Article Summary (full article below)
1. Introduction: The Ever-Growing Cybersecurity Threat
If cybercrime were a country, it would rank as the third-largest economy in the world, behind only the United States and China, with costs from global cybercrime damage reaching USD 8 trillion in 2023. Cybercrime would also be the fastest-growing economy, with cyberattack-related damages increasing by an average of 13% per year between 2015 and 2023. This highlights the scale and urgency of the challenges facing organizations today. Cybersecurity isn’t just an IT issue anymore – it’s a critical business priority that demands the attention of leaders at every level.
As we will discuss in this article, generative AI has been contributing to the recent increase in cyberattacks. At the same time, it provides organizations with new tools to defend themselves.
2. GenAI as the Attacker’s Sword
Generative AI enables cybercriminals to launch more frequent attacks that are harder to detect and inflict greater damage.
a) More frequent attacks
Adversaries are using GenAI to launch larger volumes of attacks.
For instance, GenAI can reduce the time needed to craft an effective phishing email by 99+%, according to IBM’s X-Force Threat Intelligence Index 2024.
As such, in 2023, Business Email Compromise (BEC) attacks surged by 1,760% year-on-year – accounting for a staggering 18.6% of cyberattacks that year, up from only 1% in 2022.
b) Harder to detect
GenAI can help attackers create adaptive malware that evades security measures, making detection more challenging. It also allows attackers to generate highly convincing content that mimics the style and tone of legitimate communications.
In one case, cybercriminals used AI to create a deepfake audio of a CEO's voice, tricking a British energy firms’ director into transferring USD 243,000 to a fraudulent account.
In another case, in January 2024, an employee at a Hong Kong-based firm sent USD 25 million to fraudsters, after being deceived by deepfake recreations of her CFO and colleagues on a video call – showcasing the growing sophistication of attacks.
c) Higher damages
GenAI systems can rapidly identify and exploit software and hardware vulnerabilities, allowing cybercriminals to target weaknesses in critical systems faster than human hackers or traditional AI systems. This leaves little time for companies to activate their damage control mechanisms.
3. GenAI as the Defender’s Shield
On the other hand, Generative AI can help organizations better defend themselves, via threat monitoring, detection and response.
a) Threat Identification and Assessment
A key use case for GenAI is early threat detection and identification. This is the most common use case for GenAI in cybersecurity today, according to Bain’s 2023 Technology report. Darktrace’s State of AI Cybersecurity 2024 report also shows that 57% of security leaders identify threat detection as the top area where AI is expected to impact cybersecurity.
GenAI can analyze and synthesize large datasets from sources like network logs, endpoints, and applications. It can detect suspicious patterns in entry points like emails, such as unknown senders or potentially inauthentic content. GenAI can also monitor employee behavior, identifying anomalies that suggest insider threats, by establishing a baseline of normal activity and alerting on deviations.
For instance, JPMorgan announced it was using Large Language Models to detect business email compromises.
Similarly, Mastercard is utilizing its Decision Intelligence Pro tool to analyze a trillion data points and determine the authenticity of credit card transactions.
However, GenAI’s standout feature is its ability to let security professionals interact with cybersecurity systems using natural language. As Sarah Armstrong-Smith, Chief Security Advisor of Microsoft EMEA, recently mentioned: “One of the things that makes ChatGPT and Generative AI so popular […] is the fact that you could ask a question in plain English – or whichever language you’re utilizing – and get a plain English answer back. Let’s say there’s a new strain of malware. I’ve never seen this malware before. Can you tell me what the code does? Can you also tell me when the code was added to the system? How do I remove the code? It’s providing an extra layer into that security operation”.
For instance, SentinelOne’s Purple AI uses GenAI to simplify and accelerate threat assessment, by enabling natural language queries, and even suggesting queries and providing one-click hunting prompts.
b) Faster Incident Response
In addition to identifying and assessing threats, GenAI is also starting to be used to speed up response – by suggesting actions that humans can take.
For example, Microsoft Copilot for Security automatically recommends responses based on incident types and entities involved. Analysts using the tool receive guidance for triage, investigation, containment and remediation.
Similarly, CrowdStrike’s Charlotte AI is a conversational security assistant that uses GenAI to accelerate response. When authorized, it can automate processes such as quarantining suspicious files and executing real-time response scripts on defendants’ behalf.
c) Learnings Summarization
Moreover, GenAI can be used to speed up companies’ “post-game analysis”, by automating the creation of incident response reports.
For instance, cybersecurity software provider Exigence automatically creates incident response summaries using Generative AI, including key information about the event, its impact and how it got resolved. This saves security teams’ time and facilitates future responses, as past incidents can easily be queried.
4. Who Currently Benefits More: Attackers or Defenders?
For now, GenAI seems to be favoring attackers, especially when defenders are not large tech companies with sophisticated technology capabilities and large budgets.
According to the World Economic Forum’s 2024 Cybersecurity Outlook, 56% of survey respondents believe that Generative AI will give attackers a significant advantage over defenders in the next two years, while 35% think both sides will remain balanced, and only 9% think that GenAI will favor defenders.
As Sean Joyce, Global Cybersecurity and Privacy Leader at PwC US, mentioned: “Right now the advantage is going to the adversaries. They are going to be able to leverage this technology a lot quicker. They’re going to be able to find vulnerabilities of organizations much quicker. On the defender side, there are major companies like Microsoft, Google, Amazon, and others that are also going to leverage GenAI, that is going to help defend and take advantage of that. But they are going to be the minority. I would say when you talk about most of the small to medium-sized businesses, I think the advantage is going to go to the adversary”.
Sarah Armstrong-Smith, Chief Security Advisor at Microsoft EMEA, concurs: “At the moment, there’s an asymmetric advantage. Attackers and defenders have access to very similar tools and technology […] when you think about some of the money being made by ransomware operators or some of these organized crime gangs, they’ve got a lot more money to invest in new tools”.
5. Conclusion – Building Resilience: Essential Steps Against Emerging Cyberattacks
Generative AI is changing the cybersecurity landscape, for both defenders and attackers.
For organizations seeking to defend themselves effectively, it is important to continually assess the implications of emerging threats, identify where current defense systems may fall short, and invest in high-impact tools to bridge the gap where needed.
Equally important is training security teams and employees on new cyberattack tools and methods, such as more convincing phishing attacks (including via audio or video).
By embracing these strategies, organizations can build resilience against the growing threats posed by generative AI, ensuring robust defense mechanisms that keep pace with the ever-evolving cybersecurity landscape.
Comments