Nowadays, it’s impossible to miss the incursion of AI technology into almost every facet of life. It’s in our phones, woven throughout the internet, and businesses deploy it at every turn. There is one area, however, where AI technology has as much potential to harm as help: cybersecurity. Here are three ways AI harms cybersecurity and how to stay ahead of it.
1. Increasing Phishing Attacks
A phishing attack attempts to trick someone into divulging privileged information using realistic-looking correspondence or communication. The classic example is a fraudulent email that looks like a legitimate bank or financial institution communication. Until now, cybercriminals have had only two ways to execute such attacks. One is to use volume, sending a single message to long lists of people, hoping that at least some have business with the institution the email purports to come from. The other is to take the time and develop detailed profiles of a small handful of targets. Now, however, AI allows attackers to have it both ways. Cybercriminals can use it to research targets and craft custom phishing emails for each one. That makes highly targeted phishing at scale simple to execute.
2. Enables Attacks on Smaller Targets
In recent years, ransomware has become one of the biggest threats businesses face. As an attack, it’s easy to execute and is profitable. Other cyber-attack methods require far more effort, time, and resources. As a result, attackers tend to reserve more complex attacks for high-value targets. Unfortunately, AI is changing that, too. It reduces the work required to penetrate a target network. That’s putting a bulls-eye on ever-smaller organizations. As a result, we now see increasing attacks on supply chains, with businesses at all levels reporting elevated risks and having to increase defensive measures.
3. Creates Vulnerable Code
AI is also increasing the attack surfaces that cybercriminals can target. It’s happening as more software firms turn to AI to generate code and speed up development processes. Unfortunately, today’s generative AI solutions don’t excel at writing bug-free and secure code. On the contrary, they may introduce far more software vulnerabilities than ever. That might fuel a dramatic rise in data breaches and other cyberattacks in the coming years. It may also force more businesses to invest more heavily in their procurement screening processes. It may be the only way to keep AI-written software out of their networks and systems until the threat abates.
Staying Ahead of AI Cybersecurity Threats
Ironically, the only viable solution to the cybersecurity threats that AI creates may be to deploy more AI. It’s well suited to monitor networks and machines for threats and to respond as needed. Plus, it offers the first and only workable solution for the longstanding cybersecurity skills gap in the workforce. It acts as a force multiplier, allowing existing skilled cybersecurity experts to focus on more critical tasks. Plus, it logically follows that an AI-powered system should be capable of spotting any threat another AI dreamed up.
The takeaway, of course, is that the net effect that AI will have on cybersecurity is to create an arms race. The winner will be whichever side figures out how to leverage the burgeoning technology most effectively. On that score, only time will tell how everything works out.