By Alex Papanikolaou February 23, 2023
Supervised vs automated response to cyberthreats
Cyberthreats are continually becoming more sophisticated, thus creating a demand for an equally advanced threat detection and response. Detection of cyberthreats can very much benefit from the adoption of AI, as it is able to detect attack patterns and perform correlations among various security-related events. However, when it comes to incident handling, a fully AI-enabled approach may actually cause more harm than good, due to the critical human factors involved.
Handling cybersecurity incidents is usually faced with the following challenges:
- Complexity: A high level of technical expertise may be required for resolving a complex cybersecurity incident.
- Time pressure: In order to mitigate a cybersecurity incident, quick actions may be required, which can create significant time pressure and stress to a human operator, thus leading to mistakes or oversights.
- Alert fatigue: Cyber incident response systems usually generate numerous alerts which can cause alert fatigue to a human operator. That is, to become desensitised to alerts and overlook critical information.
- Lack of integration: Cyber incident response systems tend to make it difficult for human operators to integrate information from different systems, thus leading to potentially incomplete or inaccurate reactions.
- Lack of automation: Although some incident response processes can be automated, there are still others that require substantial human intervention, which can cause bottlenecks or errors in cases where the handling of multiple incidents is required.
- Lack of training: Human operators need to be adequately trained on each cyber incident response system to use it effectively and/or protect the organisation against attacks.
The interplay between AI-enabled incident handling and critical human factors needs to further be researched, with respect to the understanding of the system under protection, in order to mitigate cyber incidents more effectively.