folks participate with their peers to hear about the latest use cases always produce the best results to jump on the wave once a trend starts to become more material in its impact.

At SANS Network Security 2024, coming this September to Las Vegas, NV, your team will have the chance to engage in those AI use case discussions with industry professionals from around the world and take their learning from theory to practice. Learn more here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button