16 Cybersecurity leaders predict how gen AI will enhance cybersecurity in 2024

With better AI energy comes better complexity, particularly for CISOs adopting generative AI. Gen AI is the ability surge cybersecurity distributors want to scale back the dangers of shedding the AI battle. In the meantime, adversaries’ tradecraft and new methods of weaponizing AI whereas combining social engineering have humbled most of the world’s main corporations this 12 months. 

VentureBeat sat down (nearly) with 16 cybersecurity leaders from 13 corporations to realize insights into their predictions for 2024. Leaders advised VentureBeat that setting the purpose of making a robust collaboration between AI and cybersecurity professionals is important. 

AI wants human perception to succeed in its full potential in opposition to cyberattacks. MITRE MDR stress exams have offered quantified proof of that time. The mix of human perception and intelligence with AI identifies and crushes breaches earlier than they develop, as Michael Sherwood, chief innovation and expertise officer for town of Las Vegas, advised VentureBeat in a current interview. 

Cybersecurity leaders predict gen AI’s affect on cybersecurity 

Peter Silva, Ericom, Cybersecurity Unit of Cradlepoint. “It might enhance by the flexibility to select up patterns (like assault patterns or an rising CVE or simply sure behaviors that point out an tried breach and even predicting that the L3 DDoS assault is a distraction for the credential stuffing they’re lacking). I additionally suppose that AI will make it harder, too. Detectors can’t inform the distinction between a human-generated and AI-generated phishing assault, in order that they’ll get a lot better,” Silva mentioned. 

Elia Zaitsev, CTO CrowdStrike. Zaitsev mentioned that “in 2024, CrowdStrike expects that risk actors will shift their consideration to AI techniques as the latest risk vector to focus on organizations via vulnerabilities in sanctioned AI deployments and blind spots from workers’ unsanctioned use of AI instruments.” 

Zaitsev mentioned that safety groups are nonetheless within the early phases of understanding risk fashions round their AI deployments and monitoring unsanctioned AI instruments which were launched to their environments by workers. “These blind spots and new applied sciences open the door to risk actors desirous to infiltrate company networks or entry delicate knowledge,” Zaitsev mentioned. Staff utilizing new AI instruments with out oversight from their safety staff will drive corporations to grapple with new knowledge safety dangers.

“Company knowledge that’s inputted into AI instruments isn’t simply susceptible to risk actors focusing on vulnerabilities in these instruments to extract knowledge, the info can be susceptible to being leaked or shared with unauthorized events as a part of the system’s coaching protocol,” Zaitsev mentioned. 

“2024 would be the 12 months when organizations might want to look internally to know the place AI has already been launched into their organizations (via official and unofficial channels), assess their danger posture, and be strategic in creating tips to make sure safe and auditable utilization that minimizes firm danger and spend however maximizes worth,” predicts Zaitsev.

Rob Gurzeev, CEO, CyCognito. “Gen AI might be a internet constructive for safety, however with a big caveat: It might make safety groups dangerously complacent. I concern that an overreliance on AI might result in a scarcity of supervision in a company’s safety operations, which might simply create gaps within the assault floor,” Gurzeev mentioned. He warned in opposition to the belief that after AI turns into good sufficient, it requires much less human perception calling it a “slippery slope.” 

Howard Ting, CEO, Cyberhaven. ”Cyberhaven pulled knowledge earlier this 12 months that exposed that 4.7% of workers had pasted confidential knowledge into ChatGPT. And 11% p.c of that knowledge was delicate in nature. However I do suppose finally the tables will flip. As LLMs/gen AI matures, safety groups will be capable to use it to speed up defenses,” Ting mentioned.

John Morello, Co-founder and CTO, Gutsy. “Gen AI has nice potential to assist safety groups navigate the overwhelming quantity of occasion knowledge they at present battle with. Legacy approaches of information lakes and fundamental SIEMs that merely gather knowledge however do little to make it approachable will be reworked with a lot better usability by having a extra conversational interface.” 

Jason Urso, CTO, Honeywell Related Enterprise. “Important infrastructure has all the time been a first-rate goal for malicious actors. Prior profitable assaults concerned substantial complexity past the aptitude of a median hacker.  Nevertheless, gen AI lowers the bar by enabling much less skilled malicious actors to generate malware, provoke subtle phishing assaults to realize entry to techniques, and carry out automated penetration testing,” mentioned Urso. 

Orso sees the threatscape evolving to AI defending in opposition to AI.  

“Therefore, my prediction is that gen AI might be used as a technique for closed-loop OT protection – dynamically altering safety configurations and firewall guidelines based mostly on modifications within the risk panorama and performing automated penetration testing to focus on modifications in danger,” mentioned Urso. 

Srinivas Mukkamala, Chief Product Officer, Ivanti.  “2024 will spark extra anxiousness amongst employees in regards to the affect of AI on their careers. For instance, our current analysis discovered that just about two out of three IT employees are involved that gen AI will take their jobs within the subsequent 5 years. Enterprise leaders have to be clear and clear with employees on how they plan to implement AI in order that they maintain proficient workers – as a result of dependable AI requires human oversight,” mentioned Mukkamala. 

