Building A Layered Defense Against AI Threats

Sirjad Parakkat is the VP of Engineering for Ivanti, leading the IT Service Management, Lines of Business and Platinum Engineering Group.

I really hope no one entered the cybersecurity industry hoping to master an element of the field and sit back to coast on their accomplishments. Perhaps more than any other industry, the cybersecurity space is subject to perpetual change. Not just annually, not just quarterly, monthly, weekly or even daily—constant.

The rise of AI-enhanced cyber threats is speeding things up even further. Attackers now analyze social media data to create highly personalized phishing attempts that blend seamlessly with legitimate communications. Even more concerning, they're using deepfake audio and video for sophisticated impersonation attacks that can manipulate employees into harmful actions.

These are nuanced, impressively crafted and intricately layered attacks. And the response needs to match, if not exceed, the threat. As caregivers everywhere say to kids as the winter weather sets in, let’s layer up.

Understanding The Foundation Of Layered Security

My experience leading engineering teams has shown that effective defense begins with breaking down data silos between IT and security. The first critical layer requires establishing a clear data governance framework that defines how organizations collect, store, access and use their data.

The next layer focuses on choosing a data platform that meets several key criteria:

• Proven security capabilities at scale

• Seamless integration with existing tools

• Granular access controls at both role and attribute levels

• Comprehensive monitoring and audit functionality

The platform's monitoring capabilities should track not just what data is being accessed but how it moves through your organization. This visibility enables early detection of potential security issues before they escalate into serious incidents.

Also, by correlating data across vulnerability management, remediation and incident tracking, organizations can identify emerging threats before they materialize. This shift from reactive to proactive security represents a crucial evolution in our defensive capabilities.

Leveraging Automation For Incident Response

Speed matters in modern security. When your system detects a vulnerability, automated responses should immediately:

• Create an incident log

• Isolate affected assets

• Apply appropriate remediation

• Return systems to service once secured

This automation loop significantly reduces exposure time during security events. Of course, time is everything, especially when it comes to exposure.

What About The Human Element?

There’s still a significant shortage of highly skilled cybersecurity professionals with AI expertise. That’s a real challenge, but it’s not hopeless. I believe organizations can begin to address this via two parallel approaches: First, implement continuous learning programs that provide hands-on simulation training. These programs should adapt to individual skill levels and learning paces, ensuring security teams can practice response strategies in controlled environments. Second, AI specialists should be brought in to work alongside existing security teams. This combination of expertise strengthens your overall security posture while building internal capabilities.

Blending AI and human capabilities isn't about prioritizing one over the other; instead, it's about identifying and highlighting what each source does best. Although AI excels at processing large volumes of alerts and handling repetitive tasks, human judgment remains essential for tasks like:

• Complex incident investigation

• Root cause analysis

• Strategic decision-making

• Process refinement

• Performance monitoring

The most effective security frameworks carefully balance automation and human expertise, particularly for critical decisions. AI isn’t inherently the enemy; it can and should be used as a tool.

Building Comprehensive Assessment

This isn't a set-it-and-forget-it initiative. Remember what I said about joining the cybersecurity industry? The only constant is constant change. Regular evaluation of your security layers should include the following:

• Systematic control testing

• Refinement of automation rules

• Updates to response procedures

• Strengthened integration between components

Each layer should reinforce the others while remaining adaptable to new threats.

What’s Next?

This isn’t a theoretical threat. It’s happening as you read this. The emergence of voice-based phishing attacks using deepfake technology puts a giant flashlight beam on the urgency of implementing comprehensive protection. These attacks can manipulate employees despite traditional security training, requiring new defensive approaches.

Success in this environment requires treating each security layer as part of an interconnected system. Clear communication about AI strategy and ethical guidelines helps teams understand their role in maintaining strong protection.

Embrace the layers. Ensure thoughtful implementation and integration. Don’t neglect appropriate human oversight. The attackers are working hard. It’s time to work smart.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?