Redefining metrics for cyber resilience in the age of AI

Understanding how to increase enterprise cyber resilience amid major breakthroughs in AI requires fresh thinking for forward-thinking security leaders.

Technology teams must correlate their security plans with wider business priorities if they are to achieve the type of resilience needed for uncertain times.

Boosting corporate resiliency was in fact the top priority for security leaders, according to Foundry’s 2024 Security Priorities Study.^[1]

The rise of artificial intelligence gives this additional impetus. Malicious actors are using AI to improve malware and target phishing attacks.

AI can make organisations more resilient, by detecting and responding to cyber attacks and helping to plug the skills gap. As many as 49% of security leaders expect to spend more on AI-enabled technology.^[2]

Despite the importance of resilience, however, relatively few organisations measure it. And without metrics, it is hard to know how to improve.

Here, too, AI can help. “Boards understand the business value in AI and are challenging CISOs on how it is deployed in security teams,” says Jesper Olsen, CSO for EMEA North at Palo Alto Networks. “This is where they need to be better.”

Measuring resilience

Adding AI to security tooling gives security teams access to more information, more quickly.

Further down the line, AI could develop security response plans and playbooks, and even enable security systems to configure themselves, according to the most likely threats. This will speed deployment and cut down on human error.

But CSOs still need to ensure that both defensive measures and recovery plans match the business’ priorities.

“The organisation needs to manage the risks as the business sees them,” says Scott McKinnon, field CSO UK and Ireland at Palo Alto Networks. “There is an ever-expanding attack surface, and huge amount of data being collected across the organisation. We want to be able to measure the efficacy of cybersecurity controls within this context.”

This includes standard cybersecurity metrics, such as mean time to detect and mean time to respond, tracking the number of security incidents detected and resolved, and the accuracy of alerts.

But to assess resilience, enterprises must measure qualitative factors, such as the effectiveness of cybersecurity awareness programmes, and how well employees engage with security best practices.

“You need the capability to prevent or withstand a cyber incident, the ability to operate while you’re under attack and the capability to recover from it,” says Olsen. “Not all organisations are very good at understanding the efficiency of the security controls they implement.”

Defensive AI

As McKinnon points out, using AI in cyber defence is not new. But generative AI can help build resilience, by improving incident response.

“It’s basically a data problem,” he says. “The benefit of AI is you can understand a typical attack path. And that gives you the ability to defend against many attack paths. The second piece is how can you automate a response? Using AI on the defensive side could improve the outcomes significantly.”

“The more you can automate, and the earlier you can do that, the more efficient your security teams are going to be,” adds Olsen. “What we are trying to accomplish is to do as much in real time, machine to machine, as possible. Then you can go from firefighting to being more proactive.”

To be truly resilient, he says, organisations need to do all they can to be ahead of the attack.

He adds: “There’s a unique opportunity to bring together the team across the organisation, and through the power of AI, bust the siloes that exist in many organisations.”

To learn more about staying ahead of evolving cyberthreats, visit here.
____________________________________________________________________________________________________________________________________________________________

---

^[1] Foundry Security Priorities Study, 2024

^[2] Ibid