Bolstering AI-powered cybersecurity in the face of increasing threats

As we navigate the rapidly changing digital landscape, the escalation of complex cyber risks is becoming a pressing issue for those in business leadership roles. Striking a balance between the pursuit of innovation and expansion, and the rising necessity for cybersecurity is a dilemma that many are wrestling with.

In fact, the Australian Government’s new Cyber Security Strategy is entirely underpinned by helping businesses improve their ability to shield against the increase in cyber threats. However, for many organisations, implementation of these increased security measures may seem daunting when factoring in the ongoing drought of security talent across the region.

As we look to the future and contemplate innovative ways to bolster security, it’s clear that a collaborative, cross-border approach is essential to effectively protect organisations from the escalating sophistication of cybercrime in our AI-driven world.

Strategic cybersecurity investments and AI-powered defence

To outpace the evolving threat landscape driven by increased AI usage among cybercriminals, organisations must embrace a proactive stance in detection and prevention. While companies have recognised the need to allocate more budget to security investments, the challenge now is determining how that money is best spent based on their organisational risk levels and what will deliver the greatest ROI.

According to Gartner, Australian organisations are projected to allocate over $7.3 billion towards security and risk management products and services this year, reflecting an 11.5% increase compared to 2023.

Moreover, as security breaches become increasingly common, a shift in mindset is needed. In today’s threat landscape, it’s not a matter of if an organisation will be breached, but when. To combat sophisticated threats, detection measures need to be enhanced with integrated and AI-powered attack signal intelligence.

While incorporating AI into a cybersecurity strategy is a logical step, it’s important to remember that the most resilient cybersecurity investments typically combine cutting-edge technological innovations with deep expertise.

Taking a unified approach to enterprise security

In 2023, ransomware strategies progressed from capitalising on human mistakes to focusing on network infrastructure, posing a more significant hurdle for prevention and mitigation solutions. The extensive adoption of hybrid and multicloud environments has transformed all enterprises into hybrid entities, and contemporary attacks now exhibit a hybrid nature. This has rendered legacy threat detection and response solutions ineffective against the new threat landscape, underscoring the need for new threat detection coverage across the expanding hybrid attack surface.

The LockBit incident, where the gang quickly reorganised and relaunched their operations on new infrastructure following a law enforcement response, underscored a harsh reality: cybercriminals are incredibly adaptable. This incident also highlighted the critical need for businesses to maintain up to date with security measures. As LockBit conceded, the failure to update essential software was a key vulnerability that enabled law enforcement to infiltrate their operations. This serves as a stark reminder that the basics of cybersecurity hygiene, such as regular updates and patches, are fundamental in defending against threats.

Attackers typically start with the most common systems, such as Windows endpoints. As these systems become more secure and harder to exploit, they pivot to network infrastructure. When it comes to the network or other attack vectors, traditional controls are failing, leaving business leaders and their IT teams struggling to prevent lateral movement. To contend with new methods, enterprise infrastructure must be viewed as a unified target, just as attackers see it.

Real-time visibility and proactive defence

Considering the numerous vulnerabilities faced by organisations, it is crucial to implement solutions that not only safeguard against hybrid attacks but also break down silos. By integrating with endpoint detection and response (EDR) vendors, these solutions offer comprehensive visibility across the hybrid attack surface, covering both network infrastructure and endpoints.

Alex Chan, Head of IT at CPG Corporation in Singapore, explained: “Cybercrime is an industry-wide issue that’s not going away. Businesses need to take a proactive approach to securing their infrastructure and improving organisational resilience.

“Prioritising our network’s defence means having real-time visibility so we can proactively reduce risk. Intelligent threat detection technology helps our cyber team think like an attacker, understand attacker behaviour and analyse detection patterns unique to our environment. Advanced security AI also surfaces potential attacks in real time, helping us prioritise and reduce alert noise. This means our security teams can spend their time where it matters most — focusing on threats by severity.”

Prioritising threat response

Numerous organisations tout their ‘cloud-first’ approach while simultaneously maintaining substantial data centre infrastructure. However, this data centre footprint remains a critical area requiring robust protection. The truth is, attackers are indifferent to where innovation occurs: they exploit any available avenue. Therefore, ensuring comprehensive coverage against lateral movement within an organisation is paramount. Whether it’s the cloud or the data centre, safeguarding all fronts is essential.

Ultimately, for today’s security decision-makers, it’s about focusing on what’s urgent, by having the best possible view of the entire infrastructure and subsequent threats, assessed by severity and impact. This type of attack-signal intelligence ensures that security analysts can focus on responding to the most critical threats that will reduce business risk without hindering innovation.

*Chris Fisher is Regional Director, Australia & New Zealand for Vectra AI. Chris is focused on ensuring Vectra’s customers have the security foundation required to embrace new technology and lines of business, allowing them to digitally transform while reducing business risk and improving their security posture. Chris has more than 20 years of cybersecurity experience from practitioner through to strategic advisor for large organisations.

Top image credit: iStock.com/weerapatkiatdumrong