We asked AI to create a Cyber Security Strategy

In an era where data breaches and cyber threats loom large, a robust cyber security strategy is non-negotiable. Many organisations are turning to artificial intelligence (AI) for answers, but the limitations of this technology make it crucial to adopt a comprehensive approach.

Some organisations are starting to use AI to create cyber security strategies for their business as a way of cutting costs and leveraging emerging technology. AI can be used to highlight unusual security activities, automate routine tasks and detect patterns in data. Although these benefits can be useful to free up security experts for more complex tasks, AI should never be a standalone component in your security strategy.

Can you use AI for a Cyber Security Strategy?

1. Is a cyber security strategy developed by AI robust and reliable?
2. What are the potential implications for businesses relying on AI-generated cyber security strategies?
3. How can businesses address these challenges to safeguard their digital assets and operations?

We asked ChatGPT to create a cyber security strategy to find out. We prompted ChatGPT to create a cyber security strategy for small to medium enterprise. ChatGPT is a popular large-language model (LLM) developed by OpenAI which is trained to follow an instructed prompt and give a detailed response. 

The cyber security strategy created by AI:

Short-Term (0-6 months):

• Implement basic cyber security measures: Regular software updates, strong password policies, and employee awareness training.
• Deploy endpoint protection solutions to mitigate malware and ransomware threats.
• Conduct vulnerability scans and patch known vulnerabilities promptly.
• Establish incident response protocols to address security incidents promptly.

Medium-Term (6-12 months):

• Enhance network security with firewalls and intrusion detection systems.
• Implement multi-factor authentication (MFA) for critical systems access.
• Develop data backup and recovery plans to ensure business continuity.
• Conduct security awareness training to educate employees on cyber security best practices.

Long-Term (12+ months):

• Establish a cyber security governance framework to define roles and responsibilities.
• Conduct regular security assessments to identify emerging threats and vulnerabilities.
• Develop and test comprehensive incident response plans.
• Invest in advanced cyber security technologies like threat intelligence platforms and security automation tools.

Evaluating the quality of the AI’s Cyber Security Strategy

In an analysis of the AI’s cyber security strategy we can see that although the goals highlight the importance of cyber security measures, there is a distinct lack of specificity in the strategy.

For example, in the short-term goals, regular security reviews and data encryption should be a part of every business’ basic cyber security strategy which was not highlighted. The end-point protection type and solution features such as behaviour monitoring and real-time threat intelligence were not included. Although the strategy stresses the value of vulnerability scans, it underscores the importance of prioritised patching to effectively address critical vulnerabilities. Patching is essential to minimise external threats affecting your IT systems. Our NOC Engineers specialise in patching to ensure vulnerabilities are stopped before they impact your business.

The strategy’s medium-term elements include implementing Multi-Factor Authentication (MFA), however it overlooks stating the types of MFA methods that are most secure. While highlighting the importance of data backup and recovery plans, specifics on backup frequency and testing procedures are missing. We have experts on hand to ensure your cloud backup solution aligns with your business objectives and keeps your data secure.

The long-term goals state the importance of a Cyber security Governance Framework but overlooks the need for regular updates. As your IT support team, we stay up-to-date with evolving threats and new regulatory requirements. Although regular security assessments are mentioned, there is a lack of emphasis on third-party assessments such as Cyber Essentials. Our Cyber Security review specialises in aligning your cyber security strategy to the Cyber Essentials requirements. While investing in advanced technologies is essential, the strategy should consider potential limitations of AI-driven solutions and emphasise the need for human oversight and expertise.

Overall, while the cyber security strategy provided by AI outlines essential measures, it lacks specificity and detail in certain areas. Specifying an industry in the prompt might have produced more tailored security goals but nevertheless, the strategy still failed to address the complex understanding of cyber security required from a human perspective. Cyber security strategies need human intervention to understand nuanced business needs and apply the invaluable experience gained from working across diverse industries.

At CT, we security is at the heart of all our IT solutions. We believe cyber security strategies need human intervention to understand nuanced business needs and apply the invaluable experience gained from working across diverse industries. Drawing from our experience spanning over two decades and many different industries, we bring invaluable expertise to the table. By applying the wealth of knowledge we have accumulated, we can ensure your business receives the secure solutions it needs.