Monitor, alert, resolve: AI comes to the rescue as cyberattacks rise

The technology continuously monitors risks and instantly alerts organisations to protect themselves, reports Ayushman Baruah

By the time you finish reading this article, thousands of computer systems around the world would have been hacked. That’s the pace at which cyber threats are emerging.

As cybercriminals evolve their tactics and exploit vulnerabilities in increasingly sophisticated ways, the need for innovative solutions to combat them has never been greater. Fortunately, the advent of artificial intelligence (AI) and generative AI (GenAI) offers a powerful arsenal for defending against cyberattacks and protecting digital assets.   

One of the primary applications of AI and GenAI in cybersecurity is threat detection and monitoring. AI-powered systems can continuously analyse network traffic, system logs, and user behaviour to identify suspicious activities indicative of a cyberattack. AI algorithms can detect anomalies and deviations from normal behaviour and alert security teams instantly, enabling rapid response and mitigation before significant damage occurs.

For instance, Tech Mahindra, India’s fifth largest information technology (IT) services company, is leveraging AI and GenAI to build a strong cyber security posture. “AI’s dynamic capabilities enable us to monitor network traffic continuously, swiftly identify abnormal data access patterns, and recognise potential breaches early,” says Pallavi Katiyar, chief information officer, Tech Mahindra.

“We are integrating AI and GenAI capabilities in our threat detection algorithms, which are not only making our cybersecurity framework proactive and adaptive but also helping to reduce the workload of our SOC (Security Operations Centre) analysts, who are at risk of getting fatigued due to the ever-evolving threat landscape," she says.

GenAI is used to enhance cyber security measures by generating simulations of potential cyberattacks. "This allows us to prepare and refine our defence mechanisms more effectively.”

This month, L&T Technology Services (LTTS) bagged a project worth about $100 million (Rs 800 crore) from Maharashtra State Cyber Department to establish an AI-, machine learning-driven cyber security and digital threat analytics centre for improving citizens’ cyber safety and awareness. As part of the project, LTTS will help build a SOC enabled with AI and ML technologies with a skilled cyber team to protect critical infrastructure.

Cybersecurity firm Sophos is using AI to fortify itself against cyberattacks. “Using AI, we have made critical transformations to threat detection, analysis, and resolution. We deploy the technology to identify threats across official documents, executables, and command lines to emails and Android devices. Our wide range of AI models possess the ability to generate credible indicators of threats. This in turn, synergise with our human analysts, enhancing their efficiency in understanding and responding to incidents through our custom security co-pilot,” says Sunil Sharma, vice-president (VP) for sales, Sophos India and SAARC.

Approximately 35 per cent of Sophos’ global workforce is based in India, “playing a crucial role” in the research and development of services. “Our India-based SOC, which is one of our six global centres, is an essential part of our global efforts, supporting cybersecurity needs across the world,” says Sharma.

Data infrastructure company NetApp recently integrated AI and ML capabilities directly into enterprise primary storage (a centralised repository for business information) to fight ransomware in real-time. The capabilities protect organisations’ primary and secondary data whether it is stored on their premises or in the Cloud.

Cybercriminals are aiming ransomware attacks at critical infrastructure and supply chains where operational disruptions can cost millions of dollars, according to Forrester, a market research company. As a result, 87 per cent of C-suite and board-level executives ranked ransomware as a high, or the top, priority for their organisation, according to the NetApp 2023 Data Complexity report.

"In a dynamic and distributed IT environment, organisations in India need to look beyond the traditional perimeter to strengthen their cyber resilience and disaster recovery capabilities,” says Puneet Gupta, VP and managing director of NetApp, India and SAARC. “NetApp’s approach to cyber resilience is data-centric and embeds AI-driven protection directly into the storage infrastructure. It provides defence at its most critical point – where the data resides, in owned data centres or anywhere in the Cloud.”

“Today’s cyber security teams face the monumental task of protecting their companies’ data from ever-evolving threats, especially ransomware,” says Archana Venkatraman, research director, Cloud data management, IDC. “Companies looking to fortify their cyber resiliency and shifting protection left will increasingly look to vendors that take a secure-by-design approach and develop unified storage and data services.”

The rise of interconnected technologies – a network of devices, systems and applications connected to the internet and each other – is enabling enterprises to gather more data and automate processes. It also brings in new risks and challenges.

A recent Kaspersky study revealed that AI and internet of things (IoT) are used by 61 per cent and 64 per cent of companies, respectively, in the Asia Pacific region, while 28 per cent and 26 per cent of companies plan to adopt them within two years. Other interconnected technologies (augmented reality, virtual reality, 6G), are used by 8-20 per cent of companies participating in the survey, but more than 70 per cent are considering integrating them into their business processes soon.

“Interconnected technologies bring immense business opportunities but they also usher in a new era of vulnerability to serious cyber threats. With an increasing amount of data being collected and transmitted, cybersecurity measures must be strengthened. Businesses integrating AI and IoT into their infrastructure need to protect it with Container Security and Extended Detection and Response solutions, to detect cyber threats at early stages and provide effective defence,” says Ivan Vassunov, VP, Corporate products, Kaspersky. 

The industry is also grappling with an acute shortage of cyber security skills which experts say can be addressed through cross-skilling and greater collaboration between industry and academia. 

The shortage of talent ultimately also contributes to cyber burnout and fatigue among existing professionals. Leveraging AI can partly address this issue as it can significantly reduce the workload of the human workforce. According to a recent report from Sophos on ‘The Future of Cybersecurity in Asia Pacific and Japan 2024’, almost one third (31 per cent) of resignations were a result of stress and burnout, further reducing the pool of cyber experts in India.

“To help address the cyber security skills gap, we offer extensive training and have certified more than 5,000 engineers through both online and offline programs till date. Moreover, we collaborate closely with colleges, integrating cyber security modules into their curriculum to ensure students are industry-ready,” says Sharma of Sophos.

Threat perception

- 94% of organisations suffered  a cyberattack in the last year

- 93% find executing security operations tasks challenging

- 55% say cyber threats affected IT teams’ other work

- 52% say threats too advanced to deal with on their own

- 57% of IT workers worry about cyberattack on organisations

Source: Sophos report on ‘The State of Cybersecurity 2023’