The evolution of cybersecurity in the age of generative AI

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

It’s no secret that Artificial Intelligence (AI) is currently revolutionizing every industry, and that includes cybersecurity. However, this revolution can produce some unwanted outcomes, such as hijacking by unscrupulous and malicious Generative AI models. For instance, when ChatGPT was first introduced in 2022, it took the world by storm. Since then, we have seen replicas of ChatGPT introduced on the dark web to facilitate a new era of highly malicious and AI-driven attacks.

Now given the advancements of Generative AI, attacks are being deployed within the speed of seconds and minutes – not days or weeks – which is far beyond human capacity to detect and respond to. In fact, according to Secureworks Counter Threat Unit cybercriminals are deploying ransomware within a day from the initial point of infiltrating an organization. This time has dropped significantly in 2023 down from 4.5 days in 2022 and 5.5 days the year before that.

Unfortunately, the majority of organizations are not well placed to combat these new threats, as they are not investing in the most cost-efficient and effective cybersecurity solutions. When we consider that worldwide spending on security solutions and services is forecast to be $219 billion in 2023 – yet, during the first quarter of 2023, more than six million data records were exposed worldwide through data breaches – this is a concerning outlook.

So, what can businesses do to end this cycle and gain the most value out of their cybersecurity investments? Half the battle is understanding AI and how it is being used by both attackers and defenders to augment their capabilities.

Daniel Valle

Senior Vice President for GSP International at WWT (World Wide Technology).

What AI can build – it can destroy

Used maliciously, AI creates chaos. From deep fakes to social engineering, and malware creation– there are all kinds of scams this technology can help to develop.

Looking at Generative AI specifically, malicious Gen-AI models can take advantage of enhanced attack automation – especially when this technology makes everything significantly cheaper and quicker. There is also real concern on the social engineering front, as AI can help to deliver highly sophisticated, genuine looking emails to be used as part of targeted attacks like spear-phishing or generic phishing campaigns, including voicemail and chat messages. For example, many phishing attempts today are readily identified by bad grammar or spelling. AI will allow malicious, Gen-AI models, to quickly review and edit the emails to appear more credible before sending them. As this technology advances, organizations can also expect to see more high-quality and realistic deepfake video content.

AI is also being used for polymorphic malware. This enables the development of highly changeable threat code variants, and malware packages that constantly change to evade detection by current security tools. This may shift the power balance to the attackers as the defense struggles to keep up in updating use-cases and configuration of its preventive and detective security controls.

Fight fire with fire

Solving the challenge by hiring more skilled resources or changing methods of hybrid working, simply won't be enough to combat these AI challenges. As a result, organizations HAVE to take action. Generative AI itself can be part of the solution so organizations NEED these tools – as there is no other option to keep assets safe.

The good news is customers can already protect themselves through working with OEMs, to leverage AI to enhance its own threat visibility, detect and response capabilities dramatically with the lowest operational overhead and yield positive results relatively faster than how it used to exist before the Generative AI era.

On the threat detection front, Generative AI tools can understand the behavioral patterns of users and objects on the network in order to identify malicious Gen-AI models. This can support organizations in scaling the capabilities of their existing security teams, enabling the analysis of massive amounts of unstructured data in real or near real-time to detect and predict potential threats that are beyond the human analyst capabilities to identify. In addition, tools such as crowd-sourced cyber threat intelligence sharing and AI powered behavioral analytics can aid businesses in building a stronger proactive cyber defense strategies.

However, a lot of this is easier said than done. AI can be a broad term and with a wide range of AI solutions on the market, it can be tricky knowing which solution will make a real difference in improving security posture. That’s why it’s imperative that partner exposure and support is used so organizations can address specific challenges and secure digital assets in a scalable and future-proof fashion.

Generative AI is here to stay - how to secure the AI-powered future?

According to SecureWorks Ransomware Evolution Analysis, over the last couple of years, we have witnessed a significant increase in ransomware attacks and the manifestation of the ransomware-as-a-service utilizing more of the malicious Gen-AI models, to help orchestrate and profit from a higher frequency of successful ransomware attacks. Generative AI models such as FraudGPT, WarmGPT and many more that are frequently introduced on the Darkweb.

So, to prepare for the impact of Generative AI on ransomware and the cybersecurity landscape, organizations should consider the following three key actions:

1. First, businesses need to embrace AI as a key foundation of its cybersecurity strategy. As highlighted above, AI-driven, highly automated and scripted attacks can only be defended by AI-powered threat management solutions to reduce the risk and business impact of those attacks. So, organizations need to invest in and integrate AI-driven security solutions into their existing security arsenal sooner rather than later.

2. Secondly, Generative AI as a technology is here to stay and evolve. Thus, it’s important to evaluate long-standing current security practices, and upskill engineers on AI-powered solutions, if needed. Humans are at the heart of the current AI evolution. Therefore, hiring or training IT professionals with AI knowledge will enable good decision-making and help ensure that organizations stay ahead of the AI adoption curve and potential risks.

3. Finally, organizations need to stay open minded to advancing AI challenges and rethink procedures and processes if needed. To do this, organizations should regularly conduct maturity and gap assessments, evaluate current security postures, deploy controls and outline specific transitional steps that must be taken to develop a sustainable strategy to mitigate a new wave of AI-driven, automated cyber threats and multi-staged attacks like ransomware and phishing campaigns.

Therefore, it is crucial businesses learn to adapt and invest in the right cybersecurity solutions to meet current needs. In turn, this will ultimately help business to better navigate the rapidly changing threat landscape. Plus, businesses will become more resilient, productive, and competitive by embracing this digital revolution with confidence – both for now and in the future.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

Daniel Valle is Senior Vice President for GSP International at WWT (World Wide Technology).