Will AI prove to be a substantial advantage for cybercriminals?
1. AI will be a huge boon to cybercriminals
before it becomes a help to security teams.
- Cybercriminals will gain an advantage with advanced AI tools before their targets can implement AI defenses.
- Legitimate businesses face hurdles in adopting new technologies due to costs, regulatory requirements, and reputational risks, giving cybercriminals an initial advantage.
- Mario Duarte anticipates a leveling of the playing field over time, but expects challenges and vulnerabilities during the transition.
2. Generative AI will make lowbrow
cyberattacks smarter:
- The deployment of advanced AI by cybercriminals raises concerns about potential sci-fi-level malevolence and sophisticated attacks.
- Mario Duarte emphasizes that, initially, cybercriminals are likely to leverage basic, effective attacks, with phishing remaining a significant threat.
- Generative AI is expected to enhance the success of phishing attacks, potentially catching people off guard.
3. Cyberattackers will continue to shift left.
- The shift towards DevOps/DevSecOps emphasizes moving testing and remediation left in the software development lifecycle, reducing human error in production through automation.
- Automation in the production environment minimizes opportunities for human error that cybercriminals exploit as entry points.
- Cyber attackers are targeting developer environments for potential human mistakes, posing a challenge for security teams to defend against, given the inherent chaos and experimentation in development.
- Despite the difficulty in creating baselines for acceptable development activity, Mario Duarte expresses confidence that, with time, security teams will effectively counter these shift-left attacks using a combination of human efforts, machine learning, and AI.