The human element in security is still needed to combat application vulnerabilities

While over half of organizations use artificial intelligence or machine learning in their security stack, nearly 60 percent are still more confident in cyberthreat findings verified by humans over AI, according to WhiteHat Security.

The survey responses of 102 industry professionals at RSA Conference 2020 reflect the need for security organizations to incorporate both AI- and human-centric offerings, especially in the application security space.

Three-quarters of respondents use an application security tool, and more than 40 percent of those application security solutions use both AI-based and human-based verification.

AI and machine learning have provided several advantages for cybersecurity professionals overall the past several years, especially in the face of the technology talent gap, which has left 45 percent of respondents’ companies lacking a sufficiently staffed cybersecurity team.

More than 70 percent of respondents agree that AI-based tools made their cybersecurity teams more efficient by eliminating over 55 percent of mundane tasks.

The benefits of the human element in security

Nearly 40 percent of respondents also feel their stress levels have decreased since incorporating AI tools into their security stack, and of those particular participants, 65 percent claim these tools allow them to focus more closely on cyberattack mitigation and preventive measures than before.

However, a majority of respondents emphasise there are skills that the human element provides that AI and machine learning simply cannot match. Despite the number of advantages AI-based technologies offer, respondents also reflected on the benefits the human element provides security teams.

Thirty percent of respondents cited intuition as the most important human element, 21 percent emphasized the importance of creativity, and nearly 20 percent agreed that previous experience and frame of reference is the most critical human advantage.

“With the growing cyberthreat landscape, it is imperative for security tools and organizations to have a combination of both AI and the human element so there can be continuous risk evaluation with verified results,” said Anthony Bettini, CTO at WhiteHat Security.

“For all its advantages, AI is still heavily reliant on humans to be successful. Human monitoring and continuous input are required if AI software is to successfully learn and adapt. This is why the human element will never be completely eradicated from the security process.”