AI is becoming increasingly important in cyber defense. But to what extent should companies leave their security to AI and what role should humans play in this? Finally, attackers are now using more and more AI techniques.
For many companies, an attack on their infrastructure has long been a question of “when” instead of “if”. According to current statistics, attacks in Germany increased by 2022 percent in 27 compared to the previous year. According to a Bitkom study, 84 percent of companies in Germany have already fallen victim to a cyber attack, and almost half expect an increase in the next 12 months. This increase in attacks can be attributed, among other things, to the increasing professionalization of cybercriminals and their use of AI-powered tools that enable broad attacks, according to Dane Sherrets, Senior Solutions Architect at HackerOne.
Vulnerabilities with increased risk potential
Companies know that they are potential targets, have prepared for these circumstances and also use automated testing and monitoring tools. These can immediately sound the alarm, enable quick intervention and better prevent damage from occurring. However, the capabilities of automated testing tools remain narrowly limited to their area of application and are primarily suitable for discovering known vulnerabilities and common coding errors. There remains a residual risk of undocumented vulnerabilities that are not covered by such tools. Some of them can only be discovered through the sustained vigilance of an experienced human who understands the full context in which a system operates.
This is an approach that cyber criminals also use. They combine the capabilities of automated tools with human-developed tactics to apply effective attacks or fraud methods at a scale that was previously not possible. It should also be noted that AI applications used in companies can also have vulnerabilities. Cyber criminals can exploit these to distort business logic, maliciously disrupt customer relationships or exfiltrate sensitive data.
Defy AI: People remain indispensable
It is becoming increasingly important for companies to understand their attack surface at a granular level and how to protect it. To do this, they urgently need human experts to subject their infrastructures to comprehensive security tests - not just different versions of the same scan. People are able to conduct contextual analysis, understand the specific requirements and intricacies of an organization's security profile, and adapt their testing approach accordingly. They can provide insight into potential vulnerabilities specific to the software, environment, or industry and help organizations effectively address unique security challenges.
This enables a more layered approach to security by combining automated scanning with other proactive security measures such as manual penetration testing, threat modeling, code reviews and security audits to uncover potential unknown vulnerabilities. Research shows that human security experts do this much faster and more accurately than automated solutions: almost 85 percent of bug bounty programs uncover one or more high-level or critical vulnerabilities, while 92 percent of ethical hackers say they can uncover vulnerabilities that Cannot find scanner. While cybercriminals look for ways to gain access to a company's system without permission, ethical hackers can ensure that vulnerabilities and security holes are addressed as quickly as possible, leaving attackers nowhere to start.
User intelligence determines the capabilities of AI
AI-supported automation can support humans in cybersecurity, but it does not yet make human expertise indispensable. Cyber threats are constantly evolving - with new vulnerabilities emerging. Companies should therefore continually evaluate and improve their security practices, stay up to date on the latest threat intelligence, and invest in regular security assessments by qualified security experts, testers and hackers. The need for security experts will continue into the future, but AI technology can enable companies to use them more efficiently and better according to their individual security needs.
More at HackerOne.com
About HackerOne HackerOne closes the security gap between what companies own and what they can protect. HackerOne's Attack Resistance Management combines the security expertise of ethical hackers with asset discovery, continuous assessment and process improvement to find and close gaps in the ever-evolving digital attack surface.
Matching articles on the topic