A lack of digital maturity is holding Australian businesses back from realising the benefits of AI for cyber security, according to ManageEngine, an IT security, operations, and service management software firm.
Ramprakash Ramamoorthy, head of AI research at Zoho Corporation and ManageEngine, told TechRepublic that many local businesses are having difficulties achieving a return on investment from AI. Digital maturity, he explained, is the key to unlocking AI-driven benefits, such as automated detection and response as well as the rapid upskilling of cyber security staff.
Disconnection between systems and departments has made AI return on investment hard to achieve.
“There is a lot of hype around AI,” Ramamoorthy said. “Yes, there are AI solutions in a lot of software tools these days, including the security tools, but it’s very difficult to get the return on investment.”
Ramamoorthy added, “The trend we have observed is … give the same AI stack to three different companies, they will have three very different return on investments, three very different experiences from AI.”
Part of the problem is that Australian businesses often have an “inter-departmental digital divide” — meaning some departments are highly digitised, while others are not, creating significant disconnection between departments.
“This inter-departmental digital divide is one of the bigger reasons AI is not effective, and so we generally say digital maturity is the first step to attaining AI maturity,” Ramamoorthy said.
This divide exists, Ramamoorthy said, because software vendors have traditionally sold products directly to individual business departments, such as marketing and sales or finance departments.
SEE: Become digitally mature with the IT digital maturity handbook
Ramamoorthy said that many Australian businesses are struggling with a lack of digital maturity. The team at ManageEngine defines digital maturity across businesses as:
Organisations that streamline processes and data and implement rules-based automation can achieve a level of digital maturity that enables AI to leverage data and processes holistically rather than in silos.
“AI does not like data in silos,” Ramamoorthy added. “If the AI is able to see all the data in one place, then that is when it makes better predictions; when the AI sees the holistic picture, the kind of impact it has through the organisation is much different.”
The benefits of AI for cyber security flow from being able to see and interpret data across the organisation, Ramamoorthy said.
Instead of relying on isolated intelligence, AI with a broad view of an organistion’s technology and user behaviour can monitor the entire infrastructure for anomalies, including logs, authentication, user permissions, and devices, allowing for more comprehensive oversight, he added.
AI’s key advantage for cyber security lies in its ability to identify deviations from what has been established through data as normal system or user behaviour. For example, a user attempting to authenticate from an unusual location or device could be identified by an AI model.
“If you can model what is normal at a given point in time, then anything that deviates from normal can be flagged as an abnormality and can be cracked,” Ramamoorthy said. “So this multi-dimensional analysis approach of AI with past data is one of the game changers for AI in security.”
VIDEO: Improving readiness for transformative AI
With AI, browser security tools, user entity and behavioural analysis, and network monitoring can work together to track the ransomware attack throughout its lifecycle and accelerate its shutdown.
“Basically, with AI across the stack, you will be able to triage the incident and shut it down very quickly, much better than when you do a rule-based non AI system,” Ramamoorthy told TechRepublic.
Ramamoorthy expects cyber security teams will become more productive with AI, noting that the technology will help businesses train or upskill new employees.
He also acknowledged that onboarding information can be “a mess” due to constant business evolution, often resulting in outdated documentation. But AI will be able to serve this up faster to new employees.
“It will all be there, providing a perspective for a new member to get started,” Ramamoorthy said. “If they are being productive within three months right now, they’ll be productive within 15 days with the advent of AI, so that will result in more productive employees being very informed.”
Ramamoorthy believes cyber security as a discipline may not opt for complete automated remediation.
However, AI will be able to triage cyber security incidents and provide teams with the next best actions, allowing the “human in the loop” to make better decisions and enhance response times.
“You are presenting the human with the next-best action given the current circumstances,” he explained. “If there are 500 different variables, it is answering the question, ‘What is the next best action that you can do?’”
The next two to three years will see the adoption of AI agents within cyber security, Ramamoorthy said.
“AI agents will be the missing link bringing LLMs to enterprises, because they connect the semi-structured data with the structured information that is already present in the IT enterprise,” he said.
This will expand to increasing amounts of unstructured information over time.
“Today, data has to be semi-structured to get some relevance,” Ramamoorthy noted. “As our data processing capabilities increase, with more unstructured information, AI will still be able to make stronger decisions. That’s where we see the technology going in the next five to 10 years.”