In a world increasingly connected through the Internet, cybersecurity has remained a major concern. Take for instance - the recent case around Singapore’s unmasked identity card numbers being made publicly available. The incident underscores increasing concerns by users around the sharing of personal data – and illustrates how, if fallen into the wrong hands, it could grant bad actors privileged information or the ability to make fraudulent transactions.
In recent times, cybersecurity can get further complicated with the advancement of generative artificial intelligence (GenAI) offering malicious actors stealthier, more efficient, and increasingly successful modes of cyberattacks. Cyber criminals are now armed with the power to analyse entire organisational data infrastructures, create highly realistic fake profiles and infiltrate critical systems that house sensitive data – faster than ever.
As a result, governments and businesses are responding in kind. Across APAC, we’re seeing cyber defenders leveraging GenAI capabilities in innovative ways to help combat the rapidly evolving threat.
The other crucial weapon in their battle strategy? Real-time data streaming.
The convergence of the cutting-edge technologies of GenAI and stream processing is emerging as a powerful defence mechanism for organisations as they navigate this perilous new era – and here are three areas where imbuing a real-time element helps nip threats in the bud.
1. Real-time threat detection and response
Why it matters
A real-time threat demands a real-time response. The quicker an organisation is in identifying and reacting to a breach, the smaller the impact. However, many public service organisations are handling decades worth of legacy data, often living in silos across old and new infrastructure. As a result, they face challenges with slow data processing and data quality – preventing them from working with data in real-time.
What needs to happen
However, with the addition of GenAI-powered real-time analytics, it becomes possible to continuously monitor data streams across networks, allowing security systems to detect anomalies and potential threats the moment they occur. In other words: just in time.
GenAI can also help automate response processes all along the security chain – from recognising the threat to isolating the impacted system – reducing the time taken to contain and resolve security incidents.
Automation also has the added bonus of minimising the potential for a panicked employee to worsen the damage in the chaos of a cybersecurity attack, given the set protocol that can be implemented within the system.
Key application: Adaptive cybersecurity that leverages AI
Singapore is one country that has been leading the charge in deploying real-time threat detection and response in the APAC region.
Facing a growing number of ransomware and state-sponsored attacks, Singapore's Government Technology Agency (GovTech) has integrated AI-driven real-time analytics into its cyber framework to fortify its platforms and products. This is especially important for GovTech as the main driver of Singapore's Smart Nation initiative and public sector digital transformation.
By analysing patterns of network traffic in real time, GovTech can immediately identify anomalies like unusual data transfers or unauthorised access attempts. AI models are trained on historical data and threat intelligence to differentiate between normal and suspicious activity, through predictive analytics. This enhances the accuracy of threat detection over time, enabling GovTech to adopt an ‘adaptive security posture’ to shore up its defences against any potential attacks.
Singapore’s authorities are also in alignment with the fight on scams, supported by its Shared Responsibility Framework (SRF). These measures will require financial institutions to implement real-time fraud detection to identify unauthorised transactions, in order to protect consumers and strengthen security standards.
But what happens when bad actors produce an unprecedented method of attack? This is where AI-generated simulations, alongside manual mock-attacks by cybersecurity experts (known as ‘red teaming’), are vital to help probe for unseen vulnerabilities before they are exploited by real criminals.
2. Real-time behavioural analysis for insider threats
Why it matters
Another interesting area where data streaming is helping to fortify cyber defence is behavioural analytics. By establishing a baseline of normal behavioural patterns and activities, organisations are better positioned to identify abnormal user behaviour that could signal a cyber threat.
For example, compromised credentials are detectable when a user appears to behave differently in their account than they usually would. This illustrates the crucial need for data to be processed and analysed just in time, so that the resulting insights can be as immediate and accurate to prevent fraud or compromised devices.
What needs to happen
One use case where behavioural analytics proves to be particularly effective is insider threats in organisations that deal with high-risk information. Through always-on monitoring of user behaviour being compared against the standard behavioural profile, we can prevent both intentional and accidental attacks – and the resulting economic fallout.
Key application: Being able to monitor any unusual behaviour or anomalies across the network
A bank, for example, could use AI to monitor employee activities across its network. By looking at information related to login times, file access patterns, and data transfers, the AI system can recognise unusual behaviour that may suggest an insider threat. If an employee suddenly begins accessing sensitive files outside of normal working hours, it can be flagged immediately for further investigation.
3. Real-time threat intelligence sharing to fight APTs
Why it matters
In APAC, cybersecurity threats often cross-national borders. The ability to share threat intelligence in real time is therefore crucial. As cyberattacks grow more sophisticated, cyber defenders must scrutinise ever larger and more complex sets of data from a wider range of sources – making cross-government collaboration increasingly important.
What needs to happen
The ease and speed with which GenAI and data streaming can correlate data from various sources translates into a highly comprehensive view of an expansive threat landscape for organisations. Different organisations can work together in real-time to signal, monitor and act upon cybersecurity threats.
Key application: Sharing intelligence and learning from threat patterns
One such example includes the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE), which leverages AI to facilitate the sharing of threat intelligence among ASEAN’s 10 member states. It scours data streams from participating countries to identify patterns that suggest coordinated attacks or emerging threats. This intelligence is then shared in real-time with other member states, allowing them to take proactive defence measures.
In the case of Advanced Persistent Threats (APTs) – sophisticated, long-term attacks often sponsored by nation-states or well-funded criminal groups – GenAI combined with stream processing is fundamental to spotting the needle in the haystack.
In early 2023, cybersecurity firm Kaspersky Lab’s global research and analysis team discovered that an attacker had been spying on and harvesting sensitive data from APAC government bodies with an APT called ‘Tetris Phantom.’ The entry point was an encrypted USB drive commonly used by government organisations to securely transfer data between systems.
The case of Tetris Phantom highlights the shifting nature of cybersecurity threats – what was considered secure yesterday is vulnerable today. Organisations must work together in order to match the pace of advancing cybercrime.
- Nick Dearden, Global Field CTO at Confluent
AI can help strengthen our defences
The transformative potential of GenAI and data streaming together is something I personally feel more excited about, rather than apprehensive. We’ve seen striking returns for businesses on their data streaming investments in areas like operational efficiency, customer experience, fraud detection, and the acceleration of AI/ML adoption itself.
Speed is of utmost importance in cybersecurity, if we are not vigilant, all it takes is one slip-up for perimeter walls to come crashing down. Real-time data helps detect threats in a timely manner, allowing systems to respond before any damage is done.
With greater integration of real-time data insights across business functions, married with AI systems that evolve daily, businesses and enterprises can build towards a more adaptive, resilient and responsive cybersecurity ecosystem.
Ultimately, these are tools at the disposal of both the offence and defence. It’s up to us as practitioners and decision-makers to ensure investments are going into the right infrastructure, talent and knowledge, to emerge on the winning side.
Nick Dearden is Global Field CTO, Confluent
