From deepfakes to automated attacks, AI has been enabling hackers to more effectively target victims in the past couple of years. In the new year, Asia-Pacific businesses have to bring AI into their cyber defence efforts, or it would be difficult to ward off the growing menace, say experts.
To be sure, using AI to fight AI isn’t new – it’s just that the bad guys have adopted AI so quickly that businesses must now also shore up their defences with AI to automate tasks and analyse voluminous logs, for starters.
AI-enabled cyberattacks are becoming standard practice, enhancing both the effectiveness and ability to scale for attackers, said Steve Ledzian, chief technology officer for Google Cloud Security and Mandiant in Japan and Asia-Pacific.
Ransomware and extortion remain the most disruptive threats with impact measured in tens or hundreds of millions of dollars per incident, he noted.
Facing these threats, businesses should adopt converged, AI-powered platforms that use agentic AI and threat intelligence to accelerate threat detection and investigation, he added.
AI already helps in many ways to free up human operators in what used to be mundane tasks, like writing reports and combing through large amounts of logs where system telemetry could indicate a vulnerability or an ongoing attack.
Besides these, more proactive efforts now involve using AI to find signs of an attack being set up before it occurs, so businesses can take precautions to avoid being a victim.
In this case, AI looks through large amounts of Internet domains that hackers routinely sign up to mount future attacks.
Domain name system (DNS) monitoring tools have been around but now AI is augmenting the human checks with insights that can be garnered over a long period of time – years, for example – and sniffing through a lot more data to detect anomalies.
Examining large amounts of Internet traffic, the AI can pick up nuances of threat actors’ activities and deployments on Internet domains before they set up an attack, said Paul Wilcox, vice-president for Asia-Pacific and Japan at cybersecurity firm Infoblox.
Knowing how traditional DNS tools work, hackers sometimes set up a domain for years or exfiltrate traffic in small amounts to avoid attention, he noted.
Without giving the game away, he said AI can look for certain anomalies, for example, a high frequency of requests for a domain, a domain being being spread out instead of localised or, say, a Singapore-based domain being connected to Eastern Europe.
Sometimes, human operators are brought in to assess what the AI has found, to understand the patterns and assess a possible setup for an attack, he noted, adding that domain names signed up years earlier have been discovered to be launchpads for hackers.
Indeed, such AI-assisted DNS tools from Infoblox and others are not only for servers or PCs – they also seek out threats to what are known as operational technology (OT) devices, such as air-conditioning sensors, surveillance cameras and medical devices that are connected and often left to run with little oversight.
As businesses let AI operate and control these devices autonomously, they also need to upgrade the security behind such operations, experts caution. Each device, after all, is a potential opening for a hacker.
“Since you can’t install security software on every single robot or sensor, security needs to become invisible,” said Kenneth Lai, vice-president for Asean at Internet infrastructure provider Cloudflare.
“We’ll see a massive switch to a new security model called “agent-less zero trust”, which checks the identity of every machine interaction instantly and automatically, making the whole network fabric the trusted security guard for automated equipment, he predicted.
Of course, to get there, businesses first need to get their basics right. Even as they harness new AI tools to fight new AI-powered cyber threats, they have to get their house in order to avoid making themselves a soft target.
“When incidents occur, they are rarely complex zero-days; rather, they are caused by internal, foundational failures,” said Daniel Toh, chief solutions architect for Asia-Pacific and Japan at defence and technology conglomerate Thales.
Forty-four per cent of all cloud security incidents are traced back to misconfigurations in identity and access management, he noted, referencing a recent study.
Cybersecurity leaders, he predicted, will prioritise resilience in the year ahead, with zero-trust efforts to bolster their security efforts and prepare for potential disruptions.
“The AI race will only intensify next year, but organisations cannot escape weak security foundations,” he stressed.
