Listen to the audio version of the article
Artificial intelligence in the field of cybersecurity? It is a weapon that can make (and in various areas is already making) the fortune of those who defend and at the same time a tool that can increase the danger of those who attack. The machine learning algorithms and large format language models at the basis of Gen AI, in other words, are certainly a wild card in the hands of any organization to better manage the risk of accidents (even in a preventative way) but also a resource for cybercriminals to further diversify the threat front, and this dual role is rapidly reshaping the cybersecurity landscape and requiring those who work as Chief Information Security Officers to adapt to keep up. We are therefore in a moment of great evolution of the scenario and the only certainty, for the figures who deal with security, is that the proliferation of AI in the company is constant (according to the “Global AI Adoption Index 2022” drawn up by IBM , 35% currently use AI solutions and 42% are considering using them) and has far-reaching implications at the individual and organizational level. With an added difficulty for CIOs and CISOs that should not be underestimated: in relation to the growing availability and increasingly pervasive use of this technology, not all possible impacts are known today.
What a Chief Information Security Officer does
AI, as various reports dedicated to the topic explain, can have an influence on each of the different functions that characterize the figure of the Ciso, from security governance to risk and compliance management, from tests to verify potential vulnerabilities to protection systems of networks, systems and applications. The first test to face is therefore to understand how the intelligence of algorithms used in a malicious way can breach and cause damage to the company’s infrastructure and jeopardize the integrity of the data. There is a not laughable nuance that makes the role of cybersecurity managers particularly important: compared to the recent past, they no longer operate in a sort of silo separated from the rest of the company but are acquiring, with the acceleration of digital transformation projects , a dimension of strategic leadership within the organization, collaborating closely with the board. In short, from a purely operational role, the Ciso is called to act on a higher (and also complex) level, as a broad-spectrum architect and manager of security: the advent of generative AI will change many cards in play but will not go however, to modify its main responsibility, which remains that of understanding and balancing the critical issues and benefits that derive from new technologies and being very quick in finding and applying the most advantageous solutions for one’s organization. The focal point of the issue, according to various experts, is that all company functions (from HR to marketing through the legal office) are aware of the role of the Ciso in the new world driven by AI.
Will AI take over cybersecurity?
Perhaps the most correct term to describe the current relationship between Ciso and generative artificial intelligence is “experimentation”. In short, the security teams are working to explore and test the potential of technologies such as GPT-4 and GitHub Copilot (cloud application created by GitHub and OpenAI to assist those who work in development environments) and one of the first uses of the same concerns the brainstorming activities of analyst and engineering teams. We are therefore at the beginning, but there are already those who see AI ready to take (in the near future) the command of cybersecurity in the company. As AI becomes more adept at refining its own answers and even creating new models (combining the answers created by the LLM models with new self-generated queries to refine and improve over time) it is also possible that humans ( and specifically the security team employees) become AI assistants: a science fiction and unrealistic scenario? We will find out in the years to come. In the present, and here we are in the order of certain or almost certain things, Cisos already today need more talents to make the best use of this technology and to guarantee that it is exploited in the right way within the organization (we think for example to AI applications loaded on the notebooks of managers of a particular company).
A double-edged sword: how to prepare
AI, as we have said, has a dual value in terms of safety (it helps defenders as well as attackers) and also has the power to affect the work of a Ciso in two directions, one which in some respects makes his work easier. operated and a second which instead makes it more difficult in other respects. We have already heard and told this positive example several times: thanks to the power of algorithms and machine learning, the so-called SOCs (Security Operation Centers) of security companies have more tools to screen the thousands of incoming threat alerts every day, leaving the more repetitive analysis tasks to AI while freeing up (human) resources for other value-added activities. In contrast, AI in the hands of cybercriminals helps write a perfect phishing email and identify weaknesses in a system in seconds, create more sophisticated and resilient malware, and bring a quality of innovation to attacks that people would hardly be able to develop. The belief of many professionals is that Cisos will have to “live” with this double soul of AI for a long time, finding the right answers to manage the impact of this technology immediately and prepare in the meantime to understand how it will influence about their activities (and responsibilities) in the future. Without prejudice to one concept: what works for a Chief Information Security Officer and his own company may not work for another. How to use AI effectively and responsibly and how to mitigate the internal and external risks associated with its application are questions that will continue to evolve as this technology further develops.