AI can supplement IT security teams in Apac
With the Asia Pacific (Apac) lacking a total of 2.1 million cybersecurity professionals as of 2022, Kaspersky expert deep dives into how cybersecurity teams can utilise Artificial Intelligence (AI) to boost the current defences against the fast-evolving threats in the region.
Saurabh Sharma, Senior Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, reveals that as cybercriminals can exploit the power of AI, cybersecurity teams can also make use of this technology for the good.
“As of 2022, Apac needs to meet a 52.4% cybersecurity talent gap as the region drives its digital economy. This urgent need can drive IT security teams to look into using smart machines in augmenting their organisations’ cyber defences and AI can help in key areas like threat intelligence, incident response, and threat analysis,” says Sharma.
Threat Intelligence is a cybersecurity aspect which involves gathering relevant information about a threat actor. Sharma says AI algorithms can be used to quickly access and analyse previously published research and previously seen tactics, techniques, and procedures (TTPs), leading to the development of a threat-hunting hypothesis.
Kaspersky’s expert also reveals that for cyber incident response, AI can suggest anomalies in a provided set of logs, understand a security event log, generate how a particular security event log may look like, and suggest steps to look for an initial implant-like web shell.
In terms of the threat of analysis or the stage where cyber defenders try to understand the working of tools used in an attack, Sharma notes that technologies like ChatGPT can assist even in identifying critical components in a malware code, deobfuscating malicious script, and creating dummy web servers with particular encryption schemes.
Sharma, however, highlighted the limitations of AI in building and maintaining cyber defences. He reminds enterprises and organisations in Apac:
• To focus on the augmentation of existing teams and workflows
• Transparency must be part of Generative AI exploration and application, especially when it provides incorrect information
• All interactions with Generative AI should be logged, made available for review, and maintained for the life of the products deployed in enterprises
“AI has clear benefits for cybersecurity teams, especially in automating data collection, improving Mean Time to Resolution (MTTR), and limiting the impact of any incidents. If utilised effectively, this technology can also reduce skill requirements for security analysts but organisations should remember that smart machines can augment and supplement human talent, but not replace it,” he adds.
