AI is coming. Nearly everyone has been pummeled this past year with HUD (hype, uncertainty, and doubt) about AI, and what it means to IT security. It feels like everything from streaming entertainment to valet parking has been dipped in or frosted by AI this past year.
But what does it really mean for you and your practice today?
Inevitable Corruption
Nuclear energy was first developed into energy weapons, much like how cryptocurrency has been dominated by attackers seeking payment of ransom or other such ill purposes.
Similarly, some of the first effective AI applications were by bad actors honing their phishing and other social engineering skills. It is almost axiomatic that powerful technologies are developing faster than we can build legal or societal guardrails around them. It’s also a given that we are always too fast to deploy these technologies and too slow to secure them.
AI takes this argument to the next level, showing us just how fast technology can get out of hand – or help us.
Automated Deception
A few years back, the concept of the “blended attack” began to take hold in the SMB space. Let me paint you a picture of a modern example of such an attack.
Someone experiences an M365 mailbox penetration after being duped into supplying credentials to a bogus login panel. Once that happens, the attacker playing the long game bides their time, studying the target and learning to impersonate them in a truly convincing fashion. They also monitor their social media, building an ever more precise target profile, until the time is perfect to pounce, perhaps while the target is on a low-bandwidth vacation.
Joshua Liberman
They might use this information with some video captured from an online posting to create remarkable deepfake videos, as happened in February, when a bogus Zoom meeting was used to convince an exec to authorize the fraudulent transfer of $25 million. State-sponsored malware actors are now creating “bulletproof” targeted phishing.
Of course, executing something like this takes a lot of time, effort, and skill for a person or group, and could hardly be worth those costs. Unless, of course, much of this can be automated by advanced AI that can mine data, find patterns, and craft attacks faster than any person or group.
That will be the real, terrible power of AI, we are already seeing it in action today.
Hyper Vigilance
The onus is upon you and your clientele to be more vigilant and skeptical in your daily lives. It also speaks to the need to be more careful in sharing information. Unfortunately, in a society so saturated with surveillance capitalism, that toothpaste is already out of the tube. Perhaps we will need to consider two-factor verifying our every human interaction.
So, we must change the very core of our behaviors. For example, societies are built upon the concept of “general trust,” or the belief that most people are good and that you can usually trust your perceptions. But what happens when you cannot trust your eyes and ears, and when that is an AI, not a person, that you are trusting?
The AI Upside
Fortunately, AI advances will also benefit those of us providing cybersecurity.
Anything driven by heuristics or behavioral analysis will be supercharged by more advanced AI. This covers everything from EDR (endpoint detection and response) agents to SOC operations, all of which will enhance data sharing and analysis capabilities.
This will enable vastly better coordinated response across all platforms and data sources, as we more effectively break down the barriers between the silos of data generated, collected, and analyzed by disparate cyber defense systems.
AI also may also drive much more effective user training, and even lead to improved automated defenses, from EDR to ransomware detection. They may not be knockout blows, and it seems likely that there will be no decisive battle in the short term. But “AI Time” moves much faster than we are used to. That is why we need to act now.
The Final Analysis
I am no unalloyed fan of the rapid pace of AI development and deployment. But as nuclear power and blockchain are both boon and bane, AI also will prove to be similarly both friend and foe.
Advanced AI is inevitable and like it or not, we must prepare for this onslaught. While AI may well lead to advances in security, it already has led to clear and present security dangers. We should band together as an industry to recognize these risks before it is too late.
Joshua Liberman is president of Net Sciences Inc. A prolific industry writer and long-term ASCII member, he raises Siberian Huskies with his wife Heidi, who calls him the “most interesting geek in the world.”
Image: DALL-E
