Cyberattacks are a major challenge for companies. Can AI help to prevent them? [shutterstock: 729110329, Timofeev Vladimir]
[shutterstock: 729110329, Timofeev Vladimir]
Blog Security

IT Security: Fighting Cyberattacks With Artificial Intelligence

Maintaining IT security poses major challenges for many companies. Cyberattacks are not only becoming more frequent but also more vicious. Many attacks are initially undetected, resulting in even more far-reaching consequences for companies. In order to ward off cyberattacks in advance and to minimize potential damage, a holistic approach is required.

AI in cybersecurity

Many IT decision-makers see AI as the only way to successfully upgrade against attacks. However, AI is only in its infancy in security technology in order to serve suitable fields of application. With the help of AI, the detection and defence against cyberattacks can be significantly improved and AI will soon play a major role in prevention.

However, there are limits. It would be almost negligent to rely solely on artificial intelligence. The algorithms have a narrow focus and work with standardized sets of rules. Clever cybercriminals are able to introduce new scenarios that are completely new to the algorithms in order to break new, not secured ground. Identified viruses should be classified and examined by humans in order to avoid unnecessary false alarms.

In each case, it is important to check whether AI should only be used as a tool in the corporate IT security strategy or whether it should increasingly cover the security area. If necessary, the entrepreneurial focus must be directed more towards the necessary human resources. From today’s view, successful and therefore secure anticipatory action, just like forensic thinking, is still reserved for human intelligence.

The position of IT security

In many large companies and corporations, the position of the IT security officer is deliberately located in the management. Hazards and risks are cross-sectoral, all companies are subject to the same attack patterns. But how can companies protect themselves? Security as a tailor-made product from the catalogue does not exist and there are still limits to AI.

Sufficient defence against cyberattacks should normally be the responsibility of the company management. It is essential to set up a functioning IT risk and IT security management system in the company to minimize the attack possibilities for hackers. Security measures must be developed, implemented and executed and also constantly monitored, reviewed and improved.

Required skills for security specialists

Security specialists need to be much more broad-based in terms of their qualifications and profiles than mere IT experts. They focus on implementing and executing a sustainable and resilient ISMS along with data protection and physical security measures to achieve comprehensive security solutions and operational risk and crisis management.

Effective prevention work and the planning of potential attack scenarios are also standard tasks. Such planning requires – in addition to pure programming languages – several years of relevant professional experience in the area of information security, certification such as CISSP, CISM, CISA as well as very good knowledge in the area of security, network and also cryptography.

In addition to the knowledge in the field of encryption with a mathematical focus and a specialist course such as in economics or MINT, a sound professional experience in IT security (threat response/analysis and intelligence), CERT, conception of intrusion detection and prevention systems is also required. Solid knowledge in the fields of anti-malware software, network administration, IT security or IT forensics and the common scripting and programming languages are just as important prerequisites as a pronounced skill in communication and documentation.

Conclusion

In the coming years, it will be increasingly important for company managers to understand the topic of cybersecurity as a brand attribute and not just wait for this problem to resolve itself. Responsibilities must be reorganized and established. AI is an option but not the only way to combat cybercrime. Those who acquire the desired and suitable specialists and managers with this knowledge in due time already have a clear competitive advantage.

Source:
Hager UB

About the author

Martin Krill, Hager UB

Martin Krill has been working for Hager Unternehmensberatung for more than fifteen years and was made a managing partner in 2004.

Add Comment

Click here to post a comment

Sign up for e3zine´s biweekly newsbites

Please do not use administrative mail adresses like "noreply@..", "admin@.." or similar as these may get blocked for security reasons.

We use rapidmail for dispatching our newsletter. By signing up, you agree that the data you have entered will be transmitted to rapidmail. Please take note of their terms and conditions and privacy policy.termsandconditions.

Our Authors