COMMENTARY: Defenders and attackers alike are racing to use AI to outwit each other in this new Generative AI (GenAI) era.
Threat actors are rapidly adopting GenAI technology to increase the speed and effectiveness of their attacks. According to recent data, one in three cybersecurity leaders say AI-powered cyberattacks are their highest concern. As threat actors continue to use GenAI, defenders can keep pace only by tapping into its potential themselves.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
With the battle in its early days, there’s no clear consensus on whether threat actors or cybersecurity teams will have the GenAI advantage. Approximately 45% of cybersecurity leaders believe GenAI will advance the cause of threat actors, while 43% believe it will be a net win for cyber defenders. While GenAI will add value across the board, the rules of engagement aren’t the same for both sides. More specifically, threat actors aren’t held to the same ethical, legal, and regulatory standards that guide defenders.
Threat actors use GenAI to amplify phishing lures, execute a higher volume of attacks, and translate their attacks into their targets' native language. A nation-state actor even leveraged an AI deepfake to get hired by Florida security awareness firm KnowBe4 to gain access to the company’s data. The potential GenAI offers threat actors remains exactly why defenders must become serious about leveraging Gen AI in the following areas:
- Risk identification: As large language models (LLMs) continue to mature, they’ll become more sophisticated in risk-based alerting so defenders can focus on the tasks that actually matter to the business.
- Threat intelligence analysis: LLMs have the potential to transform threat hunting capabilities. By improving the ability of defenders to analyze data, LLMs promise to help defenders more effectively determine indicators of compromise within networks and more proactively mitigate threats.
- Threat detection and prioritization: GenAI can help rank and prioritize present risks, maximizing cybersecurity personnel's time while simultaneously decreasing human error.
- Summarize security data: With nearly 50% of CISOs reporting to the board, it’s important that they communicate their company’s cybersecurity risk. GenAI can help them quickly summarize pertinent security information and position it in a way that board members can understand.
Pair use cases with best practices
For cyber defenders to gain the edge in the GenAI battle, it’s important to pair our use cases with best practices that let each organization develop a comprehensive GenAI security strategy. Here’s how to do it:
- Craft thoughtful GenAI policies: Attempting to ban GenAI tools altogether would likely close the door to innovation while simultaneously opening one for shadow AI. Instead of eliminating GenAI, organizations need to set strict protocols and educate employees on how to safely use AI. Developing internal policies minimizes the potential risks of GenAI while helping to increase employee productivity and business innovation.
- Emphasize collaboration among teams and tool consolidation: As more software development teams lean on GenAI to assist in code generation, it’s important for security and developer teams to stay in lockstep through the entire development process. This will lead to software that’s built with security in mind to limit the vulnerabilities and risks introduced to the tech stack. On top of this, businesses need to consolidate tech stacks to streamline cybersecurity monitoring to ensure their tools monitor the entire attack surface for GenAI-powered attacks.
- Partner with legal and compliance: With new compliance regulations from the SEC and potential legal ramifications around cyberattacks, CISOs must focus on inter-departmental partnerships. Scheduling regular meetings with legal and compliance teams will help them ensure that policies and practices follow regulations. By conducting tabletop exercises to uncover security and compliance gaps, companies can prove to regulators that they are serious about cybersecurity compliance.
- Practice cyber hygiene: Despite concerns about AI-powered cyberattacks, data suggests the most common attacks are still data breaches and business email compromise. That’s why it's important to ensure basic cyber hygiene practices are in place. For example, it’s important to maintain a complete IT asset inventory so that teams know what’s in the tech stack and the security dependencies that exist throughout networks.
While GenAI offers many benefits to businesses, it’s also a tool that threat actors won’t hesitate to use to their advantage. It’s time for defenders to evolve again. The industry must continue learning how to use GenAI, which systems are directly affected by this technology, and — ultimately — how to harness it to better defend our systems. Only then can defenders minimize new security risks while simultaneously innovating.
Audra Streetman, security strategist, Splunk SURGe
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
