By News Staff
Artificial intelligence is poised to fundamentally transform cybersecurity in the coming years. However, AI won't just be used for defense - it will also be leveraged by hackers and cybercriminals to launch increasingly sophisticated attacks. According to Gartner's 4 Ways Generative AI Will Impact CISOs and Their Teams, through 2025, attacks leveraging generative AI will force security-conscious organizations to lower thresholds for detecting suspicious activity, generating more false alerts, and thus requiring more - not less - human response.
"AI will become the next battleground in the cybersecurity race," says Fred Kwong, DeVry University's chief information security officer. "Not only will organizations need to invest in AI in order to compete in their respective fields, but AI will be used increasingly to target organizations."
IT leaders must start preparing now for the AI-powered threats that will define the cyber landscape in 2024. With AI, phishing emails and malware will become more targeted and convincing. AI can analyze huge amounts of data to identify each recipient's interests, habits and psychological triggers. Phishing emails will appear even more legitimate, with content and wording tailored to each individual. Malware will become stealthier, learning how to evade detection by analyzing security systems and modifying its code.
According to the latest Agency Forward survey conducted by Nationwide, 82% of respondents are concerned about the use of AI by criminals to steal someone's identity.
"While AI will supercharge many existing threats, it will also enable new types of attacks. Already we have seen dedicated AI models for use within the dark web," adds Kwong.
For example, AI can mimic a person's voice or writing style to impersonate them or generate synthetic media like deepfakes. Hackers could use AI to crack passwords, launch automated hacking attempts, or find software vulnerabilities to exploit.
"These AI-enabled threats require an AI-based defense," says Kwong. "To prepare, focus on three key areas. First, implement AI and machine learning in your security stack. Solutions like user behavior analytics, automated incident response and AI-based malware detection will become essential. Second, get the fundamentals right. Require multi-factor authentication, provide regular cybersecurity training, encrypt data and patch promptly. Strong fundamentals will help prevent many attacks from succeeding. Finally, plan to eventually move beyond passwords. As hacking tools become more sophisticated, passwords alone will not suffice."
AI will bring both opportunities and risks to cybersecurity. With proactive preparation and investment in key technologies and processes, organizations can harness the power of AI to gain an advantage over cyber adversaries and better protect themselves from AI-driven threats. The future remains unclear, but with the right strategy and execution, 2024 could be the year AI helps turn the tide in the cyber arms race.