But with caveats organizations and enterprises should take note of
With the Asia Pacific (APAC) lacking a total of 2.1 million cybersecurity professionals as of 2022, Kaspersky expert deep dived into how cybersecurity teams can utilize Artificial Intelligence (AI) to boost the current defenses against the fast-evolving threats in the region.
Saurabh Sharma, Senior Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, revealed that as cybercriminals can exploit the power of AI, cybersecurity teams can also make use of this technology for the good.
“As of 2022, APAC needs to meet a 52.4% cybersecurity talent gap as the region drives its digital economy. This urgent need can drive IT security teams to look into using smart machines in augmenting their organizations’ cyber defenses and AI can help in key areas like threat intelligence, incident response, and threat analysis,” said Sharma.
Threat Intelligence is a cybersecurity aspect which involves gathering relevant information about a threat actor. Sharma said AI algorithms can be used to quickly access and analyze previously published research and previously seen tactics, techniques, and procedures (TTP’s), leading to the development of a threat hunting hypothesis.
Kaspersky’s expert also revealed that for cyber incident response, AI can suggest anomalies in a provided set of logs, understand a security event log, generate how a particular security event log may look like, and suggest steps to look for an initial implant like web shell.
In terms of threat of analysis or the stage where cyber defenders try to understand the working of tools used in an attack, Sharma noted that technologies like ChatGPT can assist even in identifying critical components in a malware code, deobfuscating malicious script, and creating dummy web servers with particular encryption schemes.
Sharma, however, highlighted the limitations of AI in building and maintaining cyber defenses. He reminded enterprises and organizations in APAC:
- To focus on the augmentation of existing teams and workflows
- Transparency must be part of Generative AI exploration and application, especially when it provides incorrect information
- All interactions with Generative AI should be logged, made available for review, and maintained for the life of the products deployed in enterprises
“AI has clear benefits for cybersecurity teams, especially in automating data collection, improving Mean Time to Resolution (MTTR), and limiting the impact of any incidents. If utilized effectively, this technology can also reduce skill requirements for security analysts but organizations should remember that smart machines can augment and supplement human talent, but not replace it,” he adds.
Kaspersky will continue the discussion about the future of cybersecurity at the Kaspersky Security Analyst Summit (SAS) 2023 happening in Phuket, Thailand, from 25th to 28th October.
This event welcomes high-caliber anti-malware researchers, global law enforcement agencies, Computer Emergency Response Teams, and senior executives from financial services, technology, healthcare, academia, and government agencies from around the globe.
Interested participants can know more here: https://thesascon.com/#participation-opportunities
Liked this post? Follow SwirlingOverCoffee on Facebook, YouTube, and Instagram.