In 2022, the Asia Pacific (APAC) region faced a pressing issue—a significant shortage of cybersecurity professionals, with a staggering 2.1 million personnel gap. This deficit has propelled organizations to seek innovative solutions to strengthen their defenses against rapidly evolving cyber threats. Kaspersky, a prominent cybersecurity company, has shed light on the potential of Artificial Intelligence (AI) as a strategic ally in combating this challenge.
AI’s prominence in cybersecurity
In a recent conversation, Saurabh Sharma, Senior Security Researcher for the Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, highlighted the dual nature of AI. While cybercriminals exploit AI for malicious purposes, cybersecurity teams can harness its capabilities for the greater good. Sharma’s insights provide valuable perspectives:
Closing the Talent Gap: APAC’s drive to fuel its digital economy is happening in tandem with a daunting 52.4% cybersecurity talent shortfall in 2022. This urgent situation has led IT security teams to explore the augmentation of their cyber defenses through smart technology. AI emerges as a potent force in critical areas like threat intelligence, incident response, and threat analysis.
Enhanced Threat Intelligence: Effective threat intelligence, a linchpin of cybersecurity, necessitates collecting pertinent information about threat actors. AI algorithms empower security teams to rapidly access and analyze a wealth of published research and known tactics, techniques, and procedures (TTPs). This data-driven approach streamlines the development of robust threat-hunting hypotheses.
AI-Driven Incident Response: In cyber incident response, AI can swiftly identify anomalies within log data, interpret security event logs, generate representations of potential security incidents, and offer guidance for detecting initial cyber threats, such as web shells.
Mastery of Threat Analysis: During the crucial phase of threat analysis, where defenders aim to decipher the inner workings of attack tools, AI plays a pivotal role. Advanced technologies like ChatGPT can assist in identifying critical components within malware code, unriddling obscured malicious scripts, and even crafting dummy web servers with specific encryption schemes.
Understanding AI’s constraints in cyber defense
It is equally vital to acknowledge the limitations of AI in constructing and sustaining cyber defenses. Sharma provides essential guidance for enterprises and organizations across the APAC region:
Complementary Role- AI is a potent complement to human expertise but should not be perceived as a replacement. The primary focus should be on enhancing existing teams and workflows.
Emphasis on Transparency – In the exploration and application of Generative AI, transparency is paramount, particularly when AI systems may provide potentially inaccurate information. Maintaining transparency in AI interactions is essential.
Comprehensive Interaction Logging – All interactions with Generative AI should undergo thorough logging, making them available for review and preserving these records throughout the lifecycle of deployed products within enterprises.
Despite these constraints, AI brings clear advantages to cybersecurity teams. It excels in automating data collection, streamlining Mean Time to Resolution (MTTR), and mitigating the impact of security incidents. When effectively harnessed, AI has the potential to alleviate some of the skill requirements for security analysts.
Integrating AI into cybersecurity holds tremendous promise for the APAC region, addressing the significant talent shortage and reinforcing cyber defenses. The synergy between human expertise and AI capabilities is the key to a more secure digital future.
