Generative AI Fuels Cybersecurity Attacks as Stress Mounts for SecOps Teams

By Greg Tavarez, TMCnet Editor  |  August 31, 2023

Just when things start to cool off a bit surrounding generative AI, it manages to become a main talking point again. It makes sense that the flames have been reignited, though; generative AI can have many benefits

As we know, generative AI automates repetitive tasks to free up time for more important duties. It can analyze large datasets, provide insights, share predictions, and inspire and augment human creativity to generate new ideas and designs. Generative AI improves customer satisfaction and retention rates, increases productivity significantly and produces visually more appealing photos and movies than hand-made ones.

With those capabilities on the long list of what generative AI can do, it’s no wonder 69% of senior security operations professionals have already adopted generative AI tools within their organization, with the highest adoption taking place – 80% – within the finance sector, according to a report from Deep Instinct.

However, that's only the light side of generative AI. Not to bring Star Wars too much into this, but there is also a dark side here. It comes with data privacy concerns, undetectable phishing attacks, and an increase in the volume and velocity of attacks as a whole. And nearly half of senior security professionals are commenting on this, citing how generative AI increases their organization’s vulnerability to attacks (with all of these concerns in the back of their mind).

And sadly, the technology has already been repurposed by bad actors. The prime example is WormGPT, a generative AI tool advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise attacks.

It’s because of those concerns, on top of the already difficult ransomware concerns, that security professionals say their stress levels have increased; the top reason being staffing and resource limitations. In fact, according to the study, more than half are likely to leave their job in the next 12 months as a result of stress.

Adding to the already mountain of stress are false positives from antiquated cybersecurity tools that create a strain on security operations teams’ time. False positives account for over two working days of lost productivity per week. This has caused dissatisfaction with current security tools, with most respondents saying they deserve better from Endpoint Detection and Response and Next-Generation Antivirus solutions.

“In this new era of generative AI, the only way to combat emerging AI threats is by using advanced AI – one that can prevent and predict unknown threats,” said Lane Bess, CEO of Deep Instinct. “Assuming breach has been an accepted stance but the belief that EDR can get out ahead of threats is simply not true. A shift toward predictive prevention for data security is required to remain ahead of vulnerabilities, limit false positives and alleviate security team stress.”

It’s impossible to prevent threats with EDR tools. There needs to be a change from the industry: prevention must take precedence over reactive protection.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]