This is the third and final installment in our three-part series on how cognitive security can help organizations protect their critical assets. Be sure to read Part 1 and Part 2 to learn how cognitive tools can help security leaders address the speed, intelligence and accuracy gaps.
Are you ready for cognitive security?
The world we live in today presents enormous challenges and opportunities. Even though organizations have improved their security posture, attackers are still making quick work of getting in and stealing stuff.
Security leaders point to the incremental improvements they have made to increase their incident response capabilities and response times. But while defenders are making progress, albeit slow progress, attackers are keeping ahead, both in terms of attack frequency and their ability to evolve their approaches to thwart defenses and responders.
Anyone who has been in the field of information security long enough to track trends likely has that uneasy feeling that things haven’t been getting better. On the defense side, we’re barely keeping up. Additionally, organizations struggle to fill new security positions or even just retain their existing security staff. The following image illustrates the tough position IT is in today:
“We have never known a technology with more potential to benefit society than artificial intelligence,” wrote Guru Banavar, the chief science officer of Cognitive Computing at IBM, for Harvard Business Review. “We now have AI systems that learn from vast amounts of complex, unstructured information and turn it into actionable insight.”
Cognitive computing has the potential to shake up the cybersecurity landscape. This isn’t lost on the security leaders surveyed for the IBM Institute for Business Value (IBV) report, “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System.” Given that many identified incident response and resolution speed as a top security concern, 57 percent of respondents pointed to the potential of cognitive computing to significantly slow the efforts of cybercriminals.
When the IBV team analyzed the patterns in the responses, three main groups emerged, corresponding to different classes of readiness on the path toward adopting cognitive security: organizations that are Pressured, those that are Prudent, and those that are Primed.
- The Pressured (52 percent) reported funding and staffing challenges and appeared to be less familiar with the benefits of cognitive computing than the other two tiers. These organizations also tended to receive a smaller share of the IT budget, had issues obtaining sufficient funding, and struggled to hire and retain staff.
- The Prudent (27 percent) can be thought of as the middle ground. This group did not report the same level of constraints as the Pressured, but they were not quite ready to implement cognitive security in the near term.
- The Primed (22 percent) group is much more familiar with cognitive security benefits, has more confidence in the value it can bring and appears to command — or benefit from, depending on your perspective — the highest slice of funding relative to the IT budget.
Ninety-two percent of Primed organizations reported having over 10 percent of the IT budget dedicated to security, compared to 81 percent for the Prudent, and only 55 percent for the Pressured. The Primed group also reported being more effective at communicating risk exposure effectively to executives and boards of directors (81 percent), compared to Prudent (67 percent) and Pressured (55 percent) organizations. Similarly, the Primed group reported having defined metrics to assess security operations for accuracy and productivity (74 percent), versus 62 percent for the Prudent and 57 percent for the Pressured.
Getting Primed for the Cognitive Security Revolution
What is the best way for Prudent or Pressured organizations to catch up to their Primed peers? The report provided a list of recommendations, including:
- Recognize your weaknesses, especially those surrounding responsiveness, having access to threat intelligence and distinguishing events from incidents.
- Learn more about cognitive security capabilities and how they can help address your organization’s weaknesses. However, realize that some of this knowledge should be shared with both technical and business leaders to ensure buy-in when the time comes to discuss a path toward adoption.
- Define an investment plan, because security leaders need to justify their security investments — including the adoption of cognitive security.
One way to justify the return on investment (ROI) is to look at the benefits well beyond the confines of IT and security. The right security investments provide advantages across the entire organization by reducing the cost of dealing with incidents and, when the worst case happens, reducing the overall damage of a data breach. Security leaders should work with HR to document potential savings related to staffing and with the legal department to document potential savings related to improved incident response detection capabilities, incident response times and accuracy.
Building Trust in AI
Some of your colleagues may have deep aversions to using cognitive security to snoop on all data. As Banavar put it, the era of cognitive computing means that, in just a few short years, AI systems will be able to “pervasively support the decisions we make in our professional and personal lives.”
We also need to realize, however, that humans will need time to trust AI systems. Banavar compared this to trusting someone in the context of a personal relationship. It takes time, and each party is sure to scrutinize the other to ensure they behave as expected and, in the case of cognitive security, within operational parameters. But the organizations that start this process early will be in the best position to succeed in the long term.
“Delaying the implementation of artificial intelligence is not an option,” Banavar wrote. “We pay a significant price every day for not knowing what can be known.”