Applying AI/ML in Cyber Defense to be Ahead of Adversaries


By Shambhulingayya Aralelemath, Associate Vice President and Global Delivery Head, Cyber Security, Infosys

Artificial Intelligence (AI) is an essential tool to fight and protect against cyber threats. Forbes estimates three out of four enterprises across the globe have prioritized AI and machine learning (ML) in their IT budgets. This trend is driven by an increasing volume of data which an enterprise must analyze to defend against cyber threats.

The cybercrime marketplace has evolved into a managed services model powered by AI, that mirrors today’s business world and which makes packaged crime more profitable and less risky. AI-powered operations now involve many types of cybercrime including botnets, distributed denial of service attacks (DDoS), credit card fraud, malware, spam, and phishing attacks.

As Forrester Research puts it: “This new era of offensive AI leverages various forms of machine learning to supercharge cyberattacks, resulting in unpredictable, contextualized, speedier and stealthier assaults that can cripple unprotected organizations.” AI products such as co-pilots are providing the power of generative AI into the hands of every person. While this holds great promise, it has also helped level the competitive playing field for bad actors.

Using AI to beat AI and non-AI powered threats

An Information Services Group (ISG) study found that 56 per cent of respondents identified the evolving threat from AI and ML as the leading security risk organizations expect over the next two years. Let’s look at some of the AI-powered threats to appreciate how it can be used for malicious intent. AI can enable more personalized phishing attempts and create highly effective and stealthier malware. Developers can utilize AI to generate hard-to-detect malware variants which can alter malware behavior if it encounters a virtual machine or sandbox. These malignant AI algorithms learn and share information via multiple nodes or increase their speed by combining various attack techniques to find the most effective options.

Today, there are multiple technology layers and much greater distances involved in basic business interactions. For instance, today, a customer in the US can call a business in France for product support and reach a technician ten thousand miles away in a coworking space in India through a cloud-based communication platform.

Authentication and authorization have become complex in this expanded attack surface. A study by Gartner found that seven out of 10 employees bypassed their organization security policies in the past 12 months. When it comes to risk factors for cybersecurity events, human error tops the list. Remote work worsens this risk by introducing unique security conditions, including unauthorized use of personal devices, increased reliance on third-party collaboration tools, a more complex network environment, and remote access infrastructure challenges.

Enterprises face an increased risk of cybersecurity threats if not equipped to defend. AI algorithms can be used to find unusual behavior and anomalies in vast amounts of data, helping enterprises create a system of detection and response to internal threats.

Cybersecurity companies are investing in AI-powered cybersecurity solutions, cloud-based security solutions, AI-based threat intelligence, AI-based automation, and generative AI-based protection to stay ahead of attackers. These investments are critical to developing effective cybersecurity solutions that can detect and respond to threats in real-time. This can free up security teams to focus on more complex tasks.

In 2023, AI security startups raised roughly $130.7 million. We will continue to see investments in AI-powered cybersecurity solutions that can detect and respond to threats in real-time and building blocks of AI such as synthetic data to train cyber security AI solutions.

Build an AI-first Cybersecurity organization for a robust security posture
An AI-first cybersecurity strategy applies AI in its security design and control and uses it to amplify the human potential by enhancing the cyber role specialization. It focuses on the following four pillars:

Amplifying defender potential: Build appropriate security controls as per each persona in the security team. Every customer, employee, partner, threat hunter, SOC operative or even the CISO will have a different persona and need.
Core AI engineering excellence: Generate actional insights by analyzing relevant data and help make data-driven decisions. Train, test, and scale AI for Cyber defense.
Responsible AI by design: Build suitable protection and privacy controls for data and AI used in the organization.
AI operating model: Create AI governance structures for better accountability, enhancing controls, and mitigating risks.

An AI-first organization can generate insights to draw inferences and setup effective guardrails around their data. It can enhance its control measures by removing the element of human error from all deployment and management processes and provide a solid foundation for their data security, privacy, governance, and compliance workflows to ensure they effectively meet their data obligations. Additionally, organizations can keep track of all the changes and transformations the data undergoes throughout its lifecycle.

With the current growth rate of cyber-crime, damage from cyberattacks will amount to about $10.5 trillion annually by 2025—a 300 percent increase from 2015 levels. Enterprises will start leveraging AI for Cyber Defence in a central role for threat hunting and assisting cybersecurity professionals in the proactive identification of potential threats. Rather than merely responding to breaches, security systems will be adept at anticipating and neutralizing threats, expanding their knowledge frontiers, elevating their cybersecurity measures and forging a proactive cybersecurity landscape.


Please enter your comment!
Please enter your name here