AI in Cybersecurity: The Role of GenAI in Shaping the Future of Cybersecurity
Within the constantly shifting realm of cybersecurity, the emergence of Artificial Intelligence (AI) has ushered in a host of opportunities and difficulties. GenAI, a specialized branch of AI, holds promise for alleviating the human workload in the fight against cyber threats. Notwithstanding AI’s substantial contributions to this domain, it remains imperative to acknowledge that it cannot entirely emulate human ingenuity.
The rapid development of AI technology has ignited discussions across various industries, sparking debates about its potential benefits and disruptive capabilities. In the realm of cybersecurity, AI plays a dual role: it can be harnessed by defenders to thwart cyberattacks, but it can also empower malicious actors to launch more sophisticated and effective offensives.
Recently, a panel of Chief Information Security Officers (CISOs) gathered in Melbourne, hosted by cybersecurity provider Bugcrowd, to deliberate the intricate relationship between humans and AI in cybersecurity. Their consensus was clear – humans are both the problem and the solution in this domain. AI serves as a catalyst for innovation on both sides of the security spectrum but doesn’t supplant human creativity.
The significance of this issue becomes evident when considering the increasing cost of data breaches. According to the Ponemon Institute, data breaches are expected to reach a staggering US$4.35 million. Furthermore, the International Data Corporation (IDC) predicts that global spending on cybersecurity will reach US$219 billion in 2023, marking a 12% increase from the previous year.
The Asia-Pacific (APAC) region faces unique challenges due to the prevalence of hybrid working, with 60% of the workforce operating outside the traditional enterprise security perimeter. This expansion of the attack surface creates new vulnerabilities and threats.
One key factor contributing to the proliferation of threats is the growth of the Internet of Things (IoT) and interconnected devices, particularly in healthcare organizations. These organizations are especially vulnerable to cyberattacks due to the interconnected nature of healthcare monitoring devices. Ryan La Roche, a CISO at St. John of God, Australia’s largest not-for-profit healthcare provider, emphasizes the benefits of data exchange between devices but also acknowledges the heightened risk this creates for healthcare organizations.
Hackers are continually becoming more sophisticated, discovering and exploiting vulnerabilities within hours. Dan Maslin, Group CISO at Monash University, highlights the alarming trend of zero-day vulnerabilities being discovered and exploited within 24 hours. He also points out that security perimeters have become porous as organizations collaborate with numerous digital partners, rendering them vulnerable to attacks.
AI, particularly GenAI, is poised to play a pivotal role in enhancing cybersecurity. Luke Barker, Group Owner for security at Telstra, foresees significant advancements in using GenAI for threat detection and response. This shift is expected to reduce the human effort required to proactively respond to threats, shifting the focus from the sheer number of analysts to harnessing the power of GenAI to stay ahead of the evolving threat landscape.
However, it’s essential to remember that AI, while a valuable ally in cybersecurity, cannot replace human creativity. Dave Gerry, Bugcrowd’s CEO, emphasizes that AI will make the industry more efficient and productive but will introduce new risks. Regardless of the tools and solutions employed, the ultimate responsibility lies with humans. A human-first approach to securing teams and infrastructure is paramount.
Gerry cites Gartner’s prediction that, by 2027, half of enterprise CISOs will adopt human-centric security design practices that consider the impact of human behavior and error on security. This recognition of the human element in cybersecurity is pivotal in the ongoing battle against cyber threats.