As cyber threats continue to evolve in complexity and sophistication, the protection of critical infrastructure has become a paramount concern for businesses and governments alike. In this new era, where digital transformation is accelerating across industries, the integration of artificial intelligence (AI) is both a boon and a challenge.
AI plays a dual role in the cybersecurity battle. While AI enhances cybersecurity defenses, its potential misuse by malicious actors can introduce new vulnerabilities, Patrick Joyce, Global Resident Chief Information Security Officer at Proofpoint told iTNews Asia in an exclusive interview.
From combating sophisticated state-sponsored attacks to addressing the human factor in cyber incidents, Joyce sheds light on the challenges and strategies businesses can adopt to secure their most vital systems.
While AI isn’t a new concept, Joyce said, the recent surge in generative AI, such as OpenAI's ChatGPT, has added a layer of sophistication and speed that’s significantly impacting cybersecurity for both defenders and attackers.
AI’s ability to analyse vast volumes of data in real-time allows organisations to detect threats and respond faster than ever before. On the other side, the use of AI is dramatically changing the nature of these threats, especially in state-sponsored cyberattacks. "AI enables attackers to craft highly personalised, convincing emails that are difficult to spot," Joyce said.
The result is an increased risk of human error. "The biggest vulnerabilities in any organisation – whether in critical infrastructure or not – are often human-driven," Joyce explained. “Whether it's clicking on a bad link or exposing sensitive data by mistake, human behaviour remains one of the largest risks.”
Critical infrastructure are now more vulnerable
Critical infrastructure such as healthcare, aviation, power, and water has become an increasingly attractive target for cybercriminals. Joyce noted that while the tactics are similar to attacks on other sectors, the consequences of a successful breach can be far more severe. "If an attack on critical infrastructure succeeds, it can affect a large number of people," he said.
The most pressing vulnerabilities include outdated software, weak passwords, and poor access control. Organisations must adhere to best practices such as patching systems regularly, implementing multi-factor authentication, and continuously educating employees about the dangers of human error.
Joyce explained that businesses face a significant challenge in moving at the same speed.
Bad actors can innovate and adapt rapidly, but organisations, especially those in critical industries, often lack the resources to keep up.
- Patrick Joyce, Global Resident Chief Information Security Officer, Proofpoint
For many businesses, this means managing the balance between adopting new technologies and ensuring that those systems are protected. "AI may make things faster, but it also requires more resources – financial and human – just to stay secure," he added.
When it comes to securing industrial control systems and operational technology (OT), Joyce stresses the importance of using AI tools to monitor and protect these critical assets.
Unlike traditional IT infrastructure, OT systems often operate in a more isolated environment, making them harder to defend. However, AI’s ability to scan and monitor large volumes of data in real time can help detect anomalies and respond to threats before they escalate.
Joyce recommended that businesses invest in AI-driven solutions specifically designed to secure OT systems and ensure that their AI tools are continuously updated to address evolving threats.
Balancing AI and human oversight
While AI is becoming increasingly effective in detecting and mitigating cyber threats, Joyce believes human oversight remains crucial. "AI can miss subtle signs of an attack or misinterpret a situation, which is why human involvement is still necessary," he explained.
Organisations should aim to strike a balance between automation and human expertise. For example, AI can help by flagging potentially dangerous emails or alerting security teams about abnormal behaviour, but human analysts should always review these findings before taking action. This collaborative approach ensures that businesses can leverage AI's power while maintaining control and oversight.
As AI is integrated into more critical systems, there’s a growing concern about the protection of AI models themselves. Joyce highlighted the importance of securing the platforms and data used to train AI models. If attackers gain access to AI models or their training data, they could manipulate the AI’s decision-making processes, leading to serious security risks.
"Just like with traditional data security, it's about access control, monitoring, and scanning for vulnerabilities in the code," Joyce explained. Additionally, businesses should implement strong disaster recovery protocols to protect AI systems from being compromised.
Governments and regulatory bodies are increasingly stepping up efforts to ensure the security of critical infrastructure. Joyce pointed to the European Union’s AI Act and the US National Institute of Standards and Technology (NIST) frameworks as positive steps in the right direction.
While there is ongoing development in regulatory frameworks, Joyce believes that collaboration between the public and private sectors remains key. "The Information Sharing and Analysis Centres (ISACs) play a critical role in helping organisations share information and stay ahead of emerging threats," he said.
