Jamie Smith, Head of Cyber Security at S-RM, says AI is ‘a double-edged sword’ due to the positives and negatives it presents organisations
London, 29 January – In its latest Cyber Security Insights Report, global corporate intelligence and cyber security consultancy S-RM found that almost all (97%) C-Suite and Senior IT Professionals plan to increase their use of AI-based technologies over the next 12 months, outside of IT/IT Security.
However, only 53% expressed full confidence in their security function’s ability to secure the use of AI across the business. The main concerns include the risk of AI gaining unauthorised access to data and leaking it without robust governance; ensuring AI’s dependability in threat detection without misinterpretations of vital information; and finding the expertise required to implement this technology and cyber solutions successfully and securely.
AI contributing to more sophisticated cyber attacks
Despite its benefits, the advancement of generative AI also poses an increased risk for cyber security departments.
- Targeted Spear Phishing: AI can automate the time-consuming process of scraping public data, identifying new company joiners, and crafting deceptive emails with malicious links, potentially targeting thousands of individuals with daily customised attacks.
- Ongoing Correspondence: AI's ability to handle multiple conversations simultaneously without confusion or distraction amplifies threats, particularly in cases of persistent schemes such as invoice fraud.
- Rise of Vishing: As voice imitation technology improves, AI could exploit this capability in real-time on consumer hardware, turning phone calls into a more lucrative platform for threat actors to conduct simultaneous deceptive conversations.
Jamie Smith, Board Director, and Head of Security at S-RM, commented:
The advancement of generative AI is a double-edged sword for cyber professionals. On the one hand, it has presented companies with enhanced defensive capabilities, but equally, it has strengthened threat actors’ tactics, techniques, and procedures. The breakthrough of this new era marks a significant juncture for cyber security innovation. Organisations will have to invest in the latest technologies and the best talent to achieve their objectives and stay one step ahead."