Many discussions about the human element in cybersecurity center around human fallibility and error. From misconfigurations to selecting weak passwords and getting duped by phishing emails, the mistakes people make play a visible role in cybersecurity incidents. It’s important not to forget though that companies depend largely on human skills and expertise help to thwart cyberattacks.
Still, recent technological developments, especially in the field of artificial intelligence, have called into question the future of this reliance on the human element in cybersecurity. Is human input even necessary in a world of advanced AI-driven and automated security solutions? Here’s why the human element still matters.
According to a 2021 survey of 500 IT leaders, a startling 32 percent of respondents believe that AI will completely automate all cybersecurity tasks, with little need for human intervention. This perception of diminished human importance in cybersecurity likely stems from rapid and continued advancements in AI. At the heart of the matter is the belief that AI will automate and thus replace everything humans can do.
The discipline of cybersecurity has benefitted enormously from these technological developments, with examples such as:
The emergence of astonishing language models like ChatGPT-3 and commentaries about its societal impact naturally stoke further concern across many sectors about job security in the face of this sophistication. After all, ChatGPT effortlessly finds security weaknesses in code and even writes scripts for common security tasks. It’s not too hard to envision a future upgraded model that performs a whole host of useful cybersecurity tasks at speed and scale unmatched by humans.
In a labor market already stretched for talent, an additional concern here is that people might feel deterred from considering cybersecurity careers if common roles are perceived as likely to be replaced by AI.
A better way to frame technology is that it augments the security skills available at organizations. The cybersecurity analyst’s role may change as technology evolves, but that role won’t be redundant. Some examples of the ways technology streamlines security tasks and workflows include:
Security operations centers
Faced with IT ecosystems full of thousands of daily events, security operations teams must figure out what’s malicious and what to ignore. Dedicated SIEM solutions gather and correlate data from tons of different logs, tools and other sources, but even this level of automation still comes with the task of deciding which alerts to prioritize and which are false positives. Here, automation has replaced manual data collection and analysis, but it hasn’t rendered human input redundant.
To take the point further, look at the emergence of security, orchestration, automation and response (SOAR) tools in recent years. These tools add a further layer of automation to security operations centers by creating playbooks of automated workflows based on alert data. The result is that human security analysts can now respond faster and more efficiently to genuine threats by automating the manual and time-consuming tasks involved in triaging incidents.
Software supply chain risk management
Software supply chain risk management is an increasingly important challenge relating to managing any security risks arising in your applications from outside sources. Modern apps are deployed on virtualized infrastructure and composed of proprietary and open-source code. Manually tracking and securing the components in all the apps that companies deploy is no easy feat.
Thankfully, automated solutions like software composition analysis (SCA) are helping security teams to identify and track open-source components in their code. SCA makes it easier for security teams and developers to remediate software supply chain risks from vulnerable code artifacts.
So, what do people bring to the table that technology doesn’t?
The business understanding that people have versus machine learning models and other advanced technologies makes them unlikely to be replaced any time soon. Humans have intricate knowledge of the nuances of their company, the interaction between people and technology, the level of cybersecurity awareness, the regulatory environment and the overall strategic goals of the business. This knowledge plays a pivotal role in any comprehensive cybersecurity program; merely detecting threats faster or automating more tasks isn’t sufficient.
Descriptions of creative thinking often use the “thinking outside the box” metaphor. Cyber analysts require this ability to identify new unforeseen threats or develop new ways of doing things to overcome security challenges. Penetration testers need these skills to try a host of different unconventional attack methods.
When considering AI’s creative abilities, it’s important to note that its creativity is limited to “inside the box.” In other words, AI systems can only think creatively based on the data they’ve been trained on. Humans don’t have this constraint on their creativity.
Emotional and Psychological Intelligence
While many cyberattacks use the assistance of tools, botnets and algorithms, behind those operations ultimately lies a human threat actor or actors. Predicting, understanding and modeling cyber threats must always account for the motives that guide cybercriminals’ behaviors in addition to the psychological flaws that make human users susceptible to mistakes that allow hackers in. This emotional and psychological intelligence required for cybersecurity makes human input a necessary piece of the puzzle.
The fear of technological progress rendering human skills redundant has longstanding roots in the human psyche. Ever since machines began to replace people in the Industrial Age, further improvements in technology are met with worry as well as optimism.
The argument here is that the human element in cybersecurity remains vital and will for the foreseeable future. AI and technology will change security roles to the extent that they free up resources from menial or repetitive tasks to more value-driven output. But this will be an augmentation rather than a replacement.
Any further shrinkage in the talent pool driven by concern about cybersecurity’s feasibility as a career path will lead to more demand and need for outsourced and managed security services. If your business currently struggles to meet its cybersecurity needs in-house, Nuspire’s range of managed services includes managed detection and response, vulnerability management services and consulting. Contact us today to learn more about how we work to be an extension of your team.