Mukkamala additionally warned that AI will create extra subtle social engineering assaults. “In 2024, the rising availability of AI instruments will make social-engineering assaults even simpler to fall for. As corporations have gotten higher at detecting conventional phishing emails, malicious hackers have turned to new strategies to make their lures extra plausible. Moreover, the misinformation created by these AI instruments by risk actors and people with nefarious intentions might be a problem and actual risk for organizations, governments, and other people as a complete,” Mukkamala mentioned.

Merritt Baer, Discipline CISO at  Lacework, “Don’t fear, the robots aren’t taking on. However I do anticipate the character of labor to vary. We’ve seen people automating repetitive duties, however what if we will go additional? ” Baer mentioned. What in case your gen AI agent can’t solely immediate you to put in writing an automation (‘This can be a drawback/request you’ve seen X occasions this week; do you need to automate it?’), however counsel the code it might take to script that remediation or to patch that asset. I anticipate that jobs will replicate what the godmother of laptop programming, Ada Lovelace, foresaw: people are important for inventive and progressive pondering; computer systems are good at dependable processing, deriving patterns from giant datasets, and implementing actions with mathematical accuracy.”

Ankur Shah, SVP of Prisma Cloud at Palo Alto Networks. “Safety groups at present can’t sustain with the tempo of utility growth, which ends up in numerous safety dangers reaching manufacturing environments. This tempo isn’t slowing down as AI is anticipated to develop utility growth 10X, with builders benefiting from the expertise to put in writing and ship new code sooner than ever.  To degree the enjoying discipline for safety groups to maintain tempo, organizations will flip to AI. That mentioned, AI is primarily a knowledge drawback, and for those who don’t have sturdy safety knowledge to coach AI, then your capacity to cease dangers is squandered,” predicts Shah. 

Matt Kraning, CTO of Cortex, Palo Alto Networks. “Proper now, safety analysts must be this type of unicorn, in a position to perceive not solely how the attackers would possibly get in but in addition how one can arrange advanced automation and queries which can be extremely performant over excessive volumes of information. Now gen AI will make it potential to work together with knowledge extra simply,” Kraning mentioned.  

Christophe Van de Weyer, CEO, at Telesign. “Fraudsters are utilizing gen AI to scale up their assaults. Because of this, 2023 was a report 12 months for phishing messages, which trick folks into sharing their credentials. Gen AI is utilized by criminals to put in writing the messages within the sufferer’s language and within the type of a message from a financial institution, for instance. That’s why, in 2024, I consider the flexibility of shoppers to simply decipher reputable from fraudulent emails and texts will almost be erased. This may speed up the actions that companies are taking to bolster defenses. An elevated give attention to account integrity might be key. Keep in mind that phishing and different assaults are sometimes used to take over accounts and execute extra vital thefts. Firms ought to use AI to risk-score logins and transactions based mostly on an ongoing evaluation of fraud indicators. And cybersecurity companies ought to develop the vary of fraud indicators that ML can study, to tell safety measures,” mentioned Van de Weyer.

Rob Robinson, Head of Telstra Purple EMEA.”The variety of knowledge factors safety professionals now have duty for monitoring and managing is eye-wateringly excessive. And with the proliferation of the cloud and clever edge deployments, this may solely improve within the coming years. While making an attempt to keep away from a whole lot of the guff round AI, the expertise is ideally suited to unravel among the safety business’s most troublesome issues round risk detection, triage, and response. Because of this, in 2024, we’ll see AI rework the mandatory abilities required of CISOs as soon as once more,” Robinson mentioned. 

Vineet Arora CTO of WinWire.  Arora predicts, “Gen AI will considerably increase human capabilities in cybersecurity. I foresee gen AI enabling much more automation in at present human-managed safety workflows in risk intelligence, safety hardening, penetration testing, and detection engineering. Many mundane duties like log evaluation, incident response, and safety patching will be automated by gen AI, releasing up worthwhile time for safety analysts to give attention to extra advanced cybersecurity issues. On the identical time, malicious human actors leverage gen AI to create extremely reasonable situations for social engineering assaults, impersonated software program as malware, and complex phishing campaigns.”

Claudionor Coelho, Chief AI Officer, and Sanjay Kalra, VP, Product Administration, Zscaler. “Gen AI may have a considerable and far-reaching affect on compliance within the coming 12 months. Traditionally, compliance has been a time-consuming endeavor encompassing the event of rules, the implementation of constraints, the procurement of proof, and responding to buyer questions. This has primarily been centered on textual content and procedures, which is able to now be automated,” Coelho and Kalra mentioned. 

Clint Dixon, CIO of a big world logistics group. “That is how cybersecurity will work; will probably be an AI world. As a result of it’s shifting so quick and the quantities of information there and the fashions, they’re too advanced and too large to anticipate that groups of people will be capable to learn and interpret it and take actions from it and do this. So it’s what’s going to attract I’ve cybersecurity on the go ahead,” mentioned Dixon.