Enhancing cybersecurity with AI: A new era for SOCs

The world is advancing rapidly, becoming increasingly interconnected. The internet has become integral to daily life, leading us to spend considerable time on digital platforms. From social media to online shopping, our personal data now sits on a vulnerable edge, exposed to both malicious attacks and accidental breaches.

This risk is underscored by the Cyber Security Agency of Singapore (CSA)’s Singapore Cybersecurity Health Report 2023, which reveals that over 80% of local organisations experienced a cybersecurity incident last year, with more than half encountering multiple incidents throughout the year.

Latest tactics employed by cybercriminals

Cybercriminals continue to innovate across sectors, adopting tactics like ransomware as a service (RaaS), supply chain attacks, zero-day exploits, and fileless malware. RaaS, for example, has broadened the scope and increased the frequency of attacks, while supply chain vulnerabilities enable breaches across multiple organisations. Exploiting zero-day vulnerabilities and fileless malware, attackers often remain under the radar, posing considerable threats while evading standard defences.

- Advertisement -

Each industry faces a distinct set of cyberthreats. In healthcare, attackers often target sensitive patient data or electronic Personal Health Information (ePHI). Financial services see threats directed at sensitive personal information (SPI) and confidential corporate data, while phishing, credential misuse, insider threats, and ransomware impact various industries. The retail sector faces risks to payment data, including payment card information (PCI) and personally identifiable information (PII). Recently, adversarial groups have also targeted industrial control systems within manufacturing and critical infrastructure sectors.

As these threats evolve, heightened vigilance, robust cyber defences, and threat intelligence sharing are more essential than ever. Attacks can arise from something as simple as an employee clicking on a “too-good-to-be-true” email or inadvertently allowing a rogue AI note-taker app into virtual meetings. In these instances, adopting proactive security measures is crucial to safeguarding organisational information and systems.

Technological advancements in cybersecurity

Advances in technology, including AI, machine learning (ML), and blockchain, have significantly bolstered cybersecurity strategies. AI enhances threat detection and analysis by scrutinising data and patterns, while ML algorithms aid in identifying and classifying malware. However, these technologies have also introduced new vulnerabilities, which attackers are quick to exploit. Common AI-driven threats include advanced evasive malware, prompt/data poisoning, and data privacy risks.

AI in security operations centres

AI is transforming security operations centres (SOCs), ushering a new era in cyber defence. SOCs are moving from traditional, reactive security methods towards proactive, predictive, and automated approaches. By leveraging AI, SOC teams can manage and neutralise threats more efficiently, reducing the time required to address critical incidents from days or weeks to mere minutes or seconds.

Consider the scenario of a sudden increase in outbound traffic detected from a single endpoint on your network. A security analyst would traditionally need to investigate this anomaly by checking logs, correlating events, navigating multiple dashboards, and potentially contacting the user for context — a process that is both time-consuming and prone to human error. In contrast, with AI and ML systems, the anomaly is automatically identified, and the system cross-references it with known threat intelligence databases. It then analyses traffic patterns to determine if the behaviour aligns with known exfiltration techniques used by cyberattackers.

If the AI system detects potentially malicious activity, it can automatically initiate a series of responses:

  • Isolate the endpoint: The AI can quarantine the affected endpoint within the network, preventing further data loss.
  • Alert the SOC team: Detailed alerts are sent to the SOC team, describing the anomaly, the affected endpoint, and initial findings.
  • Initiate a forensic investigation: The system can begin gathering forensic data, including network logs, endpoint activity, and user behaviour, to support a more thorough investigation.

By automating these processes, AI significantly reduces the response time to potential data breaches and contains the impact on critical systems and data. This allows human analysts to focus on verifying AI-driven findings and conducting deeper investigations, rather than spending time on preliminary detection and containment.

Effect of Singapore regulations on cybersecurity practices

In today’s shifting cyberthreat landscape, national leaders and cybersecurity experts must prioritise adaptation. Singapore, for instance, has updated its Cybersecurity Act, requiring organisations to conduct risk assessments, revise incident response plans, invest in cybersecurity technologies, provide training and awareness programmes, and engage with regulators in critical sectors.

The Cyber Security Agency of Singapore (CSA) has issued the Cybersecurity Codes of Practice (CCoP) to guide the regulation of critical information infrastructure (CII) owners, as outlined in the Cybersecurity Act. Further reinforcing the nation’s cyber defence, CSA has partnered with private entities, facilitating collaborative efforts on cyber intelligence sharing and technical cooperation for research and solution development.

These measures help organisations strengthen their cybersecurity posture, reduce risks, and ensure regulatory compliance, thus enhancing trust among clients and stakeholders.

Levelling up cybersecurity

Organisations have been diligent in providing robust defences against attacks, with cybersecurity providers offering comprehensive, threat-centric security services — from policy development to security operations and continuous improvement on a global scale with a local presence.

Threat intelligence is essential for addressing evolving cyberthreats. By taking proactive steps and employing the right tools, organisations can better withstand such challenges. Through curated threat intelligence for machine learning, cybersecurity systems can identify botnets, malicious IPs, domain reputations, application-specific threats, network issues, and IoT denial-of-service (DoS) attacks. With these proactive measures, organisations can enhance internet security, resilience, and performance, offering a safer and more reliable online environment for users globally.

Importance of threat hunting and partnerships in cybersecurity

Threat hunting is often misunderstood and underutilised within the broader cybersecurity community. Implementing threat hunting as an active defence strategy is essential for staying ahead of adversaries. This proactive approach involves actively seeking out potential threats rather than relying solely on automated systems.

Partnerships are also crucial for establishing a strong defence against cyberattacks. By collaborating with key solution providers, organisations can take preemptive steps to deter cyber threats, ensuring continuity in operations. For example, during the Tokyo Olympic Games, coordinated cybersecurity efforts blocked hundreds of millions of attempted security breaches, demonstrating the importance of robust partnerships.

International collaboration has also proven effective in curbing high-profile cyberthreats. The dismantling of Trickbot malware, a notorious banking trojan, and Emotet, a highly adaptable strain designed to steal sensitive information, highlighted the impact of combined efforts. After extensive tracking, monitoring, and intelligence sharing, Europol and its partners seized control of the Emotet network, significantly reducing its impact. This success underscores how collaboration between industry leaders and government agencies, combined with intelligence sharing, is critical for effective threat mitigation.

Conclusion

As the cybersecurity landscape evolves, proactive measures are essential to strengthen defensive capabilities. By adopting innovative strategies, investing in resilient technologies, fostering cross-sector collaboration, and prioritising cyber resilience, organisations can regain control in the asymmetric cyber landscape. Such measures are vital to safeguarding digital ecosystems, protecting critical assets, and mitigating the growing risks of cyberattacks in an increasingly interconnected world.