A lack of digital maturity is preventing Australian businesses from reaping the benefits of AI for cybersecurity, according to ManageEngine, an IT security, operations and service management software company.
Ramprakash Ramamoorthy, director of AI research at Zoho Corporation and ManageEngine, told TechRepublic that many local companies are struggling to achieve a return on investment in AI. Digital maturity, he explained, is the key to unlocking AI-driven benefits such as automated detection and response, as well as rapid upskilling of cybersecurity personnel.
AI ROI is impacted by digital maturity
Disconnection between systems and departments has made it difficult to achieve ROI in AI.
“There is a lot of hype around AI,” Ramamoorthy said. “Yes, there are AI solutions in many software tools today, including security ones, but it is very difficult to get a return on investment.”
Ramamoorthy added: “The trend we’ve seen is… if you give the same AI stack to three different companies, they’re going to have three very different ROIs, three very different AI experiences.”
Part of the problem is that Australian businesses often have an “interdepartmental digital divide”, meaning some departments are highly digitalised while others are not, creating a significant disconnect between departments.
“This interdepartmental digital divide is one of the main reasons why AI is not effective, and that is why we generally say that digital maturity is the first step to achieving AI maturity,” Ramamoorthy said.
Ramamoorthy said this divide exists because software vendors have traditionally sold products directly to individual business departments, such as marketing, sales or finance.
SEE: Achieve digital maturity with the IT digital maturity handbook
Digital maturity: the basis for obtaining benefits from AI
Ramamoorthy said many Australian businesses are struggling with a lack of digital maturity. The ManageEngine team defines digital maturity in businesses as:
- Have streamlined processes.
- Having rationalized business data.
- Invest in existing rules-based automation.
Organizations that optimize processes and data and implement rules-based automation can reach a level of digital maturity that enables AI to leverage data and processes holistically rather than in isolation.
“AI doesn’t like data in silos,” Ramamoorthy added. “If AI can see all the data in one place, that’s when it makes better predictions; when AI sees the holistic picture, the kind of impact it has on the organization is very different.”
Cybersecurity operations improve with complete data visibility
The benefits of AI for cybersecurity stem from the ability to see and interpret data across the organization, Ramamoorthy said.
Rather than relying on siloed intelligence, AI with a broad view of an organization’s technology and user behavior can monitor the entire infrastructure for anomalies, including logs, authentication, user permissions and devices, enabling more comprehensive oversight, he added.
AI can identify anomalies in cyber data
The main advantage of AI for cybersecurity lies in its ability to identify deviations from what has been established through data as normal system or user behavior. For example, an AI model could identify a user attempting to authenticate from an unusual location or device.
“If you can model what is normal at a given point in time, then anything that deviates from normal can be flagged as an anomaly and can be deciphered,” Ramamoorthy said. “So, this multi-dimensional analysis approach of AI with past data is one of the game-changers for AI in security.”
VIDEO: Improving readiness for transformative AI
AI can classify and respond to cyber threats
With AI, browser security tools, entity and user behavior analysis, and network monitoring can work together to track the ransomware attack throughout its lifecycle and accelerate its takedown.
“Basically, with AI across the stack, you’ll be able to triage the incident and close it very quickly, much better than when you’re using a rules-based non-AI system,” Ramamoorthy told TechRepublic.
AI will bring productivity to cyber teams in digitally mature companies
Ramamoorthy expects cybersecurity teams to become more productive with AI, noting that the technology will help companies train or upskill new employees.
He also acknowledged that onboarding information can be “chaos” due to the constant evolution of the business, often resulting in outdated documentation. But AI will be able to deliver this more quickly to new employees.
“It will all be there, providing a perspective for a new joiner to start with,” Ramamoorthy said. “If they are productive within the current three months, they will be productive within 15 days with the advent of AI, resulting in more productive employees who will be very knowledgeable.”
AI will recommend next best actions
Ramamoorthy believes that cybersecurity as a discipline cannot opt for fully automated remediation.
However, AI will be able to classify cybersecurity incidents and provide teams with the best next steps, allowing the “human in the loop” to make better decisions and improve response times.
“You’re presenting the human with the next best action given the current circumstances,” he explained. “If there are 500 different variables, you’re answering the question, ‘What’s the next best action you can take?’”
Decision-making AI agents could be the next step in cybersecurity
The next two to three years will see the adoption of AI agents in cybersecurity, Ramamoorthy said.
“AI agents will be the missing link in bringing LLMs to enterprises, because they connect semi-structured data with structured information already present in the IT enterprise,” he said.
This will extend to ever-increasing amounts of unstructured information over time.
“Today, data needs to be semi-structured to have any relevance,” Ramamoorthy said. “As our data processing capabilities increase, with more unstructured information, AI will continue to be able to make more robust decisions. That’s where we think the technology will go in the next five to 10 years.”