22 March 2023
Reluctance to let algorithms decide on a reaction is fading. They have demonstrated their ability to learn from experts and consider the impact of their countermeasures.
Artificial Intelligence (AI) is already widely used in cybersecurity. It is mainly present in detection tools, and makes it possible to improve traditional solutions which involve knowing what you are looking for.
Learning algorithms promise to identify deviations from “normality”. They make it possible to sift not only “technical” data but also the environment by analyzing what is said on social media, the sociopolitical context or current events. This allows us to better understand the threat. We can now know the sectors of activity or the profile of the most targeted victims and get an idea of the origin of the attacks. By examining what is happening across networks and past attacks, one can understand the motivations of the attackers as well as the methods and tools used.
Just as AI provides valuable support to our analysts today, it will play an increasingly important role in incident response and response.
However, the challenges are many. The data, always more voluminous, is of varied nature but these new capacities must allow us to maintain an accurate and up-to-date risk analysis.
Just as AI provides valuable support to our analysts today, it will play an increasingly important role in incident response. Reluctance to let algorithms decide on a reaction is fading. They have demonstrated their ability to learn from experts and consider the impact of their countermeasures.
Finally, the leap forward in AI in the field of conversational agents (such as ChatGPT) should allow us to make real progress in the field of victim assistance, but also to intensify awareness-raising actions. AI has therefore not finished helping us and surprising us.
Author: José Araujo is Chief Technology Officer, Orange Cyberdefense.