12 Dec Is AI The Holy Grail Of Cybersecurity? Or Cybercrime?
Black hats and white hats armed with artificial intelligence in the battle of the century
– Northport, N.Y. – Dec. 11, 2023
Cybersecurity Ventures spoke to Mark McLaughlin, chairman of the board at Qualcomm and former chairman, president and CEO at Palo Alto Networks, to size up how AI is being weaponized by black hats, and put to use by white hats.
“All new technologies have the benefit and the disadvantage of being utilized by cybercriminals. Generally, they’re going to use them faster than the good guys will because they don’t have the same constraints.” McLaughlin continued, “That’s the case with software, cloud, and it’s going to be the case with Quantum computing and AI.”
McLaughlin also had a positive spin, saying that AI queries are very expensive, which means good actors can use this technology more effectively than their adversaries. His biggest anxiety, however, is the potential to launch sophisticated phishing attacks that don’t mimic what we’ve seen in the past.
“It’s going to take a new level of awareness that we need to be in front of very quickly,” McLaughlin warned.
Cybercrime Radio: AI, good guys vs. bad guys
Mark McLaughlin, former chairman, president & CEO at Palo Alto Networks
Does AI put jobs in jeopardy?
With a global shortage of cybersecurity jobs, and 85 percent of the cybersecurity workforce, according to research from Devo, thinking of leaving their current roles due to burnout, how can companies get ahead of emerging threats while ensuring the well-being of their security teams?
Steve Morgan, the editor-in-chief of Cybercrime Magazine, highlighted one of the bigger issues found in this report.
“83 percent of security professionals say that they or someone in their department has committed errors due to burnout that have led to a security breach,” Morgan said when I interviewed him on Cybercrime Radio about Devo’s research. “So whether you stay or you leave, this is really affecting people. I don’t know that the board of directors, CEOs, and CFOs are aware of what a big problem this is. I think right now we’re in that awareness mode, making people more aware of what’s going on.”
If an increase in cyber attacks generated by AI stacks on top of the overall burnout in the cybersecurity industry, will the other side of the equation result in AI replacing employees?
Goldman Sachs reports that generative AI could expose the equivalent of 300 million full-time jobs to automation.
“The question on the top of everybody’s mind is: can I be replaced by a robot, artificial intelligence, or somebody in another country?” Frank Zinghini, CEO of Applied Visions, told Cybercrime Magazine when discussing how programmers might be affected. “There will always be the need to have people — humans — involved in this process.”
Zinghini reminds us that “you have to look at [AI] as another tool.” This technology revolution is similar to many other advancements made in the 70-year history of software development “and if used well, can really help you and if used poorly can get you in a lot of trouble.”
Can AI help secure your company?
Penetration testing remains an essential part of any company’s security routine, so we reached out to Seemant Seghal, founder and CEO at BreachLock, to hear his thoughts on how AI can help with this aspect of an organization’s security strategy.
“In cybersecurity — until the magic AI security bullet comes along — organizations can incorporate AI into their security workflows,” said Seghal, “but they will have to continue to rigorously test their AI tools performance, along with manually identifying and remediating vulnerabilities quickly.”
Seghal echoed concerns about how AI can accelerate bad actors, but remains positive, welcoming “AI as a step to evolve human society using the power of computer programming.”
In regards to penetration testing, BreachLock “has been using AI since we started in 2018” to free their ethical hackers from mundane tasks, so they have more time to “perform in-depth vulnerability discovery, correlative analysis, and manual validation of AI and automated findings.”
What’s in store for CISOs in 2024?
CISOs are inundated with problems on both sides of the AI coin because it unlocks new possibilities for security teams, but also contributes to global cybercrime damages and employee burnout.
Steve Wozniak, co-founder of Apple, expresses concerns about AI being weaponized through online scams and misinformation, while Elon Musk, CEO of Tesla, SpaceX and CTO and executive chairman of X, considers AI as the “most disruptive force in history.”
Major tech players like Microsoft and Google invest billions in AI. The Brookings Institution, an American think tank, issues warnings about AI’s negative impact on elections.
Perhaps AI is best thought of as a technological ‘frenemy,’ blending the advantages of new innovations with the natural repercussions of its deployment by adversaries.
Pope Francis highlights the potential of robotics and AI saying it “can make a better world possible if it is joined to the common good.” So then, is it possible that AI just may be the holy grail of cybersecurity? Or, dare we say, cybercrime?
Tell us what you think.
– Paul John Spaulding is GM Production at Cybercrime Magazine.
