September 5, 2019

A third of experts predict cybersecurity won’t need human decision-makers within a decade

By Lucy Ingham

A third of cybersecurity experts believe the rise of AI in cybersecurity will see the end of humans making security decisions within a decade, according to research published today.

In a survey cybersecurity experts conducted at Info Security Europe by One Identity, 33% of cybersecurity experts said that they believed there would be no need for humans to be involved in the cybersecurity decision making process in less than ten years.

A further 13% said they thought this would happen in more than ten years, while 14% said they thought there was already no need for humans to make such decisions thanks to the rise of AI in cybersecurity.

Only 40% said they thought that AI would never become advanced enough to remove humans from the cybersecurity decision making process.

The state of AI in cybersecurity

The use of artificial intelligence in the cybersecurity space has seen rapid proliferation in recent years, particularly to automate often mundane and repetitive processes within the space, or to lighten the load of cybersecurity researchers, who are in short supply in a growing field.

Machine learning (ML) has in particular proved popular in the cybersecurity space, such as to identify when hackers are attempting to breach networks, a process known as network intrusion detection.

However, some experts argue that while the technology is useful, it is not at the stage where it can be trusted to identify every last threat, particularly given that the quality of any ML ultimately relies on the data it is trained on.

“Machine Learning for network intrusion detection can be a useful tool, but it is important to remember that it is just a tool among many, and not a magic cure-all,” said Vern Paxson,  co-founder and chief scientist at Corelight.

“For some problems, it can be difficult to get high-quality labels (or even any labels at all), which makes both training and evaluation much more difficult.

“ML can indeed be a powerful tool for the right detection problem (for example, email spam filtering), but whether it’s an apt tool is highly dependent on the technical particulars of the problem.”

Countering AI cyberattacks

While AI in cybersecurity is advancing, its use is by no means limited to cybersecurity professionals.

Hackers and other malicious threat actors are also making use of the technology to automate attacks, make them cheaper to carry out or increase their level of sophistication.

Advances in this field have led experts to predict that such AI-based cyberattacks will grow in the future, and that cybersecurity experts will need to also use AI to respond.

“AI became a tool that is available to all, including attackers,” Natan Bandler, CEO and co-founder of Cy-oT, previously told Verdict.

“Cybercrime is a fast growing market and, naturally, hackers use any available tool they can.”

Bandler’s predictions are already beginning to come true, with a senior executive recently being conned into sending €220,000 to a malicious party after receiving a call from an AI mimicking the CEO of their parent company.