AI: A double agent in the cybersecurity world
The increased use of artificial intelligence (AI) is capturing a significant portion of the headlines in the world of technology. After all, AI has opened the door to technological advancements that will forever change how businesses do business.
Sounds good, right? However, …
AI and cybercriminals
AI can be a source of great danger in cybersecurity. In May 2024, the U.S. Federal Bureau of Investigation issued an ominous warning about AI's nefarious uses.
“As technology continues to evolve, so do cybercriminals' tactics. Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike,” said FBI Special Agent in Charge Robert Tripp. “These sophisticated tactics can result in devastating financial losses, reputational damage and compromise of sensitive data.”
With AI, cybercriminals are enhancing the effectiveness and complexity of their attacks and incorporating publicly available and custom-made tools in their efforts. Bad actors' use of AI is expected to explode, delivering more powerful attacks. One of the major ways they do this is by using AI to locate security weaknesses in systems. In addition to enabling new forms of attack, the FBI says AI provides augmented and enhanced capabilities to schemes that attackers already use through increasing cyber-attack speed and scale and implementing automation.
The recent OpenText 2024 Global Ransomware Survey confirms that AI-fueled attacks are increasing. OpenText reported, “Respondents experienced more phishing attacks due to the increased use of AI, especially among those who have experienced a ransomware attack. More than half (55%) of respondents said their company is more at risk of suffering a ransomware attack because of the increased use of AI among threat actors. Almost half (45%) of respondents have observed increased phishing attacks due to the increased use of AI. Of those who experienced a ransomware attack, 69% have observed increased phishing attacks due to the increased AI usage.”
Another alarming aspect of AI-powered attacks is that they are extremely difficult to detect. AI algorithms can adapt over time to defenses. AI is also used in multiple forms of attack, such as sending personalized emails, creating realistic (deepfake) videos or audio recordings, reverse engineering (model stealing), and data poisoning to compromise security system performance.
Also, AI is not relegated to well-funded criminals. According to a report on Whitehouse. Gov from the U.S. Office of the National Cyber Director, “… realizing the promise of AI also challenges us to manage the risks it poses to cybersecurity. Today, LLMs can quickly and cheaply generate persuasive and micro-targeted text, images, audio, and video in different languages. Cybercriminals, hacktivists, and others with limited resources and technical sophistication may use these capabilities to conduct phishing campaigns, information operations, and other malicious cyber activity.”
AI and the good guys
While AI poses a dangerous cyber threat, there is an option that can be deployed to fight against it: AI. But make no mistake, it is not a quick fix. The U.S. Department of Defense report says AI versus AI will be a long-term battle.
It can be used as an integral part of a strong DevSecOps program to maximize AI in cybersecurity efforts. Also known as Secure DevOps, DevSecOps is the integration of Developer Operations (DevOps), Security Operations (SecOps), and IT Operations (ITOps). It enables security to be part of the entire software development life cycle, not just at the end.
If properly implemented with AI, DevSecOps provides a more efficient software development workflow by automating some of the steps and security gates. This, in turn, produces software faster and with more effective security. The result is a reduced risk of successful cyberattacks that can cost millions, if not billions, dollars, unplanned extended downtime, damaged reputations, and the wrath of unhappy customers.
Just like bad actors, development teams can use GenAI and test automation to detect potential issues within software and systems. A good DevSecOps platform scans code, runs comprehensive tests, and monitors systems in real time. GenAI can also play a role in project management by suggesting mitigations and helping the relevant stakeholders focus on the most impactful and risky items first.
The bottom line is that it is no longer a question of whether an AI-powered cyberattack will impact an organization. It is a question of when and how organizations will use AI to defend against attacks.
