AI’s role in cybersecurity is paradoxical: a tool for both attackers and defenders. The same capabilities that make AI a powerful ally in the fight against cybercrime can also be exploited by malicious actors to develop more sophisticated and targeted attacks.
AI as a tool for cybercriminals
As AI systems become increasingly sophisticated and pervasive, cybercriminals are harnessing its power to launch more sophisticated and targeted attacks.
For example, phishing emails have evolved from basic deceptive messages to highly sophisticated attacks that are increasingly difficult to detect and significantly more dangerous. Today, 40% of phishing emails targeting businesses are generated using AI, according to VIPRE Security Group.”
Attackers are also successful at using methods like deepfakes — a form of AI that can be used to create convincing hoax images, sounds and videos — to perpetrate fraud or manipulate an audience into action.
And AI’s adaptive nature is one of its most potent features in social engineering attacks, which manipulate people into giving away sensitive information or compromising security through company email but increasingly through other modes like text messages and social media.
By using AI in these attacks, cybercriminals can appear more credible and trustworthy, leading more victims to fall for fraud attempts or manipulation, which could lead to system compromise and data loss.
Empowering defenders at the speed of AI
At its heart, AI recognizes patterns and abnormalities in massive datasets — that is why it is such an important component of modern cybersecurity.
For example, AI enhances threat detection through advanced pattern recognition and anomaly detection. Unlike traditional methods, AI can analyze vast amounts of data in real-time, identifying threats that might be missed by human analysts. This leads to faster incident response times and reduces the window of opportunity for cybercriminals to take advantage of a compromise.
AI also enables predictive analytics, allowing businesses to anticipate and mitigate potential threats before they materialize. By analyzing historical data and identifying trends, AI systems can provide insights into future attack vectors, enabling proactive defense strategies before a human analyst even gets involved.
For example, DXC is working with Microsoft product teams to help shape Microsoft Security Copilot: a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes. Today 44% of organizations can confidently identify ways AI could strengthen their security systems, according to the Ponemon Institute.
AI as a force multiplier
As organizations confront the complexities of escalating cyber threats, they need people with the right skills to protect their data and systems.
The good news is AI can work as a force multiplier for smaller security teams, which gives organizations a better chance against the newest vectors of cyber risk.
This is not meant to replace valuable and scarce expertise, but rather augment it by using AI to support overtaxed security analysts, identity management professionals and incident responders who need to sort through an increasing amount of information to do their jobs.
Today 50% of organizations say they’re using AI to compensate for a cybersecurity skills gap, according to the Ponemon Institute.
For example, the integration of AI in security operations centers automates repetitive and time-consuming tasks. AI can handle routine monitoring, data analysis, and initial incident responses, freeing up human analysts to focus on more complex issues and higher-value tasks.
This not only increases efficiency but also improves the accuracy, reliability, and velocity of security operations.
About the Author
Michael Baker currently serves as Vice President & IT Chief Information Security Officer for DXC Technology. An accomplished cyber security executive, Baker brings over 20 years of experience in the field across cyber leadership, talent development, risk management, audit, and compliance serving the aerospace and defense industry as CISO along with a variety of clients across industries as a seasoned consultant. As CISO, he manages a team of professionals across internal cyber operations, network defense, policy, awareness, incident response, threat intelligence, secure architecture, and reputational protection. Baker is also a current member of the Cybersecurity Maturity Model Certification Accreditation Body Industry Advisory Group (CMMC-AB IAG).
Michael Baker can be reached at https://www.linkedin.com/in/michaelebaker/
