How firms can use AI to counter the rising AI threats

Attackers are increasingly using Artificial Intelligence (AI)-driven tools to execute stealthy, and sophisticated attacks on organisations, exploiting human behaviour and system vulnerabilities. This creates a more complex threat landscape, adding pressure on the already strained cybersecurity teams.

A recent report from market research firm International Data Corporation (IDC), commissioned by cybersecurity company Fortinet, indicates that 72% of Indian organisations faced AI-led cyberattacks in the last one year. Overall, there has been a notable increase in both the frequency and complexity of cyber threats throughout India and the Asia Pacific region, as stated in the report.

According to researchers, prevalent AI-driven threats in India encompass credential stuffing, brute force attacks, deep fake impersonation, AI-generated phishing, and polymorphic malware. Notably, merely 14% of Indian companies express high confidence in their defensive capabilities, with 36% acknowledging that AI threats exceed their detection capabilities and 21% lacking systems to monitor them.

Cybersecurity experts warn that the increasing adoption of AI is expanding the attack surface and making organisations more vulnerable. Simon Piff, research vice-president of IDC Asia-Pacific at Fortinet said that cyber threats are a constant for Indian enterprises, with attacks aimed at cloud infrastructure, software supply chains, and zero-day vulnerabilities. “While traditional threats continue to exist, emerging attacks such as insider threats and cloud misconfigurations are viewed as more detrimental,” he said.

In an interview with TechCircle in May, Mayank Upadhyay, vice president of engineering at Google Cloud Security, too noted that AI-generated exploits are becoming a reality, allowing cybercriminals to automate attacks, generate malicious payloads, and bypass traditional defenses. In such a scenario, companies are still figuring out the right guardrails to ensure safe and ethical use.

Mayank, however, highlighted the significant potential of AI to empower defenders. "AI-driven security tools can analyse extensive amounts of security logs, identify possible threats, and even automate responses. AI can manage monitoring while security teams concentrate on subsequent actions. It aids in investigation, troubleshooting, and the elimination of false alarms," he remarked.

Experts contend that while large enterprises in regulated industries are prioritising AI security, numerous organisations face challenges in effective implementation and in quantifying AI risk. Even though they recognise concerns regarding AI security, the proactive adoption of security measures is still in development, resulting in deficiencies in risk management strategies.

One of the key dangers, according to Deepen Desai, Chief Security Officer (CSO) and Head of Security Research at the American cloud security firm Zscaler, is that many companies mistakenly believe that traditional security measures are adequate, neglecting AI-specific attack vectors. He believes, to avoid such nuisance, firms should implement zero-trust AI architectures and incorporate strong governance, continuous monitoring, and least-privilege access, with CISOs assuming responsibility for AI security.

Others, like Piff, emphasise a shift towards identity security, cyber-resilience, and access control as essential strategic priorities. Furthermore, integrating security at every phase of AI deployment is vital for leveraging AI's capabilities without jeopardising data integrity, compliance, or cyber resilience, he said.

Vaibhav Dutta, Associate Vice President and Global Head of Cybersecurity Products & Services at Tata Communications asserts that businesses must focus on increasing awareness regarding the escalating cyber threats and strengthen their defenses accordingly. "We need to strike a balance between harnessing the advantages of AI and addressing its associated risks, with privacy being a paramount concern to ensure that AI systems safeguard sensitive information," he said.

Adopting a contemporary approach to security also yields advantages. For instance, AI-driven threat hunting represents a modern strategy for threat intelligence, incorporating AI, machine learning, and big data analytics to enhance threat detection and monitoring. Ram Vaidyanathan, the Chief IT Security Evangelist at the cybersecurity company ManageEngine, remarked that AI facilitates faster and more precise threat identification by learning, adapting, and responding in real time.

Vaidyanathan contends that by examining extensive datasets, AI can uncover patterns, anomalies, and threats that might elude human analysts. Its sophisticated algorithms analyse vast quantities of data in nearly real-time, allowing for the swift identification of potential threats at a scale that surpasses human capabilities.

"This enables security leaders to foresee and identify vulnerabilities before they can be exploited, automate detection processes, reduce false positives, and interpret intricate patterns," he added.