Every development around artificial intelligence (AI), has managed to get both sides of responses – positive and negative, however, of late the number of criticisms seems to have risen thanks to the rise of deepfakes. With the use of AI tools, deepfakes now include images, text, videos, and voice cloning, for illegal purposes. Sometimes, all four modes of AI generation, including reactive, limited memory, theory of mind and self-aware artificial intelligence, are used simultaneously. Experts believe as per the recent conundrum around deepfakes and generative AI, this might pose a threat to humankind. “AI’s role in enhancing cybersecurity and helping us become more effective threat detection is evident in its integration into security tooling, as reported by 81% of our 2023 cybersecurity research report. However, AI is not only an enhancer but also a disruptor, as AI can pose new challenges and risks, such as adversarial attacks, fake content, and ethical dilemmas. Its accessibility has heightened the need for stringent cybersecurity, with 62% of respondents noting an increased need due to AI,” Hemanta Banerjee, VP, public cloud data services, Rackspace Technology, told FE-TransformX adding that addressing these dual facets of AI in cybersecurity needs to be addressed.
Threats AI can pose
On average, 66% of organisations worldwide were victims of a ransomware attack between March 2022 and March 2023, according to a survey conducted among cybersecurity leaders of worldwide organisations. In 2021, around 68% of survey respondents stated that artificial intelligence (AI) can be used for impersonation and spear-phishing attacks against their companies in the future. AI can also be used to enhance ransomware, which could become a real danger to companies’ IT security, as per insights from Statista, a market research firm. For industry experts in the world of cybersecurity, artificial intelligence (AI) is a double-edged sword. It’s both a powerful ally and a potential threat. “AI tools make it possible for cybercriminals with lesser skill sets to exploit new capabilities through the generation of malicious code and automated attacks. The traditional static methods employed by the cybersecurity industry are struggling to keep pace with the speed and sophistication of these threats. Moreover, the intricate web of international cybersecurity rules makes things even more complicated. This is because cyberthreats don’t care about borders or where they originate from,” Saurabh Saxena, regional vice president, OpenText, India, explained.
Industry experts believe that cybercriminals are already using AI and machine learning (ML) technology to improve their social engineering schemes, phishing attacks, automate password cracking, develop malicious code at speed, and even impersonate companies’ chatbots or online tools, among others. Recent examples of using large language models, such as ChatGPT for producing text that sounds just like a human, are leading to the spread of fake news. This January, it was pointed out that the problem lies in AI-generated influence campaigns”, which could be used by politicians to outsource their political campaigns, as per insights from arXiv, a market research platform. “ Open-source generative AI models present new opportunities to threat actors and the security teams that oppose them. Until recently, cybercriminals were held back by the sheer volume of targets and the complex mesh of vulnerabilities and exploits needed to execute a breach. Recent large language models (LLMs) have proven adept at piloting attack paths and even creating custom shellcode to be used in an attack. This means that dwell time, whether two weeks, two days, or two hours, will increasingly translate to material impact,” Omer Singer, head, cybersecurity strategy, Snowflake, said.
The road ahead
AI is believed to bring three major areas of ethical concern for society which include privacy and surveillance, bias and discrimination, and the role of human judgment, among others, as per insights from the Harvard Gazette. Earlier this month, India signed ‘The Bletchley Declaration’ along with 28 other nations, emphasising the necessity of aligning AI systems with human aims and encouraging further research into AI’s full potential. “CyberArk’s recent Threat Landscape survey, indicating a 61% expectation of AI-enabled attacks, underscores the growing risks associated with AI. CISOs are now prioritising the integration of AI into their security strategies such as AI-driven defensive measures, coupled with intelligent monitoring in security operation centres, to offer a proactive approach while also identifying and mitigating threats,” Rohan Vaidya, regional director, India and SAARC, CyberArk, highlighted.
From what it is understood, AI challenges persist with the democratisation of AI, including the easy availability of accessible tools, enabling malicious actors to experiment and innovate rapidly. As a result, the threat landscape remains consistent, but attack frequency has surged, necessitating quicker responses. “Cyber resilience, which is the ability to continue business processes and outcomes despite suffering an adverse cyber event, is fast becoming a major priority for companies as cyberattacks have become a ‘when’ and not ‘if’ reality. Therefore, companies must consider the benefits AI-powered technology capabilities can provide not just to their data security posture but their overall cyber resilience. This might eventually help to avoid malicious actors who themselves are leveraging AI for nefarious purposes,” Sathish Murthy, director of systems engineering, ASEAN, India, Cohesity, concluded.
