Using AI in Cyber Incident Response Demands a Total Safety Check

Cybersecurity incident response is a developing area that’s increasingly using artificial intelligence-based technology. AI and cyber threats are converging in a unique way—as AI generates a host of new and sophisticated cyber threats, it’s being deployed in software and service offerings that could make cybersecurity incident response more efficient and effective.

Companies should realize the AI-driven evolution of cyber threats and consider deploying AI-based tools to fortify their cybersecurity programs.

New Threats

Cyber criminals or threat actors use AI to launch targeted and effective cyberattacks, often using low-cost AI tools that are upending the cyber threat landscape. Threat actors use AI to create malware and other viruses quickly, making these threats available to almost anyone interested in becoming a hacker—regardless of technological background or programming skills.

Threat actors also are using generative AI to create effective phishing, smishing, and vishing messages that lack the poor grammar, improper tone, or misspellings that have been hallmarks of these types of attacks. The translative power of these tools makes it easier to create content in multiple languages, increasing the geographic scope of threats.

AI is enabling threat actors to generate more effective deepfakes—phony images, audio clips, or videos of events and individuals. Deepfakes mimic images, voices, and even videos of individuals to perpetrate identify theft, social engineering, and other frauds. AI-based technologies are making it more difficult to discern what’s real while making cyberattacks quicker, easier, more widespread, and even broader in scope.

Enhancing Security

Our reliance on computer-based technologies, coupled with the rise of new AI-generated cyber threats, creates new risks for companies and makes cybersecurity preparedness essential.

The arms race for offensive and defensive superiority in cyber warfare is always evolving. The power of AI is creating a host of new tools and services to combat cyber fraud that is entering the marketplace and becoming increasingly cost-efficient. Some of their capabilities include:

Automating threat detection activities without human intervention, increasing effectiveness and efficiency of threat mitigation and detection
Detecting and identifying vulnerable patterns and potential failures within company networks and monitoring them in real time
Analyzing patterns, content, anomalies, and links in emails before they enter a user’s inbox to prevent phishing attacks, and analyzing audio and video content to quickly identify potentially fraudulent content
Using advanced learning techniques to quickly investigate large volumes of potentially malicious data
Analyzing historical data to identify the root cause of an incident
Streamlining incident response by automating communications to appropriate team members, categorizing and triaging incidents based on their potential to harm an organization, and simplifying the process of documenting incidents.

Perfect off the shelf solutions for incident response don’t exist, and organizations must spend the necessary time and effort to properly implement and calibrate the appropriate technologies into their environments.

To optimize the effectiveness of the AI-based solutions, these tools must be “trained” on the right data within an environment and that their settings, rules, configurations, and any assumptions are properly constituted for that environment.

Security Tools

Since many providers are entering the market for AI-based cybersecurity and incident response solutions, companies must ensure they’re using the right tool from the right vendor by asking:

What AI tools does the vendor use to analyze or modify your data?
Were the vendor’s AI tools developed in conjunction with experienced incident response professionals?
Within any solutions, to what extent are results generated by AI versus traditional analysis methods?
What are the sources of data that the vendor used to train and develop any AI tools, and how extensive were those datasets?
Does the provision of data to a vendor (and for this purpose) comply with applicable privacy laws and/or confidentiality obligations?
What restrictions are imposed on the vendor’s ability to use (or further use) any data provided?
Can the company’s confidential information, sensitive information, or trade secrets be prevented from entering the vendor’s AI tools?
If not, what measures does the vendor have in place to protect this information?
How are ownership rights protected in any AI-generated output that includes or is based upon the company’s data?
How are answers generated by the AI tool verified to ensure accuracy and completeness?
Does the company’s technical team understand how the AI tool works, including what objectives it does or doesn’t meet, what training or calibration is required, and what ability exists to oversee the implementation of the tool?

Both the threats created by sophisticated AI applications and the cutting-edge AI-based tools developed to fight these and other cyber-related threats more efficiently will continue to grow.

Companies should evaluate implementing AI-based security tools into their cybersecurity and incident response programs to supplement and advance cyber prevention and preparedness planning. As part of this process, companies should understand the vendor and the tools they acquire to ensure efficient, effective, and compliant implementation.

It’s time for companies to take advantage of the power of AI to prepare themselves for the next generation of cyber threats.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Author Information

Matthew White is co-chair of Baker Donelson’s financial services cybersecurity and data privacy team.

Justin Daniels is a shareholder at Baker Donelson, providing corporate advice to growth-oriented and middle-market domestic and international technology businesses.