In the world of cybersecurity, it is always a challenge to keep up with the evolving threat landscape. As we look into the future, it’s evident that artificial intelligence (AI) will play a growing role in protecting the digital assets of organisations.
By Martin Luphai, technical engagement lead: security at Altron Karabina
The adoption of technology will also allow companies to put more time into another crucial aspect of creating a safe online working environment – awareness and education.
With growing demand, it is no surprise that there is a global shortage of skilled cybersecurity talent and the picture is no different in South Africa. This unfortunately leads to situations where organisations spend on security solutions, but fail to configure the products properly, meaning that they do not stand to gain from the full benefits.
Here, the addition of AI, machine learning (ML) and automation can help companies make the most of their investment by alerting IT teams of misconfigurations or by allowing them to leverage pre-configured tools.
Indeed, AI is proving itself a powerful tool for identifying and mitigating security risks, and its importance is only set to grow. Let’s explore the AI trends in cybersecurity we can expect to see in 2024:
- Advanced Threat Detection and Mitigation – In most cases in the past, many threats would have a longer dwell time within an organisation’s digital environment before they were picked up. To counter this, AI-driven threat detection will take a huge leap in the future. These AI systems can rapidly analyse massive datasets, and spot patterns and anomalies that would be nearly impossible for human analysts to detect in a timely manner. As such, ML algorithms will become even more adept at identifying complex, polymorphic threats and zero-day attacks. We are already starting to see this technology in today’s threat detection, investigation, and response (TDIR) tools.
- AI-Powered Incident Response – AI-driven cybersecurity systems will provide real-time incident monitoring, automatic threat containment, and even autonomous decision-making for certain types of incidents. This swift response capability will help organisations mitigate risks and limit the impact of security breaches.
- Zero Trust Security – The Zero Trust model, which gained significant traction in recent years, will become the de facto approach to cybersecurity and we will see more AI playing a critical role in continuously verifying and authenticating users and devices within and outside the network. With AI-driven identity and access management, organisations can ensure that only trusted entities have access to critical resources, reducing the attack surface and enhancing security
- AI-Enhanced User and Entity Behaviour Analytics – User and entity behaviour analytics (UEBA) will continue to evolve with the help of AI and these systems will not only detect anomalies but also offer more context-aware insights. AI will improve the accuracy of UEBA by providing actions based on AI models such as user roles, sensitivity of data, and device types, leading to more precise threat detection.
- AI-Generated Threats and Adversarial Machine Learning – In a worrying trend, cybercriminals are increasingly using AI to create sophisticated and convincing threats. To counter this, AI-powered defences will employ adversarial machine learning to detect and defend against AI-generated threats. This cat-and-mouse game between AI attackers and defenders will intensify into an AI vs AI scenario.
- IoT Security and AI – The proliferation of Internet of Things (IoT) devices presents new security challenges. AI will be used to secure IoT ecosystems by monitoring and analysing the behaviour of connected devices and identifying unusual patterns that could signal potential vulnerabilities or threats.
Strengthening the human firewall
In many instances, South African organisations do not need to go out and spend more in order to benefit from AI capabilities. Rather, they need to take a closer look at their software licences and see what they get. Similar to the misconfigured security tools, here too organisations tend to be unaware that some productivity solutions come with embedded security capabilities out of the box, meaning that they do not need to deploy additional security tools.
The barrier to entry to AI is reducing further as vendors begin including some of these AI-based security capabilities with lower-tier licences as well. Of course, if organisations do not already have access to these technologies, they will need to carry out future procurement with a security-first mindset.
It is crucial to note however that as much as we are seeing a growing role for AI, security remains very much a human-centric initiative. Organisations are protecting themselves from malicious actors who are humans (even if assisted by technology) and also have to work with the humans within the organisation who have a major role to play in maintaining a safe environment.
The advent of AI-driven cybersecurity means that security experts can offload a portion of their workload to technology, and use the freed-up time to become more proactive in bolstering the organisation’s internal defences.
This includes having more free time to focus on employee awareness and education, putting in place the processes and procedures that employees are familiar with and making it easy for them to know exactly who to contact and what to do in case they have any concerns around cybersecurity, are facing some kind of cyber threat or feel they might have been compromised through social engineering attacks, phishing or more. As much as technology is advancing, the human aspect remains at the forefront of cybersecurity.