An analysis of high-severity threats in 2023 detected by Barracuda Networks found that 66,000 incidents needed to be escalated to an analyst working in its security operation center (SOC), with 15,000 of them requiring organizations to urgently implement an immediate response.
There are, of course, millions of cyberattacks launched in a given year. The majority of the top 10 threats detected by Barracuda involved some type of identity compromise, such as suspicious logins, brute force attacks, and attackers disabling multifactor authentication.
Merium Khalid, director of offensive security for Barracuda Networks, said the issue is that cybersecurity teams find it difficult to identify which attacks are the most lethal to their specific organization. It’s simply not possible to apply the same level of resources to every potential threat without burning out cybersecurity teams. Worse yet, time winds up being spent on comparatively trivial threats at the expense of potentially more serious incidents. With the rise of AI, it’s becoming easier to classify and triage threats in ways that enable cybersecurity teams to become more efficient, noted Khalid.
Most of the cyberattacks detected could have been thwarted if patches had been applied promptly, said Kahlid. Unfortunately, too many organizations lack a consistent set of IT processes for applying patches or are concerned a patch might break an application.
However, not every patch represents the same level of potential disruption to the business, said Khalid. Organizations need to determine which patches could be routinely applied by a security operations (SecOps) team versus requiring a developer to create, test and deploy, he added.
In general, extended detection and response (XDR) platforms are increasingly using AI to detect potential threats, said Khalid. For example, detection rules can identify when two logins are more than 1,000 kilometers apart, making it all but impossible for the same person to be logging in.
AI is now also capable of identifying unusual login behavior, such as a user accessing a system after normal hours or a user who has not been recently active.
Each organization needs to upgrade its cybersecurity to take advantage of AI. In some cases, that decision is driving organizations to rely more on managed services rather than devoting resources to managing security operations (SecOps). One way or another, however, many of the manual tasks that cybersecurity teams perform today will become automated or outsourced. In an era where there are still millions of open cybersecurity positions, that shift should enable organizations to maintain cybersecurity across attack surfaces that with each passing day continue to expand.
Of course, cybercriminals are also taking advantage of advances in AI and automation to launch cyberattacks at larger scale than ever. It remains to be seen to what degree AI might benefit cybercriminals more than defenders. But it’s already apparent that there will never be enough cybersecurity expertise to level the playing field. Cybersecurity teams need to apply AI and automation in ways that don’t require a massive amount of programming expertise, which today is simply too difficult to find and retain.
Recent Articles By Author