NETSCOUT: How Are Cyber Threat Actors Using AI?

Darren Anstee is the Chief Technology Officer for security at NETSCOUT, a leading provider of performance management, cybersecurity, and DDoS protection solutions. In his role, Darren focuses on helping network operators, whether enterprise or service provider, manage the risks they face as technologies and business needs evolve.

The cyberthreat landscape continues to develop, with threat actors using more sophisticated attack vectors and methodologies and organisations struggling to protect themselves as they embrace hybrid multi-cloud infrastructure and hybrid working. Anstee explores the near future of cybersecurity for companies looking to tighten their belts as the global socio-economic landscape remains unsettled. 

The evolution of cyberattacks and cyber defense: AI and beyond

“Cybercriminals are likely to take advantage of artificial intelligence (AI) automation, using it to increase their success in a wide range of nefarious activities. Looking at distributed denial of service (DDoS) attacks specifically, expert systems that can optimise the attack vectors that threat actors deploy, based on reconnaissance scans and real-time performance test results, will become more mainstream,” Anstee says.

“AI is coming up more and more, with the technology already being used in lots of different ways. For example, AI is being used to isolate threat intelligence both more quickly and with greater efficacy, helping organisations to better defend themselves. Generative AI is being used to provide natural language assistance during threat analysis, helping organisations maximise the effectiveness of those in their SOC. As well as this, more ‘traditional’ AI is being used to help identify anomalies that would otherwise be missed.  All of this is expected to continue, with results improving further as we all learn more.

“However, there is a caveat – the old IT adage of ‘Garbage In Garbage Out’ still holds true. If you feed in poor data, you will likely get poor results, regardless of how sophisticated your algorithms are. To that end, where customers are looking to use AI, both for security and operations, there is an increased focus on acquiring datasets that balance collection and storage efficiency with the highest fidelity, to drive the best results from AI investment.”

Best practices for wider cyber defence 

“It is imperative for all enterprises to have an overall security strategy, broad enough to cover proactive risk identification and qualification, technology selection, and intelligence sourcing and use. It’s also key that the security technologies utilised should provide consistent visibility across the enterprise, removing blind spots at internal or external borders, and facilitating consistency through the detection, investigation, remediation, forensics and reporting workflow. Adding to this, the whole ecosystem should be as integrated as possible to reduce operational overhead and accelerate response,” he continues.

“Also, as per the Code of Practice on cybersecurity governance recently published by the UK government, the importance of an incident handling plan cannot be overestimated. This should be tested quarterly - or at worst every half year to keep it up to date – create familiarity and optimise processes.

“And, last but not least, we have to take everyone with us on the journey toward better security. Everyone must understand that they have a role to play in securing their organisation’s data and processes. This means that employees have to actually take on board the fact that failure to adhere to policies and best practices could have a significant impact on the business as a whole, as well as their career. 

“This goes beyond just clicking through an annual set of mandatory security training – this IS about culture – it’s about integrating security messages into communications from leadership, in inter-departmental reporting and into every other aspect of day-to-day business activity, so that security is always a consideration whether we are in the office, at home, or in a coffee shop.”

**************

Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand 

*************