AI’s Role in Augmenting IT Security Teams in the APAC Region
With the Asia Pacific (APAC) lacking a total of 2.1 million cybersecurity professionals as of 2022, Kaspersky experts deep-dived into how cybersecurity teams can utilise Artificial Intelligence (AI) to boost the current defences against the fast-evolving threats in the region.
Saurabh Sharma, Senior Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, revealed that as cybercriminals can exploit the power of AI, cybersecurity teams can also make use of this technology for the good.
“As of 2022, APAC needs to meet a 52.4% cybersecurity talent gap as the region drives its digital economy. This urgent need can drive IT security teams to look into using smart machines in augmenting their organisations’ cyber defences and AI can do help in key areas like threat intelligence, incident response, and threat analysis,” says Sharma.
Threat Intelligence is a cybersecurity aspect which involves gathering relevant information about a threat actor. Sharma said AI algorithms can be used to quickly access and analyse previously published research and previously seen tactics, techniques, and procedures (TTP’s), leading to the development of a threat-hunting hypothesis.
Kaspersky’s expert also revealed that for cyber incident response, AI can suggest anomalies in a provided set of logs, understand a security event log, generate how a particular security event log may look like, and suggest steps to look for an initial implant like web shell.
In terms of the threat of analysis or the stage where cyber defenders try to understand the working of tools used in an attack, Sharma noted that technologies like ChatGPT can assist even in identifying critical components in a malware code, deobfuscating malicious script, and creating dummy web servers with particular encryption schemes.
Sharma, however, highlighted the limitations of AI in building and maintaining cyber defenses. He reminded enterprises and organisations in APAC:
- To focus on the augmentation of existing teams and workflows.
- Transparency must be part of Generative AI exploration and application, especially when it provides incorrect information.
- All interactions with Generative AI should be logged, made available for review, and maintained for the life of the products deployed in enterprises.
“AI has clear benefits for cybersecurity teams, especially in automating data collection, improving Mean Time to Resolution (MTTR), and limiting the impact of any incidents. If utilised effectively, this technology can also reduce skill requirements for security analysts but organisations should remember that smart machines can augment and supplement human talent, but not replace it,” he adds.
Kaspersky will continue the discussion about the future of cybersecurity at the Kaspersky Security Analyst Summit (SAS) 2023 happening in Phuket, Thailand, from 25th to 28th October.
This event welcomes high-calibre anti-malware researchers, global law enforcement agencies, Computer Emergency Response Teams, and senior executives from financial services, technology, healthcare, academia, and government agencies from around the globe.