Generative AI and Its Impact on Cybersecurity

New technologies and innovations, while exciting, can often come with risk. Take consumer banking as an example. What was an exclusive on-premises exchange became a digital transaction. That evolution delivered convenience en masse, but it also presented threats. Online banking isn’t tantamount to 'surfing the web.' A different set of protocols are needed including greater security measures such as dual factor authentication. Without some of these protections, online banking wouldn’t be viable. The same can be said about generative AI.

Generative AI’s popularity has skyrocketed in such a short amount of time, and is quickly being embraced by both startups and established organizations alike. As with any new technology, there are risks that in many cases are caught in hindsight after a breach or incident. We see this across industries such as banking.

Since we cannot ignore or terminate generative AI’s use and adoption, it’s crucial that we understand and anticipate its risks. One such risk is its impressive ability to mimic humans. The other is its potential ability to scale cyberattacks. If left overlooked, generative AI may have a significant, negative impact across industries in the cybersecurity landscape.

Human or machine?

One obvious threat is the increasing sophistication of generative AI’s natural language processing capabilities. AI can mimic speech patterns and linguistic tendencies to impersonate people and organizations. It will become more and more difficult to separate the human from the machine. Some claim that AI can already pass the Turing test. This is especially worrying when you consider the significant role that the human element plays in cyberattacks, according to Verizon’s Data Breach Investigations Report (DBIR).

Threat actors may likely use generative AI to exploit people through social engineering – a range of malicious activities that manipulate people psychologically in order to trick them into divulging sensitive organizational information. Generative AI’s developing natural language processing capabilities can be very effective in streamlining such social engineering attempts. It will also give hackers the ability to attempt cyberattacks in languages not native to them, as the AI will be able to convert language into a form that would read as the product of a native speaker.

The threat is only amplified by evolving workplace models, which complicate the managing of log-in credentials, as workers alternate between work and home, and between professional devices and personal ones.

Scaling cyberattacks

Historically, hacking has been a time-consuming, labor-intensive process requiring farms of hackers. With AI, however, threat actors can greatly reduce the time-consuming drudgery of hacking, including gathering data about a target. Nation state actors, typically better funded, will likely have the resources to invest in sophisticated AI, which will enable them to automate and scale cyberattacks across greater areas. They could attack more targets, which, if organizations fail to take countermeasures, could result in improved success rates for hackers.

The growing need for 'zero trust'

What do organizations do when they can’t tell the difference between a person and an AI? How can they trust identities, data or correspondence? The truth is, they can’t. This new reality will require a zero trust mindset, a security philosophy that demands all users be authenticated, authorized, and continuously validated.

A “never trust, always verify” approach to cybersecurity acknowledges that security threats can come from anywhere, including from within the organization. A zero trust approach isn’t limited to strict authentication of users. It applies that same level of rigor to the evaluation of applications and infrastructure, including supply chain, cloud, switches and routers.

Pandora’s Box

AI is here to stay, whether people or companies like it or not. It’s already driving change across industries, and has the potential to cause major disruption. Health care practitioners will have access to better real-time insights, manufacturers will be able to anticipate problems with machines on the assembly line, and so on. But whenever you automate processes, as you can with artificial intelligence, you run the risk of scaling mistakes, which in turn might scale exposure. That’s why we must stay vigilant as we continue to gather data from all of the emerging use cases of AI across industries.

AI is a tool, and like any tool, it can be used to help or harm. We must use AI productively while anticipating how it might be used against us.