AI is Revolutionizing Cybersecurity — But Not in the Ways You Might Think
2024-10-23 17:22:48 Author: securityboulevard.com(查看原文) 阅读量:3 收藏

From the moment OpenAI introduced ChatGPT to the public, IT professionals braced themselves for the worst. Like everyone else, they were astonished by the capabilities of these new large language models (LLMs). But unlike everyone else, they saw a harbinger of doom. The question for these professionals was not whether but how and when this technology would be deployed to breach organizational defenses.  

These concerns were — and remain — far from unfounded. Over the last few years, the number and severity of cyberattacks have only increased. Concurrent epidemics of network infiltration and malware attacks have created a permanent state of emergency. We know that whenever a new technology emerges, cybercriminals instantly begin to look for a way to leverage it. There was no reason LLMs enhanced by artificial intelligence (AI) should be any different.  

However, this year has shown that IT professionals were worrying about the wrong things. As a tool in the cybercriminal’s arsenal, AI has the potential to inflict massive damage, just not in the ways we might have expected. And as it turns out, AI is more effective as a tool to combat hackers.  

Separating fact from fiction about the threat weaponized AI poses to organizations—and understanding how it can help keep those organizations safe — is essential for maintaining a balanced security environment today.  

AI and Cybersecurity: Separating Fact From Fiction  

Let’s start with those myths.  

AWS

AWS Hub

The first and easiest to debunk is the notion that AI will put IT professionals out of work. Yes, we have seen (and will continue to see) some reskilling. But the fact is, for many years, the number of available IT jobs has vastly outstripped the number of existing qualified candidates. This is a significant part of the problem that we are discussing here. To the extent that weaponized AI threatens organizations, under-resourced IT teams are a massive liability.  

The next myth concerns what some people call “super-malware,” i.e., undetectable malware generated at scale by AI/LLMs. The great irony is that attackers and organizations deal with the same limitations. For example, to generate sophisticated malware using AI, you still need significant skills and experience. Accordingly, we might see a slight bump in AI-generated malware. But, assuming a stable pool of “qualified” attackers, it is unlikely the AI malware apocalypse that some have predicted will happen.

Finally, there is the fear that AI will make it easy for bad actors to craft “perfect” phishing emails without telltale grammatical errors, malapropisms, etc. But the fact is that bad actors got over this hurdle some time ago, as it’s been years since spelling or grammatical errors were phishing attack indicators. 

Network Infiltration is Still the Major Threat  

What should IT professionals be worried about?  

Interestingly, of the major current trends in cybersecurity, only one is directly tied to AI — namely, the proliferation of deepfakes. Just last summer, Mandiant, a Google-owned company, identified instances of cybercriminals using deepfake technology to undertake phishing scams or spread misinformation.  

However, the problems plaguing most organizations today are akin to those plaguing them long before the launch of ChatGPT. Most notably, that means network infiltration and the awful things those attacks entail, such as downtime, lost revenue, damaged reputation, etc. Other challenges include securing devices used in hybrid/remote work environments.  

How AI can Help  

We were in a much worse position a decade ago when combating these cyberthreats. Network visibility was limited: Organizations flew blind, hoping for the best and scrambling to restore order if the worst transpired.  

IT solutions have advanced to the point that we have crystal-clear visibility into internal operations. The problem is we now have too much visibility. IT teams are inundated with alerts. Some of these alerts draw attention to real problems. Many more are false alarms. The signal-to-noise ratio is alarmingly lopsided, creating a perpetual “boy who cried wolf” situation in many IT departments. In this way, notable events slip under the radar and put entire organizations at risk.  

This is where AI comes in. AI technologies can take in the enormous amount of information generated by a given network and prioritize it using machine learning, heuristics, behavioral analysis, adaptive baselining and threat intelligence. It can separate events of no consequence from events of serious urgency and instantly flag the latter to IT personnel.  

The context provided here is crucial. Instead of an undifferentiated spray of information, which can seem to IT professionals like a fire alarm going off continuously, the AI provides the information that matters along with detailed descriptions of why it matters. What does this mean? What can we do about it? How can we remediate it? AI answers these questions, radically simplifying the process of risk management. The result is that AI deployed in tandem with trained IT personnel helps reduce the time needed to detect a breach while improving the efficiency of security investigations.  

The critical point is that human judgment is still essential. Rather than replacing the IT professional, AI enhances their workflow, directing them toward the issues that genuinely need solving. This kind of automatic filtering becomes even more important considering the IT skills gap mentioned earlier. It allows overstretched IT teams to better allocate their resources and do more with less.  

AI is a fast-evolving field. There might come a time when LLMs advance to the point that attackers can leverage them at scale to highly destructive ends. Though things currently stand, the advantage belongs to the good guys. The cybersecurity revolution that began with increased network visibility has culminated in the rise of AI, which can automatically make sense of information that even the best-staffed IT departments never could. With the skills gap showing no signs of slowing down, investments in this technology are more important than ever.  


文章来源: https://securityboulevard.com/2024/10/ai-is-revolutionizing-cybersecurity-but-not-in-the-ways-you-might-think/
如有侵权请联系:admin#unsafe.sh