16 Cybersecurity leaders predict how gen AI will enhance cybersecurity in 2024

With higher AI energy comes higher complexity, particularly for CISOs adopting generative AI. Gen AI is the facility surge cybersecurity distributors want to scale back the dangers of dropping the AI warfare. In the meantime, adversaries’ tradecraft and new methods of weaponizing AI whereas combining social engineering have humbled lots of the world’s main corporations this yr. 

VentureBeat sat down (just about) with 16 cybersecurity leaders from 13 corporations to achieve insights into their predictions for 2024. Leaders instructed VentureBeat that setting the purpose of making a powerful collaboration between AI and cybersecurity professionals is important. 

AI wants human perception to succeed in its full potential towards cyberattacks. MITRE MDR stress exams have offered quantified proof of that time. The mixture of human perception and intelligence with AI identifies and crushes breaches earlier than they develop, as Michael Sherwood, chief innovation and know-how officer for town of Las Vegas, instructed VentureBeat in a latest interview. 

Cybersecurity leaders predict gen AI’s affect on cybersecurity 

Peter Silva, Ericom, Cybersecurity Unit of Cradlepoint. “It may enhance by the flexibility to select up patterns (like assault patterns or an rising CVE or simply sure behaviors that point out an tried breach and even predicting that the L3 DDoS assault is a distraction for the credential stuffing they’re lacking). I additionally assume that AI will make it tougher, too. Detectors can’t inform the distinction between a human-generated and AI-generated phishing assault, in order that they’ll get significantly better,” Silva mentioned. 

Elia Zaitsev, CTO CrowdStrike. Zaitsev mentioned that “in 2024, CrowdStrike expects that risk actors will shift their consideration to AI techniques as the most recent risk vector to focus on organizations by means of vulnerabilities in sanctioned AI deployments and blind spots from staff’ unsanctioned use of AI instruments.” 

Zaitsev mentioned that safety groups are nonetheless within the early levels of understanding risk fashions round their AI deployments and monitoring unsanctioned AI instruments which have been launched to their environments by staff. “These blind spots and new applied sciences open the door to risk actors desperate to infiltrate company networks or entry delicate information,” Zaitsev mentioned. Staff utilizing new AI instruments with out oversight from their safety staff will pressure corporations to grapple with new information safety dangers.

“Company information that’s inputted into AI instruments isn’t simply prone to risk actors concentrating on vulnerabilities in these instruments to extract information, the info can be prone to being leaked or shared with unauthorized events as a part of the system’s coaching protocol,” Zaitsev mentioned. 

“2024 would be the yr when organizations might want to look internally to know the place AI has already been launched into their organizations (by means of official and unofficial channels), assess their danger posture, and be strategic in creating tips to make sure safe and auditable utilization that minimizes firm danger and spend however maximizes worth,” predicts Zaitsev.

Rob Gurzeev, CEO, CyCognito. “Gen AI might be a internet optimistic for safety, however with a big caveat: It may make safety groups dangerously complacent. I concern that an overreliance on AI may result in a scarcity of supervision in a company’s safety operations, which may simply create gaps within the assault floor,” Gurzeev mentioned. He warned towards the idea that when AI turns into good sufficient, it requires much less human perception calling it a “slippery slope.” 

Howard Ting, CEO, Cyberhaven. ”Cyberhaven pulled information earlier this yr that exposed that 4.7% of staff had pasted confidential information into ChatGPT. And 11% p.c of that information was delicate in nature. However I do assume finally the tables will flip. As LLMs/gen AI matures, safety groups will have the ability to use it to speed up defenses,” Ting mentioned.

John Morello, Co-founder and CTO, Gutsy. “Gen AI has nice potential to assist safety groups navigate the overwhelming quantity of occasion information they at present wrestle with. Legacy approaches of information lakes and fundamental SIEMs that merely gather information however do little to make it approachable will be remodeled with a lot higher usability by having a extra conversational interface.” 

Jason Urso, CTO, Honeywell Linked Enterprise. “Essential infrastructure has at all times been a first-rate goal for malicious actors. Prior profitable assaults concerned substantial complexity past the aptitude of a mean hacker.  Nonetheless, gen AI lowers the bar by enabling much less skilled malicious actors to generate malware, provoke refined phishing assaults to achieve entry to techniques, and carry out automated penetration testing,” mentioned Urso. 

Orso sees the threatscape evolving to AI defending towards AI.  

“Therefore, my prediction is that gen AI might be used as a way for closed-loop OT protection – dynamically altering safety configurations and firewall guidelines primarily based on modifications within the risk panorama and performing automated penetration testing to focus on modifications in danger,” mentioned Urso. 

Srinivas Mukkamala, Chief Product Officer, Ivanti.  “2024 will spark extra nervousness amongst employees in regards to the affect of AI on their careers. For instance, our latest analysis discovered that almost two out of three IT employees are involved that gen AI will take their jobs within the subsequent 5 years. Enterprise leaders should be clear and clear with employees on how they plan to implement AI in order that they keep gifted staff – as a result of dependable AI requires human oversight,” mentioned Mukkamala. 

