Book demo
20 December 2024

AI in Cybersecurity: Dell Questions the Hype

At this year’s Control24 summit, we heard a range of insightful perspectives on AI in cybersecurity. While IBM‘s Martin Borrett explored the transformative potential of AI, highlighting its dual role as both a tool and a threat, Steve Kenniston from Dell approached the topic from a different angle, focusing on foundational security practices and the importance of a balanced approach. Together, their insights provide a well-rounded look at AI’s role in today’s cybersecurity landscape.

The 90-10 Rule: Focus on What Works

Steve introduced his ’90-10 philosophy’, which proposes that 90 percent of what’s needed to secure your environment can be achieved through fundamental security practices. The remaining 10 percent accounts for newer, specialised approaches like managing prompt injection risks in Gen AI models. But he cautioned against chasing trends without solid basics in place, urging organisations to keep their focus on what has consistently worked:

  1. Reducing Attack Surface: Steve pointed out that roughly 47 percent of breaches exploit weaknesses in basic defences, threats that don’t necessarily need advanced tech to address. Core measures like multi-factor authentication, role-based access, and regular patching are still the first line of defence, effectively countering nearly half of common attacks.
  2. Detection and Response: Building on Martin’s view of AI as transformative, Steve reframed the conversation, reminding us that traditional AI-driven tools, such as MDR (Managed Detection and Response) have provided critical support for years. “AI and ML tools have been built into security solutions for decades,” he noted, emphasising the value of these existing AI solutions in reducing detection and remediation times.
  3. Recovery Readiness: Steve highlighted the importance of robust, regularly practised recovery strategies, sharing that only 37 percent of organisations currently recover from air-gapped storage, leaving a crucial resilience measure underutilised. “Practise, practise, practise,” he urged, likening it to military drills that prepare teams to respond intuitively in a real incident.

AI: A Piece of the Puzzle, Not the Whole Solution

While Martin’s talk showcased AI’s exciting potential, Steve’s approach underscored the importance of integrating AI alongside established security practices. He sees AI as one component within a broader toolkit that supports, rather than replaces, strong cybersecurity hygiene.

Steve advocates balancing automation with oversight – using AI for repetitive tasks, while maintaining human control where it counts.

Building a Unified Strategy

Steve’s advice on viewing cybersecurity as a unified framework added a valuable dimension to the discussion. Rather than compartmentalising attack surface reduction, detection and response, and recovery readiness, he encouraged assessing tools with a holistic perspective. Does a solution reduce the attack surface? Support quick detection and response? Aid recovery? This approach helps organisations avoid tool sprawl and unnecessary complexity.

A Balanced Perspective on AI’s Role

Martin Borrett and Steve Kenniston brought two equally valuable perspectives to Control24. Martin’s talk highlighted the dual nature of AI and its potential to shape the future of security, while Steve reminded us of the enduring importance of strong fundamentals. Together, their messages underscored that a resilient cybersecurity strategy isn’t about choosing between innovation and basics; it’s about finding the balance that fits your organisation.

As Steve put it,

Control24 attendees left with both the excitement of AI’s possibilities and the reassurance that foundational principles remain as relevant as ever.

Learn more about
Predatar recovery assurance