We all know that complexity is the enemy of effective cybersecurity. Yet organizations around the world are transforming their operations to deliver new digital experiences. This results in a higher degree of risk in complex environments. We have found that incident volumes increased by 13% in 2023, reaching 16% in enterprises, where scale and operational complexity are greatest.
It’s no surprise that in this rapidly evolving landscape, improving security and reducing risk is a top priority for IT and business leaders, often outpacing revenue growth and customer experience. There is some good news, however. AI is already playing a major role in transforming enterprise IT operations. It could also do the same for security posture. The role of the CIO will be to ensure that the adoption of AI does not create more problems than it solves.
A useful companion
Our research shows that 71% of organizations are looking to increase their investments in AI and machine learning in the coming year. In particular, generative AI (GenAI) has attracted the attention of many IT leaders after a breakthrough in 2023. From a cybersecurity perspective, it could be deployed in a variety of use cases, from training employees and security teams to test vulnerability scanners and prioritize. security updates. But one of its most obvious uses is to improve incident responder productivity.
GenAI’s ability to quickly summarize large amounts of information and provide answers from an established data set is rapid, making it a hit with incident response teams. It allows teams to reduce the time spent coordinating and processing information during incident management, for example by talking with stakeholders and customers. This means they can spend more time resolving incidents, which is essential in a world where customer experience can have a major impact on revenue and brand reputation.
In this context, GenAI is more of a sidekick than a superhero. It can support security teams and incident responders in their work. But if you give large language models (LLMs) too much leeway to “think” and resolve incidents independently, CIOs can run the risk of dangerous hallucinations. In these circumstances, the risk outweighs the expected rewards.
GenAI and beyond
Fortunately, security teams don’t just have GenAI. Even before an incident occurs, they can leverage event-driven automation to hand off most of the heavy lifting to machines. Consider incident volume: multiple alerts for the same underlying issues can be annoying at best. In the worst cases, they can have a significant impact on a security team’s ability to respond to an incident. But AI and automation can group alerts for related issues within a single incident, reducing noise so responders can focus properly. Likewise, smart tools can reduce the volume of events so that only the most important events are presented to stakeholders.
During triage, machine learning and automated diagnostics can be deployed to surface useful context such as where the incident likely originated, how past incidents were resolved, and whether other teams are experiencing the same issue. This will speed up the response by eliminating the need for manual information collection.
Next comes incident resolution. Here, GenAI and automation can be deployed as a sort of incident response co-pilot to answer critical questions and streamline workflows. In doing so, technology can help responders investigate likely causes through natural language interactions and suggest remediation paths – to speed up mean time to repair. It will also help automate manual and time-consuming tasks such as creating communication channels and writing updates; further optimize employee productivity and accelerate resolution times.
If there’s one thing GenAI excels at, it’s communication. So, having a tool that makes it simple to share automated updates with key stakeholders and customers can add significant value to incident responders. Ultimately, this helps build trust internally and improve the customer experience.
Front and center
GenAI can be an extremely useful tool for responding to security breaches and incidents, allowing teams to save valuable time on tasks such as communicating with stakeholders while suggesting different ways to approach difficult problems. But it’s not a panacea: it works best when used to augment rather than replace human labor.
It’s not the only game in town, either. Machine learning and other AI tools can also be deployed to good effect to help reduce alert overload and improve triage. But no matter what type of AI CIOs choose to aid their teams, humans will remain at the forefront of incident response, effectively supported by their GenAI sidekicks.
To learn more, visit us here.