AI to bridge cybersecurity talent gap: Google Cloud's Steve Ledzian

Organisations will need to use artificial intelligence (AI) to address the cybersecurity talent gap by delegating low-level threat analysis work to chatbots and machine learning so as to enable the analysts to do more complex and meaningful work, said Steve Ledzian, the chief technology officer (CTO) of Google Cloud Security at Mandiant Asia Pacific in Japan.

 

Most organisations, he said, discover cyberattacks through external entities like a law enforcement agency or a security vendor despite significant investment in internal security controls and tools.

 

“This highlights the need for better detection efficacy, efficiency, scalability, and improved telemetry retention for investigations. On the services side, there is continued demand for red teams, tabletop exercises, and compromise assessments,” he said.

 

With the help of AI, bad faith cybersecurity actors have shifted focus to edge devices such as virtual private network gateways and file-sharing appliances which typically lack endpoint detection and response capabilities, Ledzian said.

 

“These devices are internet-connected yet also link to internal networks, making them ideal hiding spots for attackers. If defenders recognise this trend early, they can implement compensatory measures, such as enhanced network detection and response (NDR) telemetry,” he said.

 

The days of organisations using the dark web for monitoring and collecting knowledge about malicious indicators of compromise such as domains and hashes will be outdated due to the use of AI, he said.

 

Though the nature of cyberattacks vary slightly between different geographies based on the digital maturity of that region, ransomware, business e-mail compromise, and supply chain attacks remained consistent globally, he said.