It’s 2024 and organizations are split into the cybersecurity haves and have-nots. Well-funded organizations have transformed security operations into sophisticated engineering hubs equipped with cutting-edge detection systems and specialized teams focused on orchestration and automation. Yet across the globe, millions of smaller entities struggle to keep pace. As technology rapidly advances, these under-resourced organizations find themselves increasingly exposed.
The Cybersecurity Poverty Line
By 2029, the cybersecurity scene will be transformed. The upcoming AI revolution in security operations promises a new era of resilience poised to enhance the defenses of millions of organizations. Within the next five years, we’ll witness a seismic shift in how security challenges are tackled, creating a safer, more secure digital landscape for businesses of all sizes.
A Historical Perspective on the Cybersecurity Poverty Line
The concept of a great security divide is not new. In fact, it has been around since 2011 when Wendy Nather of Cisco introduced the ‘cybersecurity poverty line’ concept to capture the stark contrast between organizations with well-functioning cybersecurity practices versus those without. Not coincidentally, 2011 was the same year that Marc Andreessen wrote an essay titled “Software Is Eating the World,” describing the rapid adoption of technology in virtually every area of business.
Over the subsequent decade, many cybersecurity teams could not protect their organizations as they digitally transformed operations. Greater digitization exposed those organizations to greater risk from cybersecurity threats, but only the privileged few could afford to mitigate that increased risk with the appropriate security controls. The divide grew, and more and more organizations fell below the cybersecurity poverty line.
Challenges Beyond Financial Constraints in Cybersecurity
Cybersecurity poverty doesn’t affect only cash-poor companies. Many large and profitable companies in the manufacturing, healthcare, and retail sectors, as well as many state and local governments are below the cybersecurity poverty line because of organizational culture and leadership priorities.
Especially for small and medium-sized businesses, the stakes are high. Many organizations have been shut down by cyberattacks over the years, and analyst Adrian Sanabria catalogs them in his Destroyed by Breach list. This list is a who’s who of breached companies that never recovered, such as the Illinois hospital St. Margaret’s Health, which closed in 2023 after it could not submit claims for 14 weeks following a ransomware attack.
How Gen AI Can Lift Organizations Out of Cybersecurity Poverty
Getting out of cybersecurity poverty is not an easy process. Organizations must find ways to elevate their information security programs without massive investments. While some may use open-source products to fill in technology gaps, they are still left with staffing challenges. Creative organizations have seen the power of Gen AI in other fields and are looking for ways to optimize and streamline workflows with Gen AI.
While Gen AI is not a cure-all for cybersecurity problems, it does address key pain points to lift thousands of organizations out of cybersecurity poverty. One way to think about Gen AI is that it gives organizations access to virtually limitless intelligence that can be applied to a specific subset of tasks. Applied to cybersecurity, Gen AI will not replace human security operations staff, but will offload several important yet time-intensive tasks that are often neglected due to time constraints.
The Practical Applications of Gen AI in Cybersecurity
Organizations below the cybersecurity poverty line are stuck there because of the limited time of their human staff. If these organizations could hire ten times more staff, their problems would be solved. But that’s obviously not possible, especially with staff and compensation at 38% of IT security budgets (the most significant portion) according to the IANS cybersecurity budget survey.
Gen AI will only help the masses of organizations in cybersecurity poverty if its applicability is widespread. Many early applications of Gen AI are narrowly focused.
Remember, it’s been less than 2 years since ChatGPT was released—we’re in the early days. So far, the application of Gen AI for cybersecurity has focused on making sophisticated tools easier to use and reduces the number of false-positive alerts. However, those vendor-specific applications primarily benefit those organizations that can already afford to purchase, implement, and maintain these tools.
An Example of How Gen AI Streamlines SOC Operations
A much more meaningful and widespread application of Gen AI for cybersecurity lies in automating the entire alert triage and investigation process, which spans multiple systems and tools. With the help of Gen AI, organizations can now investigate every alert with recursive reasoning, pulling data from internal systems such as email, directory services, identity systems, cloud providers, and even project management and collaboration software to determine the priority of alerts. Gen AI can then summarize those investigations in detailed incident reports with links to raw data as evidence, making it easier for human analysts to validate the findings. This solves a massive pain point for many organizations because triage and investigation require human expertise and reasoning - and more importantly, time - both of which are scarce resources for organizations below the cybersecurity poverty line.
Implementing Gen AI Across Different Cybersecurity Tools
Currently, Gen AI applied to high-end cybersecurity tools is like adding autonomous driving capabilities to brand-new BMWs. It’s nice, but not really helpful for most people. What if you could retrofit many types of older cars with autonomous driving technology? That’s where Gen AI will have the most impact when applied to the existing tools that organizations already have in place.
Gen AI can learn to use both proprietary and free tools frequently used in security operations such as Fishtank, Google Safebrowsing, NMAP, Nuclei, Osquery, Shodan, URLscan, VirusTotal, and Wireshark. Organizations do not need to purchase and implement big-name cybersecurity platforms to reap the benefits of Gen AI-powered autonomous alert investigations.
How Fast Can Gen AI Transform Cybersecurity?
At Dropzone AI, Gen AI-powered automation can lift thousands of organizations out of cybersecurity poverty in an unprecedented short time. With a thorough AI investigation of 100% of alerts, resource-constrained organizations can dramatically improve their cybersecurity posture. Even in its simplest forms, Gen AI technology has seen rapid adoption. Remember that ChatGPT saw the fastest user adoption in history, reaching 100 million active users in just two months. Gen AI automation will deliver even more value than ChatGPT. The key difference being that AI augmentation for SecOps is not a chatbot that only responds to user interaction. Human analysts can see significant immediate value from their AI Analyst counterparts that function autonomously.
Ease of Deployment
Deploying AI for security operations requires minimal work, easily connecting to existing tools and backend systems. Configuring the requisite API connections generally takes less than 30 minutes and can be compared to setting up a personal finance app like Mint.
The cybersecurity poverty line is a tremendous challenge facing society. As organizations become more dependent on technology, their vulnerability to cyber disruption increases. AI can bring more organizations into the “middle class” of cybersecurity. Of course, there will always be cyber “have-nots” just as there will always be companies that go out of business for one reason or another. However, AI will pull more organizations out of poverty by addressing the lack of staff resources and expertise.
If your organization is at risk of falling below the cybersecurity poverty line, it is worth investigating how AI Analysts can help. Check out our demo gallery to see how Dropzone AI investigates phishing, endpoint, network, cloud, identity, and insider threat alerts. If you like what you see we'd love to give you a demo of our solution, schedule yours today!