Many businesses are turning to artificial intelligence (AI) as a solution to bolster their defenses against cyber threats, according to Google.

“Generative AI is now being used to identify threats faster, handle the increased volume load of events, and better support security analysts,” said Mark Johnston, director at the Google Cloud office of the chief information security officer (CISO), during the company’s cybersecurity checkup session on Friday last week.

The Asia-Pacific region accounted for 31% of global cyberattacks last year, taking approximately 33 days to detect attacks within the system, according to reports from International Business Machines and the cybersecurity firm Mandiant.

Data from Mandiant also indicated that more than 200,000 hours a year are spent responding to cyberattacks, tracking the movements of over 3,500 threat actors.

“AI can help respond to these unprecedented challenges,” noted Mr. Johnston, emphasizing that machine learning classifiers and detection eliminated two and a half times more device attacks in Google’s online browser.

Mr. Johnston also said that security expertise can be democratized through AI and large language models, which can also improve the output of defenders in drilling down on their cybersecurity events.

“The best modern digital security comes with openness,” he said regarding the company’s expansion to reward AI research and applications for safety. “Effective risk management strategies will need to evolve with AI.”

Google’s Duet AI platform can sift through large-scale logs and normalize information for security analysts through summaries and query or script recommendations, he noted.

“We used to require very skilled software engineers to understand particular threats,” he said. “AI tools can improve detection and provide mitigation of bad pieces of code that would have previously gone undetected.”

“This will have the most significant impact on organizations that lack the experts or resources,” he added, highlighting AI’s capacity to support small businesses with limited resources.

Mr. Johnston also noted that generative AI is in its early phases of cybersecurity adoption, with APAC CISOs currently experimenting with how to improve operations without increasing risks, considering the privacy concerns associated with the new technology.

At the same time, he stressed the importance of investing in upskilling cybersecurity knowledge to address today’s problems. “AI can have a major positive impact on the security ecosystem, but only if we are bold and responsible.”

Google has offered career certificate sponsorships in India and Singapore to upskill its employees with cybersecurity knowledge.

“No single model rules them all,” he said regarding the various applications of AI in companies’ cybersecurity. “We still need to develop a system that enhances talents and capabilities.”

“Organizations require industry-wide support to embrace AI confidently and securely.” — Miguel Hanz L. Antivola