Generative AI: How to protect firms in evolving landscape

BD AI

An inflexible rule of technology is that any tool that can be put to good use can also be put to nefarious use. PHOTO | SHUTTERSTOCK

An inflexible rule of technology is that any tool that can be put to good use can also be put to nefarious use, and never has this been truer than with Artificial Intelligence (AI).

Generative (Gen)-AI, a subset of artificial intelligence, comprises of technology systems that can produce new content, such as images, text, music, audio, and even code, based on patterns and data inputs. Whereas traditional AI models rely on explicit instructions, Gen-AI employs algorithms to generate content autonomously, often mimicking human-like creativity and intuition.

The transformative impact of this technology has been immense for a large number of organisations with McKinsey predicting that the economic potential of Gen-AI could add between $2.6 trillion to $4.4 trillion in global corporate profits annually. Its ability to enhance creativity by generating new and original content enables businesses to explore innovative ideas and creative solutions.

On the flip side, Gen-AI introduces emerging issues that can be deemed as its disadvantages such as ethical concerns related to intellectual property, privacy, and misinformation, data quality issues, lack of control, and integration complexities that require specialised knowledge and expertise.

A key concern is how it has given rise to a new generation of cyber threats. These include increasingly sophisticated phishing emails created with Gen-AI and elusive or polymorphic malware which is a type of malicious software characterised by a continuous change in its code to evade detection by antivirus and other security measures.

With only a little coding experience it is even possible to modify publicly available exploits to create new versions of malware. The possibilities are endless when it comes to exploiting organisational vulnerabilities.

So, how can organisations protect themselves?

With the rapid pace that Gen-AI is evolving at, it is crucial for businesses to act with urgency in responding to the risks presented and secure their operations immediately. To put this into perspective, over 560,000 new pieces of malware are detected on a daily basis and phishing emails contribute to 91 percent of cyberattacks.

In terms of immediate protection, let us circle back to the incredible power of Gen-AI when used as a defensive approach to cybersecurity.

Gen-AI's extensive capabilities empower security teams to process and understand massive volumes of data from various sources, such as network traffic, employee data, supply chain data and alerts, among others.

This helps teams identify patterns, trends, and anomalies that may indicate potential threats or vulnerabilities more efficiently so that the appropriate defence can be deployed. Without this defence, many incidents could easily fall through the cracks.

In terms of automation, AI technologies have been the game-changers in streamlining various tasks that are prone to human error, such as incident investigation threat hunting, and malware analysis. This helps to improve efficiency and accuracy in terms of threat detection.

Research conducted by security experts during the fourth quarter of 2023 suggests that data breaches exposed more than eight million records worldwide and remain one of the biggest security concerns for organisations.

Security teams are able to protect sensitive data and information from unauthorised access or leakage by using AI to create synthetic data that mimics real data without revealing its identity or content. This helps reduce the risk of data breaches or misuse.

Harnessing the power of Gen-AI also presents a remarkable opportunity to tackle the ongoing skills gap within the security sector. Leading this technological advancement are security tools that push the boundaries of AI, incorporating Gen-AI capabilities to bridge this gap effectively.

These cutting-edge tools not only learn from the actions of seasoned defenders but also mimic their strategies, enabling them to offer insightful suggestions to less experienced defenders when faced with similar scenarios.

It is without a doubt that one way or another organisations are going to encounter AI technology in the near future, there is no way of getting around it in a digitally transformed world. This is why it becomes crucial that organisations reassess their security strategies and tools. Rather than simply investing in AI expertise, the focus should be on identifying security technologies that harness AI to its fullest extent.

Whether it’s amplifying security efforts or embracing process autonomy in operations and posture assessments, the goal remains the same: fortifying and propelling our defences against the misuse of Gen-AI well into the future.

Robert is Team Lead at the Threat Intelligence Centre, NTT DATA East & West Africa.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.