Mukkamala additionally warned that AI will create extra refined social engineering assaults. “In 2024, the rising availability of AI instruments will make social-engineering assaults even simpler to fall for. As corporations have gotten higher at detecting conventional phishing emails, malicious hackers have turned to new strategies to make their lures extra plausible. Moreover, the misinformation created by these AI instruments by risk actors and people with nefarious intentions might be a problem and actual risk for organizations, governments, and other people as a complete,” Mukkamala mentioned.

Merritt Baer, Area CISO at  Lacework, “Don’t fear, the robots aren’t taking up. However I do anticipate the character of labor to vary. We’ve seen people automating repetitive duties, however what if we are able to go additional? ” Baer mentioned. What in case your gen AI agent cannot solely immediate you to put in writing an automation (‘This can be a drawback/request you’ve seen X instances this week; do you need to automate it?’), however counsel the code it might take to script that remediation or to patch that asset. I anticipate that jobs will mirror what the godmother of pc programming, Ada Lovelace, foresaw: people are important for artistic and revolutionary pondering; computer systems are good at dependable processing, deriving patterns from giant datasets, and imposing actions with mathematical accuracy.”

Ankur Shah, SVP of Prisma Cloud at Palo Alto Networks. “Safety groups right this moment can not sustain with the tempo of software growth, which ends up in numerous safety dangers reaching manufacturing environments. This tempo isn’t slowing down as AI is predicted to develop software growth 10X, with builders making the most of the know-how to put in writing and ship new code sooner than ever.  To degree the enjoying discipline for safety groups to maintain tempo, organizations will flip to AI. That mentioned, AI is primarily an information drawback, and should you don’t have sturdy safety information to coach AI, then your potential to cease dangers is squandered,” predicts Shah. 

Matt Kraning, CTO of Cortex, Palo Alto Networks. “Proper now, safety analysts need to be this sort of unicorn, capable of perceive not solely how the attackers would possibly get in but additionally how one can arrange complicated automation and queries which are extremely performant over excessive volumes of information. Now gen AI will make it attainable to work together with information extra simply,” Kraning mentioned.  

Christophe Van de Weyer, CEO, at Telesign. “Fraudsters are utilizing gen AI to scale up their assaults. In consequence, 2023 was a file yr for phishing messages, which trick folks into sharing their credentials. Gen AI is utilized by criminals to put in writing the messages within the sufferer’s language and within the model of a message from a financial institution, for instance. That’s why, in 2024, I consider the flexibility of shoppers to simply decipher legit from fraudulent emails and texts will almost be erased. It will speed up the actions that companies are taking to bolster defenses. An elevated deal with account integrity might be key. Keep in mind that phishing and different assaults are sometimes used to take over accounts and execute extra vital thefts. Firms ought to use AI to risk-score logins and transactions primarily based on an ongoing evaluation of fraud indicators. And cybersecurity companies ought to broaden the vary of fraud indicators that ML can study, to tell safety measures,” mentioned Van de Weyer.

Rob Robinson, Head of Telstra Purple EMEA.”The variety of information factors safety professionals now have accountability for monitoring and managing is eye-wateringly excessive. And with the proliferation of the cloud and clever edge deployments, this can solely enhance within the coming years. While attempting to keep away from plenty of the guff round AI, the know-how is ideally suited to unravel among the safety business’s most troublesome issues round risk detection, triage, and response. In consequence, in 2024, we’ll see AI remodel the mandatory expertise required of CISOs as soon as once more,” Robinson mentioned. 

Vineet Arora CTO of WinWire.  Arora predicts, “Gen AI will considerably increase human capabilities in cybersecurity. I foresee gen AI enabling much more automation in at present human-managed safety workflows in risk intelligence, safety hardening, penetration testing, and detection engineering. Many mundane duties like log evaluation, incident response, and safety patching will be automated by gen AI, releasing up helpful time for safety analysts to deal with extra complicated cybersecurity issues. On the identical time, malicious human actors leverage gen AI to create extremely life like situations for social engineering assaults, impersonated software program as malware, and complicated phishing campaigns.”

Claudionor Coelho, Chief AI Officer, and Sanjay Kalra, VP, Product Administration, Zscaler. “Gen AI can have a considerable and far-reaching affect on compliance within the coming yr. Traditionally, compliance has been a time-consuming endeavor encompassing the event of rules, the implementation of constraints, the procurement of proof, and responding to buyer questions. This has primarily been targeted on textual content and procedures, which can now be automated,” Coelho and Kalra mentioned. 

Clint Dixon, CIO of a big international logistics group. “That is how cybersecurity will work; it is going to be an AI world. As a result of it’s transferring so quick and the quantities of information there and the fashions, they’re too complicated and too huge to anticipate that groups of people will have the ability to learn and interpret it and take actions from it and try this. So it’s what’s going to attract I’ve cybersecurity on the go ahead,” mentioned Dixon.