Between the congressional testimony, the magazine news-show features and prominent executive interviews, it’s hard to escape the predictions and warnings about the impacts of artificial intelligence (AI) on our lives. But, in the critical field of cybersecurity, AI is just the latest tool available to hackers as well as security professionals.
What is AI and why is it getting so much attention?
ChatGPT is the fastest-growing consumer app in history and the tip of the AI iceberg. Artificial intelligence is a family of technologies that use vast amounts of cloud computing to synthesize voices, generate images and video as well as compose convincing and well-formed text. Taken together, Sundar Pichai, Google CEO, said the impact of artificial intelligence may be more profound than the discovery of fire or electricity.
Enter a simple question or directions into ChatGPT and prepare to be amazed. The speed, sophisticated language skills and infinite depth of knowledge is remarkable. In less time than it took me to compose this sentence, AI can write a thesis on virtually any topic imaginable. The power of that technology to harness information and improve productivity isn’t hard to grasp. But, much attention has been focused on the dark side of AI. Progress on developing artificial general intelligence (AGI) is what has prompted Elon Musk, Steve Wozniack and other technology leaders to call for a “timeout” while guardrails are built and rules and regulations are put in place to manage AI before the machines become smarter than the humans they’re meant to serve.
Geoffrey Hinton, commonly referred to as the Godfather of AI, recently left Google to allow himself to speak freely about the technology that has been his life’s work. Hinton has said his greatest concern is the pace of AI “learning” and the existential threat to humans if the capabilities are left unguarded and in the hands of “bad actors.”
There is a positive side to the AI debate. When applied to the largest and most complex puzzles faced by science and engineering, AI has the potential to cure cancer and reverse the effects of climate change. However, policies and regulations are needed to keep AI advancements in the proper lane. As Hinton said, the responsibility of government is to ensure AI was developed “with a lot of thought into how to stop it [from] going rogue.”
OpenAI CEO Sam Altman recently testified before the Senate Judiciary Committee on Privacy and Technology and called for government regulation and oversight of AI to ensure the same mistakes Congress made at the dawn of the social media era aren’t made with AI.
Why do the security experts say, ‘AI and Chat GPT are Scary Sh*t!’?
Business leaders and information-security specialists have spent years and mountains of money building cyber defenses and training their people to be effective as the front line of those defenses. Everyone has been admonished to strengthen passwords and change them frequently and “Think before you Click.” Kevin Pentecost, information security director for Standard Motor Products (SMP), explains: “Ninety-five percent of cyberattacks involve a keyboard and a human reacting to social-engineering prompts that play on our fear, greed or anxiety.” What is true of phishing and other cyberattacks is there is a human at the other end of the ethernet line trying to get their victim to click the malicious link or reveal the keys to the castle.
Imagine for a moment if the cybercriminal was virtual. If ChatGPT and deep-fake video and voice productions were used at scale in social-engineering attacks, the odds of finding a victim are certain to increase.
“It’s a daily arms race to stay one step ahead of the cybercriminals,” Pentecost says.
For perspective on what’s at stake in this arena, Jason Popillion, director Automotive Aftermarket at SPS Commerce, explains, “Ultimately, hackers are going to get in. It’s more about eliminating what they will have access to when they do get in. As the saying goes, the good guys have to be right 100% of the time. Hackers only have to be right once.”
Pentecost and Popillion, both certified information systems security professionals (CISSP), have teamed up to produce the “Cyber Distortion” podcast series. This informative and entertaining series features their insights and conversations with information-security experts on a wide range of topics and trends. In the fast-changing world of cybersecurity, it’s critical that you stay abreast of the latest information. This podcast is must-see viewing for anyone responsible for safeguarding your computing environment: www.youtube.com/@TheCyberDistortionPodcast/
What defensive steps should you take RIGHT NOW?
Pentecost explains, “You have to fight fire with fire when it comes to securing your information against AI-powered cyberthreats.” Many security software companies are already developing AI defenses to detect malicious code or other AI-generated threats. Popillion added: “The basic tactics of the bad guys aren’t expected to change. But the scale and pace of adoption are going to increase dramatically. AI is a scaling agent” … available to hackers and good guys equally. Since the genie is already out of the bottle, defending your business systems and information requires “defensive depth” and multiple layers of protection, and training, training and more training.That’s because your people are the most critical asset in detecting and reporting threats.
The top defensive measures you can take to defend against a cyberattack (AI-powered or not):
• Stay informed – Stay up-to-date with the latest trends and techniques related to AI-based cyberattacks.
• Employee awareness and training – Teach them how to detect and report suspicious activity. And update the training continuously.
• Robust password and access management – Enforce strong password policies and implement multi-factor authentication (MFA) wherever possible.
• Secure network infrastructure – Implement firewalls, intrusion-detection systems and secure routers to protect your network from unauthorized access.
• Regular software updates and patching
• Data encryption – Encrypt sensitive data, both at rest and in transit.
• Secure AI systems
• Regular data backup
• Incident-response plan
• Engage security professionals.
*** This list of measures was written by ChatGPT in response to this query: “What should I do to protect my business from cyberattacks using AI?”
The mission statement at Open AI, the creators of ChatGPT, is to “ensure artificial general intelligence (AGI) benefits all of humanity.” It sounds like something lifted directly from a sci-fi thriller. But this is real, and it is happening now (or yesterday). The benefits of this technology are certain to transform our world in the way fire, electricity and the internet affected humanity.
Business leaders have a responsibility to use every available tool, including AI, to guard against those who would do them harm. Make this an urgent priority in your business and IT planning. And, tune in to the next episode of “BattleBots” for a glimpse of what you’re up against.