As the pace of technological change intensifies, so, too, does the volume and sophistication of cybersecurity threats. Cyberattacks have more than doubled since the pandemic, according to the International Monetary Fund, with the financial toll of such attacks more than quadrupling since 2017, reaching $2.5 billion. And that pace doesn’t appear to be slowing down, with a reported 74% increase in the number of ransomware attacks worldwide in 2023.

Artificial intelligence is bolstering the increase in threatening activity, but it is also a factor in strengthening security. As enterprises are learning, AI-assisted cybersecurity can be a force multiplier, enhancing an organization’s ability to protect and defend against attacks, often by detecting the kind of small anomalies that might elude a human security professional.

“At its root, security is a data problem,” says Noopur Davis, EVP, Chief Information Security and Product Privacy Officer, Comcast. “With data, we can understand the past, anticipate the future, and respond to current events, and that is where AI really helps.”

Stopping invaders

AI provides the ability to understand and analyze massive datasets, and it is already having a profound effect on how cybersecurity teams search for, and root out, specific kinds of threats.

Consider “living off the land” (LOTL) attacks, a common type of stealthy cyberattack in which intruders use legitimate software and function within a system to perform malicious actions. Because these intruders are not importing malware, leave behind no artifacts, and behave almost exactly like a normal user on a system, they are notoriously difficult to detect.

To prevent LOTL attacks, cybersecurity professionals must detect small anomalies in the eco-system—an already daunting challenge in large systems that naturally contain plenty of small anomalies that don’t necessarily represent threats. What AI can do is learn the difference between a harmless anomaly and one caused by a threat actor, then signal a human operator to investigate.

“We have built a behavior-based AI model that learns who the technical users in the system are, so we can use that model to ask, ‘Hey, why is this non-technical user trying to go to the system’s source code?’” says Davis. “That’s a perfect example of how you can use AI to find a tiny anomaly that could be a significant threat.”

Another area in which AI is improving security is reducing the time it takes to mitigate attacks once they are detected. Two key metrics by which effectiveness of cybersecurity teams is judged are their mean time to respond and mean time to mitigate. Once a threat is discovered, the time it takes to do either depends on answering certain questions, such as: Who are they? How did they get in? And what did they do once they arrived? By analyzing the data in near real-time, AI is helping security professionals significantly reduce both those metrics. Generative AI has the potential to reduce those metrics even further.

The human touch

As transformative as AI might be for cybersecurity, it doesn’t eliminate the need for human expertise. AI is a powerful accelerator for data analysis, but when it comes to things like threat intelligence—sorting pieces of the puzzle to determine who is behind a crime, what they want and where they may strike next—there is no replacement for an experienced cybersecurity professional.

But there remains a critical cybersecurity talent shortage. Globally, the industry is short about four million workers, with North America being one of the most severely affected regions, according to a 2024 report from the IMF. The result is that two-thirds of organizations worldwide are being exposed to additional risk due to a lack of qualified talent.

To reduce that risk, many CIOs and CISOs are turning to some form of managed security, whether that’s a traditional managed security service or a managed detection and response solution with an outsourced security operations center. This can help the enterprise access in-demand expertise and shift costs from capital expenditures to operational expenditures.

With the right talent at the helm, whether in-house or outsourced, Davis is confident that AI technology will ultimately give the good guys a leg up against the threat actors. Why? The good guys know their people, their companies, and their context better than the bad guys do. Cybersecurity requires vigilance, she says. “The deliberate, ongoing commitment to the development of tools, talent and execution I see in our industry keep me optimistic."

Learn more about Comcast Business Enterprise Solutions.