1. Learn if AI is important to your business
The rise of productive AI has been a game changer across industries, including cybersecurity, but not always for the better. Cyber technology and security researcher Erik J. Huffman warns: “With AI, we know it can be very helpful, but we’re all holding our breath, wondering how it will be used for us. Whatever we’ve developed well, attackers will just take it and turn it upside down. They are more creative than us on the side of good people.”
Huffman points to an early example of this being WormGPT, and how it makes coding for malicious actors easier. “It’s ChatGPT, but with malicious intent. It will create ransomware for you. It will create malicious code and vulnerability … it took the task of coding a threat actor and made it really easy, especially for non-native English speakers, non-native Chinese speakers, or non-native Italian speakers. Now you can write a phishing email in any language you want, and it will read politely.”
His advice to CISOs in the new year is to take the time to consider whether AI is right for their business. Ask yourself, ‘Do you really need us?’ You can just follow a trend because everyone else is doing it, and you can just put an AI solution in your organization because the CEO says, ‘Hey we need some AI here’.
Source link