AI can be used to compromise infrastructure, collect private information from members of the public and launch social engineering attacks. But it can also be used to strengthen defences and automate processes to enhance operations – it's a double-edged sword in cyber security.
Kaspersky’s global security solutions expert Dmitry Berezin plans to elaborate on this topic at the 20th annual ITWeb Security Summit 2025 in Cape Town on 28 May at the CTICC, and in Johannesburg on 3 June at the Sandton Convention Centre.
Berezin will also focus on how AI can be used by cyber attackers to compromise the infrastructure of organisations, to solicit information from both ordinary citizens as well as experts in the field – and how this can be used in different types of social engineering attacks.
“This is just the first part. The bigger part is related to the change in technologies that are used by the hackers, because they can use next-generation AI malware, so you don’t need to be a software developer to be a keen hacker anymore,” says Berezin.
At the same time, the Kaspersky expert will talk about defence.
“It’s about how to identify if somebody is not a real person, how to know that you are under a phishing attack, and how AI-powered security tools can help security centres,” adds Berezin. “In day-to-day activities, we are using AI so widely… for example, when you are calling your bank to confirm a transaction, you are probably not talking with a real person, but with AI that is using voice recognition to confirm your identity.”
The emerging technology can be used to automate everyday tasks, from transcribing and using images in presentations by project managers, to mobile device voice assistants.
AI-powered cyber security tools
According to Berezin, AI-powered cyber security tools are crucial because one can only fight AI with AI-powered cyber security.
“Human beings are a little bit slower, they will not be able to keep the pace. AI is moving so fast and growing in so many areas that without cyber security AI, you will always be one step behind in an attack.”
This is relevant because Kaspersky is seeing a huge growth of social engineering attacks using AI.
Berezin adds: “Social engineering is not something that a security tool is good at because it is about communication with the people, and sometimes they are communicated to via Facebook, LinkedIn… something that is not controlled by the enterprise cyber security.”
While limited budgets remain a challenge, another significant obstacle is the lack of AI awareness and training within organisations.
Berezin says 60% of companies in SA lack some kind of training related to AI and related security.
“That is why I feel that the first and foremost important step is to provide this kind of training. It is not expensive and is available for enterprise and commercial customers to train people how to identify that they are under a social engineering attack or that AI is the ‘person’ they are talking with and not a real individual.”
Cyber security skills availability
The issue of cyber skills availability adds more pressure on business leaders.
Berezin agrees that the shortage of skills is a global problem, and when companies invest in upskilling their staff, they are left frustrated when these skills are head-hunted.
“The amount of information that the typical cyber security team needs to analyse these days is huge. It is terabytes of data, and you must store some information for half a year… so imagine the amount of network traffic for half a year, it is petabytes of data. Security has more challenges; they need to analyse in an automated way as much as possible, so this involves machine learning algorithms and AI.”
Berezin highlights the strategic importance of solutions that can identify and prioritise threats, which means it can reduce the workload. The same principle applies in managed detection and response (MDR), which is a cloud-based service.
The idea is to reduce the workload of the people, says Berezin.
“When using cloud-based protection, the expectation is that the vendor takes care of security aspects like monitoring, instant response and threat hunting. Automation is used extensively, given that vendors continue to use AI to reduce the amount of false positives that need to be analysed by people.”
Berezin adds that enterprise customers also want to strengthen their level of protection but are reluctant to outsource functions to cloud vendors, and would rather maintain these functions in-house.
“However, training cannot be withheld and this must be passed on to the cloud provider. There is still the need for additional training for on-the-job experience.”
Click here for more information about the summit and to register.
Share