Generative AI tools such as ChatGPT (and its counterparts Bing AI, and Google Bard, among countless others) have recently gone mainstream at an incredible and unprecedented pace. Almost overnight, these tools and their myriad of use cases have dominated global news headlines.
With the infinite possibilities and opportunities AI offers, there is no doubt that it will be a game-changer for businesses in our hyper-connected digital world. The US alone has shared it will invest $140 million to create seven artificial intelligence research hubs.
We are just at the tip of the iceberg when it comes to the AI revolution, with its influence akin to the invention of the Internet, smartphones, and cloud computing.
With that said swift advancements in this new technology have raised the stakes for companies looking to strike while the iron is hot and leverage these innovations for growth. Looking beyond its benefits, AI also brings challenges and risks to the table, as malicious actors are also using AI to perform nefarious tasks. The sky's the limit when it comes to AI, including questionable uses such as writing code to identify and exploit vulnerable systems, generating phishing emails tailored to victims, and even deep fakes of executives in misleading scenarios.
Against this backdrop, businesses must stay vigilant and ramp up their cyber defenses as they adopt AI into their operations. While many governments have safeguards and frameworks in place for AI adoption, businesses need to be proactive to ready themselves in the face of potential AI-run cyberattacks.
Here are three ways businesses can secure their infrastructure and assets:
Rather than be afraid of AI or struggle to match every offensive AI threat with an AI countermeasure, businesses can instead use AI to enhance the skills and abilities of their cyber security team.
This is particularly important in the cyber security field, which has continued to face shortages of skilled talent. Globally the cyber security workforce gap stands at 3.4 million. As organizations continue to digitalize, cyber security roles will steadily rise in demand. With AI, those new to the field can get help with the automation of manual, routine duties, and higher-level security engineers can enjoy greater coding and scripting capabilities.
Email continues to be the number one entry point for cyberattacks. With AI, attackers can take their social engineering and phishing tactics to the next level, making these emails hyper-realistic and easy to fall for.
It is imperative that security teams educate employees on better identifying these phishing attacks so that they don’t fall prey and enable a malicious actor to penetrate the organization’s network. This includes regular training, refresher sessions, and providing a platform to report any suspicious activity they encounter in their day-to-day activities.
Even then, human error is inevitable. On the technical end, companies can protect their employees with the use of advanced email security tools. These tools go beyond the basic filtering done by email services and can comprehensively block attacks across different vectors, even if it is coming from trusted senders or domains.
Beyond phishing emails, AI poses potential risks to company data and applications, especially as its increasingly prevalent use means greater exposure to multi-faceted attacks. For instance, Internet-facing applications used by employees are particularly vulnerable to bot and AI-driven attacks.
Organizations should move beyond protecting networks with a traditional castle-and-moat perimeter and focus instead on where data lives and how users and applications access it. This means adopting a more robust, holistic cyber security strategy – which can be achieved through a Zero Trust architecture. With a Zero Trust security model, organizations maintain strict access controls by trusting no one, even those already inside the network perimeter. This way, attackers do not get free rein over the organization’s data and applications even if they penetrate the initial network layer.
As AI use becomes more prevalent among employees, organizations should also implement acceptable use policies, technical controls, and data loss prevention measures. This will go a long way in protecting both employees and the company.
Still, in its nascent stages, generative AI has the potential to develop by leaps and bounds in the years ahead. Cyber security professionals should stay curious and experiment with these tools, in order to gain a better understanding of its use cases and be able to respond to malicious use.
AI adoption is just getting started and its infinite benefits outweigh any potential threats. However, it is important that businesses know how to use such technology safely.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
This article was originally produced for The Edge