International. One of the most difficult aspects of cybersecurity is prediction. What events will change the landscape? How to prepare for it? Unit 42 researchers shared their forecasts and how to use Generative AI to protect themselves.
The adoption of Artificial Intelligence is evolving faster than other similar technological advances. It took the world approximately 23 years to grow the internet to one billion users. Mobile technology only took about 16 years. And at its current rate, Gen AI will reach the one billion user mark in about seven years.
With this rapid growth rate, cybersecurity experts anticipate the possible risks that will be threatening business activity, as well as the daily lives of millions of users around the world, so it will be necessary to begin to recognize these dangers to prevent being victims of cyberattacks in the near future.
Today, anyone with an internet connection can access dozens of powerful AI models. From generating synthetic images to task-specific analysis, it's easy to experiment and develop with technology that was previously only available to the most senior organizations. There are already multiple niches that are taking advantage of it to develop new opportunities. Security professionals use it to detect subtle attack patterns and respond accurately. Analysts use it to gain real-time insights from vast amounts of data. Developers use it as a coding assistant and thus in different productive sectors from heavy industries to high-tech services, education, science, among others.
However, with that accessibility and capacity come concerns. Could malicious groups use AI to advance their attacks? Could AI be used to do harm as well as good? Could I build malware? Indeed, criminal groups have been working just as hard. They are using Gen AI to mount more sophisticated, faster, and larger-scale attacks.
Researchers at Unit 42, cybersecurity experts at Palo Alto Networks, are working with organizations of all sizes around the world and have documented the various attackers using this technology to exploit software and API vulnerabilities, creating malware and launching more elaborate phishing campaigns. As this technology infiltrates more business processes and organizations develop internal AI Gen tools, attackers will work to undermine and exploit the mechanisms of those tools.
Unit 42 projects that in the next five to seven years, many existing applications will be enabled with natural language processing capabilities. In addition, it is
they will build new AI-centric applications from the beginning and not added later. This means that organizations need to protect themselves with systems
that integrate AI from its initial design.
Adopting generative AI safely
The effective and safe use of Gen AI requires everyone involved to have at least a rudimentary understanding of how it works. This is important both for
recognize how it is used within the business, such as to identify when it is used by criminal groups through their new cyberattack strategies.
It's important to recognize that conventional cybersecurity tactics are still relevant in the age of AI. So the indication is to continue with the efforts towards a Zero Trust architecture and keep the systems updated more quickly and completely, as well as to stay updated with the suggestions of cybersecurity experts who determine in their response to incidents, which defenses are most effective against today's attackers and which are losing effectiveness.
With this in mind, the next thing to consider is tracking and monitoring the use of AI to make sure that sensitive user or business information doesn't get left behind
exposed or filtered through an application. Today, various tools are available for this purpose that facilitate this inspection of content on any device automatically. And most importantly, take these measures as early as possible. The security that is considered in the end is not as effective.
The good news is that AI will be able to help strengthen any defense strategy. With its use, you can speed up the heavy lifting, as well as automate different processes that can be tedious and time-consuming, so it will be very efficient in reducing the large-scale load on the protection of networks and security infrastructure.
The recommendation is to start in a simple way, in principle it can be implemented for the execution of tasks that are repetitive and consume a lot of time. Although Gen AI may be inaccurate or wrong, so are many steps performed by humans. So you'd better have the AI do that job more agilely,
as long as the human verifies the process.
Throughout 2024, Unit 42 has been exploring the attackers' capability through tracking as well as experimentation. Although it has not yet been
It has been determined that AI alone is capable of crafting an attack from scratch, it is recognized that with its help they have managed to increase speed, scale, and sophistication.
They are currently continuing to investigate the effectiveness of its use to create, modify and debug malware. Although today that ability is mostly rudimentary,
they believe that it will continue to improve rapidly.
There is a great deal of effort examining how Generative AI can be used in programming for legitimate use cases, which can reduce the cost and time of
creation of products and services. Given these advantages, there is no reason to think that malicious actors would not want to leverage these same aspects for malicious purposes that could change the global cybersecurity landscape.
