The threat landscape may have changed, but the response does not necessarily need to change with it. If an organisation has already invested in sophisticated threat and vulnerability detection systems, they need to ensure that they are maximising and optimising their use.
It is not a question of a new investment in cybersecurity, rather a new approach. In the same way as the cloud changed the shape of organisations’ networks and cyber defences had to be extended to cover the new expanded perimeter, current defence systems will need modification to bring GenAI models within their orbit.
Stolen credentials present a grave peril to organisations. To bolster security beyond passwords and multi-factor authentication (MFA), organisations can deploy AI-driven solutions that monitor user behaviour for unusual login patterns or atypical actions. These systems scrutinise user interactions with critical infrastructure, can swiftly detect unauthorised access attempts or transactions. Adopting this strategy enhances cybersecurity defences by integrating AI technology that can strengthen existing measures and counter new threats with speed and efficacy.
Procurement processes will also play an important role. Organisations must ensure that they are not buying trouble when they invest in GenAI. They need to interrogate vendors very closely to ensure that the systems they are acquiring are secure and do not bring increased vulnerabilities with them.
Of course, organisations will need to invest in upgrades to guard against the AI-driven increased sophistication of phishing and other cyberattacks, but this can be accommodated within normal cyber budgets.
Finally, it cannot be emphasised enough that GenAI will not offer a silver bullet to organisations seeking to bolster their cyber defences.
Summary
While organisations exploit the potential of advanced AI, they need to be mindful of the advent of new cyber vulnerabilities. Using existing cybersecurity measures to protect AI systems and applying rigorous due diligence to the purchase of such systems will help deal with the heightened threat as will increased awareness of the new environment. While it undoubtedly offers the ability to further automate certain elements of cyber defence and to enhance threat detection, this will not replace any of the existing cybersecurity systems in place or the human as the last line of defence.