GenAI in the hands of the good: Tech used for fighting cybercriminals

Cybersecurity experts are using the technology to train professionals and fight criminals

That generative artificial intelligence (GenAI) can be a powerful tool in the hands of cybercriminals is well documented. ‘Deepfake’ video and audio content, ransomware attacks, and sophisticated phishing emails prove how users can be manipulated.
 

A worldwide web where GenAI-powered free tools and software are easily available makes the problem worse. If GenAI has become a tool of cybercriminals, can the good guys use it for counter attacks? Yes, say cybersecurity experts.
 

Ranjeeth Bellary, partner at EY Forensics & Integrity, said his team has started using GenAI in the last six to eight months after beginning with AI.
 

“AI has been part of our systems for a long time. With GenAI we have started using data to predict malicious threats and behavioural patterns more accurately. The reason we started looking at GenAI was that after ChatGPT, the LLM models have been better in analysing suspicious criminal behaviour and malafide intent from threat actors,” he said. (ChatGPT is an AI chatbot that responds to a range of written queries; LLM is short for large language model.)
 

Bellary said his company uses GenAI at its Digital Forensics and Electronic Discovery Data Centre which analyses huge volumes of unstructured data. GenAI has been a huge improvement in detecting threats. “From an incident response investigation and threat detection point, we have seen an improvement of 30-40 per cent. We expect this to improve to 50 per cent by next year.” 
 

Saurabh Sharma, senior security researcher for global research and analysis team (GReAT) Asia Pacific at Kaspersky, said that as criminals exploit AI, cybersecurity teams are using the technology for the good.
 

Threat intelligence gathers relevant information about a potential bad actor. It uses AI algorithms to quickly access and analyse published research and previously seen tactics, techniques and procedures (TTPs) to develop a threat-hunt hypothesis, said Sharma.
 

AI can suggest anomalies in a set of logs, generate how a particular security event log may look like, and suggest remedial steps.
 

Sharma in an earlier note said that technologies like ChatGPT help in threat analysis, the stage where cybersecurity experts try to understand the working of tools used in an attack.
 

Ritesh Chopra, director for sales and field marketing, India & SAARC Countries at Norton, said GenAI can be a tool in detecting vulnerabilities – an important need as people increasingly using their electronic devices for financial transactions. “Norton Genie, which is still in beta stage, is bringing GenAI capabilities in every user's hand to detect fraud. We are trying to create an AI assistant for users' devices that help identify financial frauds and other scams,” he said.
 

India’s technology industry had about 40,000 open job opportunities for skilled cybersecurity professionals as of May 2023, according to a TeamLease report. The demand-supply gap was 30 per cent, indicating a major skill challenge in the industry. It is not just an Indian phenomenon. Asia Pacific lacked 2.1 million cybersecurity professionals in 2022, according to a recent study by Kaspersky.
 

“I do see generative AI partly solving the resource challenge that the industry is facing. Especially when it comes to threat intelligence. Most of the time an incident response and investigation analyst is scheming through tonnes of data that has come down now. Besides this becoming very mundane for an analyst over a period of time, this [role] can now be taken care of by GenAI models,” said Bellary.
 

The mundane work of scanning data daily can take a toll on cybersecurity professionals. Two in 10 of them planned to move on within the next two years, said a Trellix report last year.
 

Almost 39 per cent organisations believe that a challenge in their cybersecurity initiatives is employees lacking skills, said the 'State of Cybersecurity 2024' report by Computing Technology Industry Association (CompTIA), Some sectors that monitor data regularly are looking at GenAI seriously as part of their Incident Response and cyber security preparedness. Pharmaceuticals, information technology, and banking, financial services and insurance are among sectors that are ahead of the curve in adopting GenAI for cybersecurity.
 

Sandeep Sengupta, founder and director of Indian School of Ethical Hacking, said cybercriminals will always be a step ahead, especially with the ease of access to latest technology.
 

 “The only way to counter this is to invest more in research and development within the organisations and also by ethical hackers,” he said.
 

Bellary agreed. He expected that India Inc. will start considering cybersecurity as an investment and not a cost. “We see an increasing trend of using GenAI on marketing and R&D segment but not yet much in cybersecurity. Unfortunately, in India incident response and cybersecurity are still seen as a cost centre. Companies still feel that GenAI should be used at the business side. Digital forensic readiness and cybersecurity are still considered an afterthought,” he said.

Safe and Ready

Online safety needs tech skills. 

Here is what a report found:

> 39% organisations say employees have gaps in cybersecurity skills

> 34% lack metrics to demonstrate security effectiveness

> 34% have low understanding of  cybersecurity technology trends

> 32% organisations say they lack dedicated budgets for security

Source: State of cybersecurity 2023, Computing Technology Industry Association