Artificial Intelligence technologies are becoming indispensable to life in the digital age. Evolving rapidly, AI is delivering unprecedented benefits to nations, businesses and people worldwide. Unfortunately, it has also become a potent tool of cyberattack, giving rise to threats such as deepfakes, social engineering, ransomware, adversarial attacks, and data poisoning, that are perpetrated at a speed, scale and efficiency beyond anything the world has known so far.
Conventional security solutions, for example, signature-based antivirus software or rule-based intrusion detection, are proving inadequate against AI-enabled cyber threats, which are becoming more sophisticated day by day. A case in point is polymorphic malware, which studies the usage pattern of antivirus and antimalware tools and writes code that escapes detection; further, it changes its shape and signature with the help of an encryption key. To be anywhere near effective against a threat of this kind, cybersecurity needs to be proactive and highly adaptive, anticipating and responding to threats as they evolve. Only AI-powered security has the required capability.
AI/ Machine Learning algorithms can process massive datasets in real-time to identify anomalous patterns – for example, an atypical surge in activity – indicative of potential threats that conventional security solutions and human experts might miss. AI-enabled security facilitates real-time monitoring of systems, enabling enterprises to anticipate risks in advance and respond to events quickly to limit the consequences. Generative AI is improving current threat detection capabilities by addressing sophisticated threats, including zero-day attacks.
From defensive to proactive, reactive to adaptive
Generative AI is enabling organisations to take a proactive and adaptive approach to cybersecurity. Not only do gen AI models continuously learn from training data, they also generate synthetic data mimicking real-world information to expand their understanding of cybersecurity risks. This allows them to stay on top of emerging threats, adapting to them as they evolve. By predicting cybersecurity events and suggesting the best solution for each scenario, AI/ gen AI solutions help enterprises transition from reactive defence to proactive protection, and remain resilient in a worsening environment.
The right threat intelligence at the right time
Threat intelligence is a crucial part of cybersecurity. The collection, analysis and dissemination of threat information allows enterprises to predict, identify and address various risks. However, threat intelligence needs to be “fresh” because its usefulness diminishes quickly with time. And it should be dynamic, so it can respond to a rapidly changing threat environment. This is why generative AI is so promising, because it can automate the entire threat intelligence value chain to make information available in real-time or at the right time to the right people. Apart from reducing Mean Time to Detect, gen AI lightens the burden of cybersecurity teams and also offers insights to bridge any knowledge gaps. However, before deploying a threat intelligence solution, an organisation should ensure it meets certain criteria. Scope makes a big difference – with IT networks spanning countries and even continents, threat intelligence should cover not just enterprise systems, but all user devices, including employees’ phones and laptops, and the systems of vendors and partners. Next, it should evolve along with the changing landscape, and be up-to-speed with prevailing best practices. A threat intelligence solution has to be automated and instantaneous to be effective, which requires it to integrate easily with the organisation’s network.
The relevance of human intelligence
An important point is that people continue to have a role in cybersecurity, even when it is automated through AI. The concern is that most organisations neglect to spread awareness of evolving risks and secure practices among employees, who are considered the weakest link in the cybersecurity chain. Employees across the ranks need to be trained to identify AI-led attacks, especially phishing and ransomware, to create a highly secure, zero-trust enterprise. Humans are also responsible for overseeing the functioning of AI cybersecurity solutions, to ensure they are making the right decisions.
