Generative AI tools such as ChatGPT (and its counterparts Bing AI, Google Bard, among countless others) have recently gone mainstream at an incredible and unprecedented pace. Almost overnight, these tools and their myriad of use cases have dominated global news headlines.
With the infinite possibilities and opportunities artificial intelligence (AI) offers, there is no doubt that it will be a game-changer for Singapore businesses in our hyper-connected digital world. Singapore is at the forefront of AI developments, bolstered by its position as the region’s leading innovation and technology hub. The nation also previously announced plans to launch a $50 million programme to advance research on AI and cybersecurity.
Clearly, we are just at the tip of the iceberg when it comes to the AI renaissance, with its influence akin to the invention of the Internet, smartphones, and cloud computing.
With that said, the swift advancements in this new technology have also raised the stakes for companies looking to strike while the iron is hot and leverage these innovations for growth and success. Looking beyond its benefits, AI does also bring challenges and risks to the table for businesses, as malicious actors also use AI to perform nefarious tasks for their benefit. The sky's the limit when it comes to AI, including questionable uses such as writing code to identify and exploit vulnerable systems, generating phishing emails tailored to victims, and even deep fakes of executives in misleading scenarios.
Against this backdrop, it is crucial that businesses stay vigilant and ramp up their cyber defences as they adopt AI into their operations. While the Singapore government has safeguards and frameworks in place for AI adoption, businesses need to be proactive to ready themselves in the face of any potential AI-run cyberattacks.
Here are three ways businesses can keep their systems, data and networks secure:
See also: Keys to achieving human-centred automation testing
Augmenting skills with AI
Rather than be afraid of AI or struggle to match every offensive AI threat with an AI countermeasure, businesses can instead use AI to enhance the skills and abilities of their cybersecurity team.
This is particularly important in the cybersecurity field, which has continued to face shortages of skilled talent. In Asia Pacific, the cybersecurity workforce gap stands at approximately 2.1 million. Locally, that gap is approximately over 3,000. As Singapore continues to digitalise, cybersecurity roles will steadily rise in demand. With AI, those new to the field can get help with the automation of manual, routine duties, and higher-level security engineers can enjoy greater coding and scripting capabilities.
See also: Human element still important for effective mass communication
Setting up additional layers of email protection
Email continues to be the number one entry point for cyberattacks. With AI, cyberattackers can take their social engineering and phishing tactics to the next level, making these emails hyper-realistic and easy to fall for.
It is imperative that security teams educate employees on better identifying these phishing attacks so that they do not fall prey to them and enable a malicious actor to penetrate the organization’s network. This includes organising regular training and refresher sessions and providing a platform to report any suspicious activity they encounter in their day-to-day activities.
Even then, human error is inevitable. On the technical end, companies can protect their employees with the use of advanced email security tools. These tools go beyond the basic filtering done by email services, and can comprehensively block attacks across different vectors, even if it is coming from trusted senders or domains.
Moving towards a robust, holistic cybersecurity strategy
Beyond phishing emails, AI poses potential risks to company data and applications, especially as its increasingly prevalent use means greater exposure to multi-faceted attacks. For instance, internet-facing applications used by employees are particularly vulnerable to bot and AI-driven attacks.
Organisations should move beyond protecting networks with a traditional castle-and-moat perimeter and focus instead on where data lives and how users and applications access it. This means adopting a more robust, holistic cybersecurity strategy – which can be achieved through a Zero Trust architecture. With a Zero Trust security model, organizations maintain strict access controls by trusting no one, even those already inside the network perimeter. This way, attackers do not get free rein over the organization’s data and applications even if they penetrated the initial network layer.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
As AI use becomes more prevalent among employees, organisations should also implement acceptable use policies, technical controls and data loss prevention measures. This will go a long way in protecting both employees and the company.
Still in its nascent stages, generative AI has the potential to develop by leaps and bounds in the years ahead. Cybersecurity professionals should stay curious and experiment with these tools, in order to gain a better understanding of their use cases and be able to respond to any malicious use.
The AI renaissance is just starting and its infinite benefits outweigh any potential threats. However, it is important that businesses know how to use such technology safely.
John Engates is the field CTO of Cloudflare