Generative AI to be a game-changer in cybersecurity: Terence Gomes
Last week, Microsoft announced a new product called Security Copilot, which leverages OpenAI’s generative AI model GPT-4 to assist security experts. As cyberattacks become more threatening, interest in leveraging more mature artificial intelligence (AI) and machine learning (ML) models is also growing. In an interview, Terence Gomes, Country Head, Security at Microsoft India, discussed the difference generative AI can make in cybersecurity, what makes cybersecurity complex, and how organizations in India are handling growing cyberattacks. Edited excerpts:
Q. Many of the modern threat intelligence solutions use AI. What additional value can the cybersecurity industry derive from generative AI?
Mainstream AI is used for analytical baselining. In almost all our security platforms where a lot of baselining happens and any anomaly gets flagged off, AI and ML are involved in the background. If there are 20 different alerts, but they all are related to one incident, we converge all that into one single incident using AI.
When you bring in generative AI as a co-pilot it can do a lot more. With generative AI you can go in and feed your queries and it can return answers fast.
So it helps you with a better investigation and faster analysis. It also prompts you to take action. Generative AI can help augment what human beings can do but at machine speed and scale. So it becomes critical in security protection, investigations, and response.
Q. How has the reaction of security practitioners to Microsoft’s Security Copilot been?
Generative AI is going to be a game-changer in the industry. It is not generally available yet, but still there is a lot of interest in it in India. I am pretty excited because I've been in this industry for the last 25 years and I can understand the frustration that practitioners have when they're dealing with security alerts and investigations. Looking at different signals, manually pulling out information and then trying to make it work would typically take more than a day or two.
Q. What is the reason for the skill shortage in cybersecurity? Do you see it being resolved anytime soon and can generative AI help?
Generative AI is going to optimize the human element, which is still required. Skill shortage is still predicted to continue. One report in India talks about 1.5 million jobs opening up in cybersecurity.
Globally we are analyzing 65 trillion signals per day, last year it was 43 trillion, and a few years back it was 6 trillion. You can imagine the number of cyber signals that are out there that we analyzed to provide insights for customers. Attackers are also evolving and coming back with newer threats and approaches.
Q. What role have regulations played in India in improving security posture?
If you look at the regulatory posture, whether it is the Reserve Bank of India (RBI) giving proactive guidance to banks, which has helped banks improve their security posture. Even CERT-IN guidelines that have come for larger organizations have driven a lot of awareness and helped in bringing management effort and prioritization, which in turn helps security practitioners to implement controls.
Many organizations I have spoken to are making a lot of effort. Their posture, if you compare it over a period of time, has improved by implementing all these guidelines.