This article was originally posted in Forbes.
Of all the headlines in 2023, perhaps none captured our collective imagination last year like the high-profile AI breakthroughs typified by ChatGPT. While the large language model (LLM) powered ChatGPT presented a compelling glimpse into just how far AI innovation has advanced, the reality is that these breakthroughs are not new—they just became more visible and more visceral when viewed through a prism of an artificial intelligence that can converse with what is, at times, an eerily natural human-like facility for conversation. Behind the headlines, decades of advancement in AI-powered tools and technologies have led to promising breakthroughs in everything from cybersecurity to everyday business tools.
While excitement around AI is justified and genuine, AI is ultimately just a tool. And, like all tools, it can be used constructively or for nefarious purposes. Unfortunately, AI in the hands of hackers and other bad actors has given those parties an expanded range of options to perpetrate harmful and costly scams and cyberattacks. As a result, not only is the number of cybersecurity threats increasing, but their sophistication is growing.
This is why understanding the contours of this evolving AI landscape is a critical first step for organizations looking to prepare for an emerging range of complex new threats—and promising new opportunities.
An Expanding Threat Landscape
The range of cybersecurity threats businesses face today has expanded exponentially in a relatively short period. Those threats include, but are certainly not limited to, malware and the introduction of malicious code like ransomware, denial-of-service (DoS) attacks, phishing, spoofing, identity theft, IoT-Based Attacks and much more. With AI, bad actors can create and refine new ways to evaluate targets and analyze behaviors, assessing which attacks were successful and which failed, and engaging in a variety of new activities such as scanning social media to identify potential vulnerabilities.
Consequently, cyberattacks continue to become increasingly sophisticated over time. There has been an evolution in terms of the believability of attacks like phishing that combine technical sophistication with advanced social engineering. In some of the most extreme examples of this phenomenon, AI is making it possible for criminals to duplicate the voice of a friend or family member to send a message or phone call asking for money.
In many cases, the family is deceived into thinking that the individual in question has been arrested or been in an accident. When you add convincingly accurate voices and images to the toolkit of bad actors who already have the software, the potential for damaging hacking increases significantly.
Better Business—Smarter Security Solutions
The good news is that AI is also helping bolster cybersecurity measures for forward-thinking businesses and security professionals. AI-powered technology is hardly new for businesses, many of which have knowingly or unknowingly relied on some degree of AI for everything from HR and scheduling to marketing or customer relations for a long time now.
The popular conception of AI often comes from exposure to LLMs and consumer-facing machine-learning capabilities. But AI also is capable of valuable security work under the hood, specifically with highly sophisticated and enormously powerful data analysis capabilities. AI-powered tools can analyze a volume of data in just seconds that a human analyst checking an alert or reviewing a data source could not come close to doing. When analysts use traditional processes to examine traditional sources of information, the scope and scale of their analysis are inherently limited. AI removes those limits. It also takes things a step further, “learning” over time how to recognize false positives and become a stronger and more resilient cybersecurity asset.
From Reactive To Proactive
For a long time, cybersecurity experts have essentially played a running game of reacting to the latest threats by trying to develop new defensive tools and technologies. One of the most impactful advantages of AI is to help level the playing field by implementing new levels of protection more quickly. In some cases, potential new threats can be detected before they fully materialize, flipping a traditionally reactive posture to a proactive one.
The ongoing arms race between hackers using AI to devise new and improved attacks and companies and security professionals using new AI tools to defend against those efforts highlights the need for a smart AI-based cybersecurity strategy.
Businesses today need to recognize that a new threat landscape means that old protections are likely no longer sufficient and that a new and proactive approach to guarding against cybersecurity risks is required. To make that happen, they should consider taking the following steps:
- Learn from or partner with specialists who not only possess a deep understanding of that threat landscape but also have access to the most efficient new AI-powered strategies.
- Deploy robust and comprehensive security solutions that blend top-tier expertise with cutting-edge technology.
- Prioritize solutions that connect your business to a full ecosystem of services, advisory assets and digital tools.
- When evaluating prospective partners and solutions, consider your needs and check for the following features: 24/7 coverage, user-friendly functionality with an intuitive UI, and hands-on integration and setup from subject matter experts.
Keep in mind that these AI cybersecurity solutions and associated services are a new and evolving subset of the cybersecurity marketplace. Effective solutions are unlikely to be plug-and-play and will likely require a collaborative and customized integration and refinement process that could take anywhere from a few weeks to a few months. The payoff, however, could be significant: with an unparalleled level of protection that improves your security posture against emerging threats and uses the power of AI to reduce the occurrence of successful cyberattacks and limit the potential damage that could result. In this brave new world of evolving AI threats, there is nothing artificial about that kind of protection.