As well as sitting on the Reliance acsn Advisory Board, Professor Nick Jennings CB, FREng, is the Vice-Chancellor and President of Loughborough University. He is an internationally-recognised authority in the areas of artificial intelligence, autonomous systems and cybersecurity. Alongside his career in universities as an academic, Nick spent six years working in government as the Chief Scientific Adviser for National Security.
We recently caught up with Nick to discuss the role of AI in cyber security and to find out his advice for businesses, when it comes to managing the cyber threat landscape.
Are the robots really taking over?
It is estimated that the pandemic has sped up digitalisation of our society by around six years, with technology increasingly implemented across most of our lives with enhanced remote working and automation. As a unique cohort of people – Generation Z – enters the workforce, employers are increasingly forced to accommodate the demands for modern technology, flexible working and a digital environment. According to The Digital Natives Report, published in 2020, Generation Z and Millennials currently account for 38% of the workforce, a figure that is expected to shoot up to 58% by 2030. Their comfort and indeed, passion for new technologies can often far exceed their elders’.
Nick explains, “While there are those that recognise the clear potential of automation and AI, there are those that also sit at the very opposite end of the spectrum of understanding too. Many believe that AI is a magic solution – an autonomous system that can identify problems and tell us the most appropriate solutions. Others worry that ‘the robots are taking over’ and that AI will take much needed jobs away from our growing workforce.
“I don’t believe either of these two extremes are likely. Machines cannot operate separately to people, and so, we must learn to become effective collaborators.”
Those working within the cyber space will recognise the importance of blending cutting edge technologies with human resource for best effect. This is the basis of an effective Threat Intelligence and Managed Detection and Response capability, after all.
Nick continues: “Despite what many people may understand from the headlines, AI does not have broad-based, common sense instincts. AI systems can often complete narrowly defined tasks very effectively – often a lot quicker and more effectively than is humanly possible. However such systems cannot readily explain their reasoning or rationale in the way that human can. They simply do not have the frame of reference, the nuanced understanding or the gut instinct that people have.”
As businesses grow computer networks are becoming more complex, organisations can use AI to carry out routine, data led tasks, spotting patterns or anomalies. This lets humans focus on strategic, problem-solving roles supported and challenged by smart software.
Human collaboration with tech
Many businesses have invested in AI systems to help them predict and mitigate against potential cyber-attacks. While AI can be a powerful tool in many processes, it shouldn’t be relied on to operate in isolation without the insight of a human partner.
Nicks says: “As online networks become larger, they will also become much more complex as they incorporate IoT and ‘Bring Your Own’ devices, for example. Here, it is essential to implement AI solutions to carry out checks and processes that would simply be impossible for a human to do.
“However – and this is the crucial point – such systems can’t accurately determine the organisation’s appetite for risk because they cannot accurately assess the risk. Such assessments are needed to manage the complex trade-offs between being permissive and overly risk-averse. You absolutely must have a collaborative process in place between humans and machines to ensure this vital assessment process take place and is actioned, quickly and appropriately.”
In our conversation, Nick explained that task competency is something the technology sector is currently focused on and it is likely that we will start to see more human-level performance in narrowly-defined tasks in the next five years or so. This will increase the way that technology can be used and the roles it can carry out with businesses and as a player in cyber security protection.
The biggest risk for business
The battle for cyber security is constant, and businesses should include it within their planning and risk assessments on an ongoing basis.
“Cyber criminals are constantly finding new ways to access computer networks and this means that implementing a cyber security strategy and then simply forgetting about it is not an option for businesses today ,” advises Nick.
“Given the potential business risk, cyber security needs to be on the Board agenda with a Board member who engages with the CISO and the wider security team responsible for the strategy. While AI may detect abnormalities in business systems, it won’t help them evaluate the business impact of any decision taken to mitigate the risk. This really is all down to the Board.
“It is vital that businesses are able to recognise what unusual looks like quickly, so they can put the appropriate processes in place to prevent a cyber-attack or to defend against any potential breaches as they occur.
“The key thing to remember is that cyber security is never ‘done’ – it isn’t a process businesses can complete – so teams must keep adapting and constantly evolving in order to ensure they are protected and can stay ahead of the next threat.”
Reliance acsn offers a range of services to help protect your organisation against evolving threats. Click here to hear more about our managed detection & response (MDR) service.