AI cuts cyberattack response time, raises risks: Palo Alto's Quinn

AI has shortened ransomware attack timelines, making cybersecurity more complex and requiring firms to embed protection from the outset, says Palo Alto Networks executive

The arrival of artificial intelligence (AI) in the threat landscape has resulted in cutting down the time for a high-damage ransomware to be launched within a couple of days from the earlier timeframe of a week or 10 days, said Nicole Quinn, the vice-president for policy and government affairs in the Japan and Asia Pacific region at Palo Alto Networks. This shortened timeline has, in turn, meant that ensuring cybersecurity for all companies — especially startups and small and medium enterprises (SME) — can no longer be achieved solely through human intervention, she said. “Traditionally, cybersecurity has always been bolted on as an afterthought. With AI now in the picture, startups and SMEs have to think of cybersecurity from the start,” Quinn said, adding that most startups and SMEs often just focus on the product while losing focus on the environment, or ecosystem they operate in. In countries such as India, where the scale of operations for most companies is larger than in other regions and geographies, AI needs to be deployed at an equal scale to ensure deep-rooted protection, she said. Palo Alto Networks, among the world’s largest pure-play cybersecurity companies, believes India will need to strike a fine balance between fostering AI innovation and protecting individuals' safety. “I think a lot of it can be done by setting frameworks and guardrails. In cybersecurity, there is an element of recognising companies and organisations that do the right thing. But there should be a set of standards and frameworks that every company should be measured against,” Quinn said. The presence of these guardrails, despite companies following the best available cybersecurity practices, ensures the users’ trust in innovation and assures them that it is safe, she said. Countries worldwide also need to agree on a common minimum set of cybersecurity safety standards, despite individual nuances with respect to language and cultural differences, Quinn said. “Fundamentally, we are all trying to do the same thing, which is to secure enterprises, citizens and our economic future. Though investment in cybersecurity can sometimes be challenging, companies need the regulatory stick to ensure that there is money being put to ensure safety,” she said.