Developments in AI
If there’s one constant in cybersecurity it’s that any new technology is a double-edged sword. What allows us to perform tasks faster is the same “what” giving hackers a new edge in the endless IT struggle. Surprise, AI is the new magic lamp everyone’s gunning for, and threat actors demonstrate eagerness to use this tech for nefarious deeds.
A popular new scheme has cropped up, a mixture of AI exploitation and phishing. As you know, social engineering takes advantage of brand trust and verified names. ChatGPT has therefore been a perfect target for new AI-related attacks, not just in attempts to sus out malicious code, but in link snares too. In other words, malicious actors are setting down traps, whereby they claim to be ChatGPT or a similar tool. When the targeted user(s) click the link, it’s instead a malicious web space or executable loading malware into the impacted system. They’re also in the form of browser extensions, cashing in on the promise of advanced tech and exciting developments.
It’s a key technique in the phishing game. In fact, I’ve covered hack attempts related to popular media like Spider-Man’s film release. I mention it because the trick is as old as the internet: famous subject = easy bait. Hackers rely on hype and discussion to achieve phishing success. Some even think of ChatGPT and its competitors as the “new crypto,” in the sense it’s a currently highly sought topic and tech.
One critical takeaway from the AI discourse is that, once again, hackers like things simple. That’s not to suggest the progression of AI technology won’t see complex campaigns targeted at people and networks. But the use of ChatGPT’s trusted name to use in phishing schema demonstrates a desire for the basics. If it’s cheap, effective, and consequence-free, why not use it? That grants us some insight into how hacker organizations operate and how we should respond to protect ourselves.
If something dominates the IT space in terms of search frequency and conversation, it’s an ideal fit for attackers and their respective phishing campaigns.
How AI and cybersecurity will shape 2023
We also have to consider the roadmap of AI and cybersecurity. The conversation surrounding AI is, of course, filled with wonder and infinite promise. The tech sector is pushing as the next Big Thing, a change in civilization, the dividing line between pre-AI and post-AI worlds. Is that true? Sifting past the hype and buzz, I won’t say yes with total confidence. After all, “AI” is a simple way to communicate a concept, a machine combining data and algorithms to form a pattern of content based on inputs. To call it true, individual “machine thinking” however is a total misfire. AI in its current state is not a conscious, thinking entity.
Shaking off the aura and mystique of big, conceptual technology, we can then look at a reasonable picture of how AI will transform the tech sector – if it does. It’s clear AI tech will be used for good and ill, we just need to understand the “what” and prepare for it.
What’s now called “AI” used to be machine learning years ago. Machine learning and “AI” models were (and still are) used to flag unusual behavior or anomalies to tip off security teams of potential intrusions. That was to help eliminate redundancies and reduce repetitive labor so IT and cybersecurity staff could focus on larger infrastructural challenges.
It was passive but automated. These days, expanding economic challenges and an industry in desperate need of cybersecurity staff will drive demand for automated, proactive tools. Thus enters AI in cybersecurity – not just as a detection resource, but something capable of forming active responses against attacks, just as the human counterpart would. And, remembering that attackers will take advantage of automated attacks, smart machines, and AI for their campaigns, this detect-and-response is invaluable. On a human scale, malware volume will outpace our ability to actively respond to attacks. The need for machine tools to evaluate threats is dire.
Furthermore, the hope is that AI-based models will clean up negative reports in the IT and cybersecurity wing. When IT staff respond to false-positive pings, it’s both exhausting and time-consuming. A false-positive creates an alert where there isn’t one, and IT staff are challenged by time constraints as is.
That’s where the notion of AI becoming a fundamental arm of business and strategic operations comes into play. The technology is expected to grow with so much enthusiasm behind it. Competitors and models will arrive on the scene akin to ChatGPT, looking to score a distinct market of fascinated customers. As this growth occurs, companies in the tech sector will expand infrastructure to accommodate AI, and we’ll no doubt see a massive crop up of AI service vendors – whatever that may entail.
Is AI right for my enterprise?
Technology, growth, and the IT sector are rife with big moments when powerful new tech crests the hill with “visionary” promises and game-changing abilities. Competitors want to push into the market and change the game, creating ChatGPT-likes or utilizing AI tech in some capacity.
In 2022 we saw a huge conversational focus on concepts like Web3, the blockchain, NFTs, and cryptocurrency, all concepts promising to rattle the cages and rewrite how we fundamentally do things at every level of business and life, all while watching profit margins rocket “to the moon.” A year later, a good chunk of that was a gift.
Therefore, I think it’s reasonable to step back and apply some of that healthy skepticism toward AI tools too. There’s the dazzling future of what could be, and then the reality of what can be. Technology is not magic, it’s incremental. That doesn’t mean “AI” is a pipe dream. It’s very much here, a result of years and work. It allows us to do things faster, and it provides potential automated solutions for otherwise complex problems outpacing human capabilities. But I’m not going to buy into the idea that an algorithmic model calling itself “AI” is indeed a technological genie, nor do I believe – yet – that this is a massive turning point in the digital world. It’s a big jump and a good jump, but new technology always goes through a honeymoon phase before we see how it shapes (or doesn’t) the world.
What we have is a glorified algorithmic blender, a smarter machine with smarter automated responses, and a new, shiny tool. We don’t have a functional, thinking complex computer brain achieving self-aware consciousness. It achieves results when given the right prompts and drawing from quality data sets.
Thus, when you see AI, you see security leaders and company CEOs assuring you this is the moment, hit the pause button. Once you’ve got that clarity, then you can safely ask if AI is right for you. From a cybersecurity standpoint at least, yes, I believe so. In this field, AI brings genuine value and can save a lot of crucial time, protecting information and data. But, I want to help demystify how AI is presented as a nebulous solution to the pain points of cybersecurity, IT, and doing business.
We also have to make sure doesn’t work against us, because these models are trained on the data they’re given. Again, AI is a sort of tech-speak that easily communicates its about, but in earnest it’s a prompt engine, a predictor, and the results of machine learning. It’s only as good as the data it can draw from. Therefore, we want to avoid erroneous conclusions or conclusions that don’t actually help IT, cybersecurity, and people. AI models drawing from bad data (biased models) will create undesired outputs, even dangerous ones.
You don’t want to imagine AI tools, vendors, and services as the Houdini capable of solving all your problems. That level of disconnect between humans and tools lands us back in cybersecurity hot water.
We’ve talked about how hackers will exploit brand strength to levy phishing attacks related to AI. We also discussed the potential AI brings to IT and cybersecurity, forming cohesive “smart” responses against potential attacks, and shoring up gaps in an understaffed field. But, we also went over what AI isn’t and should maintain some healthy skepticism towards any “world-altering” tech. Remember, the tech sector is dominated by voices that want to sell you on services, and they’ll promise heaven to get your buy-in.
However, AI suites, vendors, models, and services will make a huge push into the IT sector. More so, it will be a foundation for renewed cybersecurity defenses, as hackers will eagerly use any new automated tool for their threat campaigns.
Preparing for the future means taking advantage of every resource at your disposal. Third party resources can help. For more information, reach out to Bytagig today.