Jeevan ThankappanAI is transforming functions worldwide, and cybersecurity is no exception. With the global market for AI-powered cybersecurity solutions projected to skyrocket to $135 billion by 2030, the impact of AI on this critical field is undeniable. Today, organizations are leveraging AI alongside traditional security tools to bolster their defenses and address emerging threats effectively.
AI brings a myriad of benefits to the cybersecurity table, including the ability to detect genuine threats more accurately than human analysts, reducing false positives and enabling organizations to prioritize responses based on real-world risks. By analyzing massive volumes of incident-related data at high speed, AI allows security teams to respond swiftly, containing threats before they escalate.
Nicolai Solling, Chief Technology Officer, Help AG, says AI today plays a pivotal role in augmenting human intelligence and is a key point as we move towards more automated management of routine tasks, reshaping the operational landscape of cybersecurity. This has revolutionized how we manage technologies, products, and decision-making processes.
AI allows analysts to concentrate on more complex issues where human expertise is essential, and AI is also directly used in performing better detection and analysis of behaviour of both users, systems and processes, he says.
“The threat landscape has transformed significantly over the past decade,” says Roland Daccache, Senior Manager – Sales Engineering at CrowdStrike MEA. “Adversaries are leveraging technological innovations to break into organizations at record speeds, and they are increasingly shifting their focus to cloud and identity-based attacks. We are entering an era of a cyber arms race where AI will amplify the impact for both the security professional and the adversary. Organizations cannot afford to fall behind, and the legacy technology of yesterday is no match for the speed and sophistication of the modern adversary.”
Stefan Leichenauer, VP Engineering, SandboxAQ, says what makes AI a powerful tool in cybersecurity is its ability to learn from data. “Traditional approaches might use a mix of manual scans and rule-based processes, but AI can analyze large datasets to identify patterns and anomalies. For example, AI can monitor network traffic and look for suspicious behavior that might not be so obvious to the human eye or follow any sort of simple pattern.”
AI also offers a significant advantage over traditional methods by enabling faster detection and response to cyber threats. This is due to its ability to process and analyze massive volumes of data in real-time, allowing organizations to identify and mitigate risks with unprecedented speed and precision.
“They can analyze patterns and detect anomalies indicating a cybersecurity threat, such as unusual network traffic or suspicious user behavior – taking some of the manual load off threat analysis teams. Once a threat is identified, AI can automate the response by isolating affected systems, blocking suspicious IP addresses, or patching vulnerabilities,” says Saif AlRefai, Solution Engineering Manager at OPSWAT.
Alain Penel, Vice President – Middle East, Turkey and CIS at Fortinet, highlights AI-driven automation can ensure more swift responses to potential threats. Upon detection, automated responses can be activated to contain the threat, isolate compromised systems, and initiate incident response workflows. This, combined with adaptive learning, ensures that AI models continuously evolve to counter new threat vectors and attack methodologies.
For higher-tier threat hunters, AI facilitates algorithmic threat hunting, making it significantly easier to identify and analyze potential threats, according to Richard Seiersen, Chief Risk Technology Officer, Qualys. “However, while AI can streamline many processes, it cannot replace the nuanced reasoning and judgment of seasoned cybersecurity practitioners. Therefore, rather than replacing, the integration of AI enhances traditional methods by accelerating detection and response times, enabling teams to address threats more effectively while still relying on human expertise for critical decision-making,” he says.
Morey Haber, Chief Security Advisor, BeyondTrust, adds another perspective: “AI can detect and respond to cyber threats faster than traditional methods because of computation speed in which models can identify anomalies in vast quantities of data. For a human, threat hunting involves advanced filters, data linkage, and experience, to identify when extra information is present, attributes are incorrect, or when critical data is missing. Data analytics can perform some of these actions with signatures and rules, but AI can identify when something occurs, unlike something that has “ever” been seen before.”
When AI emerged as a significant topic in cybersecurity, many believed it would empower attackers to develop super malware capable of bypassing any cybersecurity defenses. However, this has not materialized. Malware and attacks continue to rely on the same techniques and capabilities we have historically encountered.
However, Solling says there is one area where AI has fundamentally changed our industry: the economy of producing high-quality attacks has been permanently altered, which means that we are now dealing with higher quality attacks at greater volumes, which in turn necessitates fundamental changes to the operational model for clients when they are thinking about cybersecurity.
A good example is generative AI, which, in increasingly advanced iterations, has exceptional benefits for society but is also a powerful tool to generate more sophisticated and frequent phishing attacks.
“In the region, a recent report indicated that 92% of surveyed organizations experienced at least one successful phishing breach in 2023, up from 86% the previous year. This surge is largely due to the ease with which language-processing capabilities in AI chatbots can generate convincing, automated attacks,” points out Solling.
Industry experts say it’s also important to balance the benefits of AI with the need for human oversight in decision-making.
Maintaining a balance between leveraging AI for security and upholding transparency and ethical practices is crucial for the enterprise to protect consumer interests. While AI technologies strengthen cybersecurity measures, organisations must also ensure the best possible experiences to maintain trust in the system.
“To achieve this, organisations should be transparent with consumers about their use of AI applications to protect their data and mitigate security risks. Clear consent from consumers should also be required to ensure that their data is only used for its intended purpose. Organisations should also be aware that AI algorithms can be inadvertently unfair and biased in data relating to gender, race, ethnicity, educational background, and location. These biases can lead to limited access to things like fair credit scoring, investment strategies, and customer service for certain individuals. Proper application and understanding are necessary to ensure that this is not the case,” says Penel from Fortinet.
Future trends
According to Seiersen from Qualys, we can expect significant improvements in operational and capital efficiency for defenders as AI continues to automate routine tasks and streamline processes, says Qualys. This will free security practitioners to focus on more complex challenges, particularly those involving “irreducible uncertainty”—situations where the risk cannot be fully understood through empirical data.
Leichenauer from SanboxAQ highlights one important trend of the next five years will be the rollout of quantum-resistant encryption, also known as post-quantum cryptography. This will necessitate a massive need for risk assessments and migrations to the new quantum-resistant standards, and AI will be used to assist that process. In addition, the prevalence of AI attacks will necessitate organizations rapidly moving to more secure paradigms like zero-trust architecture.
Solling from Help AG says the role of AI in automating processes will continue to expand. AI will streamline tasks like creating precise, client-ready responses by summarizing information from support tickets, allowing teams to focus on more complex, strategic issues. AI-driven security assessments, already in use, will likely become even more central to identifying vulnerabilities in clients’ environments. It’s essential for organizations to leverage AI to ensure secure software development practices, as attackers may use similar tools to exploit vulnerabilities in software.
He adds as we forge ahead in this journey through an AI-powered environment, it’s important to note that, for all their extraordinary capabilities, AI-powered applications and large-language models (LLMs) introduce new data security challenges and expand the attack surface. Just as organizations have taken advantage of AI’s ability to streamline workflows, threat actors are using the same technology for their own benefit.
Daccache from Crowdstrike believes AI has moved from its evolutionary phase to its transformative phase. Since AI-native cybersecurity seamlessly integrates different cybersecurity solutions, we can expect it to enable organizations to use the strengths of modern, cloud-native data platforms and cutting-edge AI to analyze vast datasets, identify patterns, and strengthen security posture.
“As adversaries reach new heights of attack sophistication with AI, organizations must be equipped to meet them on the battlefield with an equal, if not superior, response. Things like conversational AI will make security teams faster, more productive and help them to learn new skills, which is critical to beat the adversaries in the emerging generative AI arms race,” he concludes.
