AI will form a key component of cyber defense strategies in 2023, allowing companies to move to an entirely new approach to cybersecurity.
Cybersecurity threats evolve quickly. Because of this, companies look to innovative tools to respond to threats and—even better—prevent them in the first place. Previously, Gartner outlined its top seven cybersecurity trends for last year. With each one, it becomes more apparent that humans will need the support of artificial intelligence and machine learning tools to stay ahead of the curve.
These predictions for 2022 are becoming even more potent for this year. Companies will need a flexible, dynamic arsenal of AI/ML-driven tools to manage cloud environments, remote work, and continued disruptions.
The rise of permanent remote work positions has put companies at a crossroads. Remote has been positive for workers and a sigh of relief for companies that weren’t sure if their operations would survive the shift. However, the downside is that these workers need access to company resources wherever they are–prompting companies to shift to the cloud–and that has exposed broader attack surfaces.
Gartner believes companies should look beyond traditional approaches. And some companies certainly have. AI can enable continuous monitoring across all environments, handling even the cloud’s ephemeral resources by initiating advanced programs designed for complete observability. For example, Security Information and Event Management (SIEM) aggregates and analyzes log data from various sources, such as network devices, servers, and applications, in order to provide real-time visibility into security-related data.
Related to trend 1, trend 2 sees the misuse of credentials as one of the most common ways threat actors gain access to sensitive networks. Businesses are setting up what Gartner calls “identity threat detection and response” tools, and AI and machine learning will support some of the most powerful ones.
For example, AI-based phishing tools use machine learning algorithms to detect and block phishing attempts by analyzing email content, sender reputation, and email header information. In addition, companies can leverage anomaly detection. These AI-based detection tools can use machine learning algorithms to detect anomalies in network traffic, such as abnormal patterns of login attempts or abnormal traffic patterns.
AI can also alert administrators when threat actors attempt credential stuffing or using large amounts of stolen credential information for a brute-force attack. And although humans might be disappointed to learn how predictable we are, AI can also analyze typical behavior patterns to detect behavior anomalies like login attempts from a new location, which helps detect potential intrusions faster.
Gartner predicts that 45% of organizations worldwide will have experienced some attack on their supply chain by 2025. Supply chains have always been complex networks, but the addition of big data and quick shifts in customer behavior have stretched margins to razor-thin proportions.
Companies are leveraging AI in all kinds of ways to prevent disruptions, mitigate risk, and pivot quickly when something happens. Digital twin tools can successfully run hypothetical scenarios on exact digital replicas of supply chains to find the best solutions in just about any scenario. It can also engage in advanced fraud detection or leverage deep learning algorithms to analyze network traffic and detect malicious activity, such as malware and DDoS attacks. In addition, AI-based response systems can act quickly to respond to perceived threats to prevent an attack from spreading.
Gartner believes vendors will continue consolidating their security products and services into packages on single platforms. While this could make certain challenges more prominent—introducing a single point of failure, for example—Gartner believes that it will reduce complexity in the cybersecurity industry.
Collaboration security is growing in popularity among organizations, as well. Companies realize their digital landscape is no longer a narrow, on-premises scope handled by traditional security features. By fostering a culture of security across the enterprise and partnering with services offering these above-mentioned security packages, companies could hope to reduce some of the weaknesses inherent in a complex digital infrastructure.
Gartner predicts that by 2024, organizations that adopt a cybersecurity mesh will drastically reduce the financial impact of individual security incidents. This is a clear potential gain for companies adopting AI-based security tools because AI-based systems can:
- Automate repetitive and time-consuming tasks, such as incident triage, investigation, and response, which can help to improve the efficiency and effectiveness of the cybersecurity mesh.
- Use machine learning algorithms to analyze data from various sources, such as network traffic, logs, and threat intelligence feeds, to identify and respond to potential security threats in real time.
- Use data from various sources, such as financial transactions, social media, and news articles, to identify and assess potential risks to the cybersecurity mesh and adapt the security measures accordingly.
- Leverage machine learning algorithms to detect anomalies in network traffic, such as abnormal patterns of login attempts or abnormal traffic patterns, which can help to identify and respond to potential security threats.
- Deploy machine learning algorithms to detect and respond to security incidents and automatically implement measures to prevent similar incidents from happening.
- Integrate with other security tools, such as firewalls, intrusion detection systems, and SIEM, to provide a comprehensive and coordinated security solution.
Each of these capabilities makes establishing a cybersecurity mesh possible.
The digital landscape is too complex for a single CISO to make every single decision. Gartner believes the CISO role will expand, allowing the CISO to continue to shape policy while carefully placed leaders will enable decentralized decisions.
AI-supported decision-making is key to this evolved CISO department role. Automation and advanced observability allow leaders to view the landscape in real time and receive actionable steps to mitigate or pivot based on the latest data. In some cases, automation can reduce the need for human decision-making in targeted areas, freeing humans to take on more complex troubleshooting and response.
Gartner is clear: traditional security responses are no longer viable in today’s evolved security landscape. Human error remains the cause of most security incidences, and organizations should move to a much more progressive, holistic approach than traditional awareness campaigns.
This means using AI for more than simply predictions. AI can analyze user behavior for anomaly detection, dynamically adjust authentication requirements based on real-time risk assessment, and learn from each incident to ensure scale and flexibility in threat detection. Even more, threat actors themselves are using AI to break traditional security patterns, so deploying AI to fight these attacks will be the only way forward.
AI will become even more essential for cybersecurity in 2023
Gartner’s trends played out in 2022, but we’re just gearing up to see dynamic AI responses in 2023. Companies understand that with disruptions and cloud migrations, nothing is going back to pre-2020 security operations. Instead, AI will form a key component of cybersecurity that underpins each trend and moves companies towards an entirely new approach to cybersecurity.