Can AI in cybersecurity really make a difference?

Artificial intelligence (AI) and cybersecurity are two of the biggest priorities for organizations today.

As organizations continue to invest heavily in AI, they need to ensure that investments in cybersecurity don’t take a back seat. In fact, with the rise of digital technologies and the increasing amount of sensitive data being stored online, the threat of cyberattacks is growing. These attacks have resulted in significant financial losses and highlight the need for stronger cybersecurity measures.

According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit US$8 trillion in 2023 and will grow to US$10.5 trillion by 2025. The Southeast Asian region in particular is also a hotbed for cybercriminals with continued cyberattacks being reported. Reports from various security vendors indicated a growing number of attacks on various industries in the region.

Statistics also show that 51% of attacks in 2022 targeted critical infrastructure while 49% targeted governments around the world. Cybercriminals only need about two hours in average to access data and move laterally. 78% of devices are also still unpatched even after nine months since a patch update was released.

Tech Wire Asia caught up with Abbas Kudrati, Microsoft Asia’s Chief Cybersecurity Advisor to get his views on cyberattacks in the region as well as the role AI is playing in cybersecurity, especially on how it will be a key enabler in the future of security.

The four Rs and one S in cybersecurity

When speaking to CISOs, CTOs and other security leaders, Kudrati mentioned that there is a trend in the issues organizations are facing in cybersecurity today. He refers to this trend as the four Rs and one S in cybersecurity. They are:

• Ransomware – For organizations in Southeast Asia, ransomware is still the number one threat. From identity and device security to monitoring, businesses continue to be challenged by ransomware attacks.
• Russia –There’s been an increase in nation-state hackers from Russia. While Southeast Asia is not a prime target, there are still some organizations that are being targeted by these hacking groups. Nation-state hackers don’t want ransomware payments. Instead, they are wiping data, which is a bigger problem.
• Remote work – Remote work is also a concern in the region. While some organizations have instructed employees to return to work in offices, many are still practicing remote and hybrid work. This is creating a challenge for security teams as they are unable to manage security on devices, especially for those connected to unsecured networks. Companies are now hoping to bring cybersecurity to the device itself.
• Regulators – Meeting regulatory requirements is also a challenge. For businesses that have operations in different countries, they need to manage regulations for all countries. Each nation has its own regulatory requirements. While most are similar, it still requires compliance officer checks.
• Supply chain – The supply chain is not a major threat, but is the main concern for organizations. Managing supply chain security means businesses must reduce their footprint. This includes assessing vendors and suppliers from a security point of view. Third-party vendors and operators need to show proof of their security and businesses need to ensure it’s the right information, especially if they will be working with sensitive data.

Apart from the four Rs and one S, ChatGPT is also a security concern for some organizations. Some companies have already blocked employee access to ChatGPT on company devices. But Kudrati believes this will not make much difference as employees can still use ChatGPT on their phones and other devices.

“What organizations can do is to create a set of rules and boundaries in terms of how to use it. My personal opinion is everybody in the company should be trained in basic prompt engineering. They need to know how to ask questions, what questions to ask and to verify the information which has been pulled out by their AI engine. Don’t take it as 100% accurate. There will be mistakes because it’s a learning model,” said Kudrati.

via GIPHY

AI in cybersecurity

Interestingly, Kudrati also mentioned that one of the biggest problems organizations face today when it comes to cybersecurity is dealing with many different vendors and solutions. While there is a need to protect every aspect of an organization, having too many solutions and dashboards to monitor is taking a strain on cybersecurity teams.

According to Kudrati, the current approach businesses take is too complicated. The pain points include:

• The cost of using multiple vendors
• Tools aren’t integrated or interoperable
• Threats aren’t shared across vendors
• More vendors means more management
• Each tool has their own console

“In the past, there were about 557 attacks per second. Today, we are talking about 1287 attacks per second. This translates into billions of attacks on a daily basis. And cybersecurity is complex, especially with organizations having different tools. The average organization has about 70 different consoles. But when they have an AI model, they can now look at the data across different products,” he said.

Kudrati strongly believes AI can make a difference in cybersecurity. Take Microsoft Copilot for example. Microsoft Security Copilot is the first security product to enable defenders to move at the speed and scale of AI. Security Copilot combines this advanced large language model (LLM) with a security-specific model from Microsoft. This security-specific model in turn incorporates a growing set of security-specific skills and is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.

“For AI, we are investing across the product portfolio. We have a Copilot for GitHub and Microsoft 365. Now, we are bringing Copilot to cybersecurity. As more products are integrated into the same concept or same fabric of a Copilot, it makes it easier for the organization. For example, when they search for something or they type something in a simple language into the AI engine or AI model, it looks upon the entire platform and not one area, which makes it a huge differentiator for a company like Microsoft which provides end to end visibility not only on one focus area.

When an organization is evaluating which model to use, open AI is foundational. But how are you training your larger language model? Which areas of your AI models will be looked at? Will it be that one area or the entire platform? What are the various guardrails being put up behind the scenes in terms of who owns the data? For example, in ChatGPT, you can’t use a public source and it doesn’t reference where data is coming from.

In the case of Microsoft, any prompt you create in Copilot remains with you and your own team, nobody else looks at it. This is something that really needs to be considered when you’re evaluating the AI capability from various vendors,” explained Kudrati.

Reducing the burden

A shortage of cybersecurity skills can also be solved with AI today. In the past, the average organization would require several employees to monitor various security dashboards daily to ensure there are no vulnerabilities or breaches. But now, AI is able to automate this process, allowing employees to focus on more important cybersecurity work.

Kudrati pointed out that rather than hiring engineers, a person who has a basic knowledge of cybersecurity can use an AI model or AI prompts to help them do basic tasks.

“For example, your IT team can upload the malware into Security Copilot and it will tell you what the malware is doing and create a whole flow to explain the process. Your team member can now pin that particular prompt that they have created. Even when I don’t come from an engineering background, I can look at the flow and understand it. So that’s a capability that AI can provide,” mentioned Kudrati.

At the same time, using AI will also open up the avenue for more people to work in cybersecurity. All they need to have is the basic foundation knowledge of the technology. For security professionals, by using AI, can focus more on strategy work and let the engine work its way.

While AI can enhance cybersecurity, Kudrati pointed out that cybercriminals will also look to leverage the technology to create more sophisticated cyberattacks.

“We normally train employees that if they receive a phishing email, they check the spelling, content and such. But today, using this kind of technology, a cybercriminal can craft a perfect phishing email without any spelling mistakes. It will be a very polished email. You can’t differentiate the phishing email today coming in. It’s really challenging for the defender as well to detect this. Now, we need to now train our employees in a different model.”

In the second part of our conversation with Kudrati, he discusses the challenging role of the CISO as well as why zero trust is still one of the best methods for threat detection.

---

---

---

---