The evolution of AI: A Security Analyst’s point of view

Iqra Haq has been a Cyber Security Analyst in Celerity’s Security Operations Centre since July 2021, responsible for safeguarding our clients’ critical digital assets and ensuring that their IT systems and networks are vulnerability free and as fortified as possible.

In this article, Iqra shares her thoughts on the rapid growth of AI tools such as ChatGPT, and how they are evolving the cyber security landscape for better or worse.

AI and ChatGPT – Taking the world by storm

AI is evolving at never-before-seen rates. It helps in both our personal and professional lives, whether we are seeking a quick, specific answer for a difficult task, or struggling to think of a structure for an important letter. You can even use AI applications like ChatGPT to learn a new language! What was once almost science-fiction to many people has quickly become a mainstream and fundamental part of daily life. In fact, globally ChatGPT is now used by over 100 million individuals. Given that it was launched less than a year ago the rate of its growth is staggering.

For businesses and organisations, AI and automation rapidly speeds up decision making and efficiency. It can help with strategic planning decisions, enables your employees to become more productive, and improves accuracy of things like data and reporting by cutting out human error and mistakes. For good reason, businesses are racing to incorporate as much AI into their operations as possible.

Unfortunately, there is a flipside. Looking at it from a cyber security perspective, it also facilitates cyber-crime. AI provides an open door for keen but inexperienced cyber criminals to quickly learn and produce malicious scripts and develop their hacking skills, and also allows the most harmful organisations such as Black Basta to incorporate AI into their destructive malware variants. This means that AI will not only bring about an increase in the volume of cyber-crime as a whole, but also an increase in the number of highly advanced threats than can devastate an entire corporate network in minutes.

ChatGPT – Ripe for exploit?

ChatGPT can get highly specific information for you in seconds – and it doesn’t matter what sort of information you’re looking for. For the vast majority of requests it's an incredibly useful tool, but in the wrong hands ChatGPT, or a similar AI technology, could potentially be used with more malicious intentions.

There’s a couple of ways to look at this. The first is to ask, what is to stop advanced cyber criminals evolving their tactics and finding a way to use it to harvest vast quantities of personal information? You might think that this sounds far-fetched, but almost everyone views Google as the leading search engine and that now contains a concerning number of websites that could be used to “drive by download” a Trojan Horse virus onto a victim’s computer – 10% of all websites in fact. Furthermore, 70% of malicious sites are found on legitimate websites that have been targeted by hackers. If genuine websites on the world's largest search engine are being exploited to facilitate malicious activity, what is to stop this potentially happening to AI sites such as ChatGPT later down the line? Where there’s a will, there’s usually a way.

ChatGPT could also be used to directly facilitate cyber crime. Now, ChatGPT already has an built-in function that prevents it from generating any content, such as instructions, that could be used to commit various types of crime including cyber. However, it has other functions that can be used by criminals to improve their attack tactics. For example, ChatGPT can instantly translate a piece of content into a chosen language; the majority of cyber crime originates from abroad in countries that don't speak English as a first language, making grammatical errors one of the key indicators of a phishing attempt. Criminals could use ChatGPT to write phishing emails in fluent foreign languages, making them more believable and increasing their effectiveness. Between 80 and 90% of cyber attacks begin with a phishing attack, so this is a particularly concerning capability.

How AI benefits the life of a security analyst

Fortunately, it's not all doom and gloom with AI in cyber security. AI brings huge benefits to my role as a Cyber Security Analyst, from both consumer applications such as ChatGPT and more complicated security tool integrations.

When it comes to AI in my day-to-day role, I think that its most useful application is actually when it comes to saving me time on routine tasks. ChatGPT often helps me to quickly understand new technical terms or technologies, without having to spend hours going on an internet deep dive or getting to grips with integration documents. It also helps me to write custom scripts that I can automate routine tasks with, like security scanning, so that I can focus my time on more important tasks.

A significant amount of the cyber attacks that we see within the SOC use their own AI. Automation and AI has therefore become paramount to our ability to help our clients defend themselves. It takes the pressure off security events and helps myself and the team to act in a swift, controlled and accurate manner. The machine learning that comes with our advanced security tools means that we're better able to identify new threats and zero-days, and overall just helps with the reassurance and confidence that no stone has been left unturned.

The role AI plays in cyber security

For cyber security in general, AI and automation helps to enhance all areas of your defence. It improves your decision making, efficiency, and accuracy – high levels of accuracy allow you to quickly pinpoint genuine threats and swiftly respond. This greatly augments your threat detection and response capabilities.

Speeding up your response is one of the most influential ways to reinforce your cyber posture. Manual human intervention in cyber incidents is a slow process compared to AI driven security tools that can rapidly execute events and eliminate threats. You’ll also remove the human error element of manual intervention, which ensures that the threat is completely expelled from your systems and isn’t hiding away somewhere overlooked.

A final word

If I had to sum it up, the best way to fight fire is with fire. AI is now openly available and anybody can get their hands on it. Unfortunately, we can't stop criminals from using it to evolve their tactics and target organisations, so therefore it's essential to be proactive and as a result prepared. A security strategy that isn't using AI is going to struggle. The longer an attacker is in your system, the more time they have to spread and escalate, and thanks to automated cyber crime there really isn't much breathing room. Introducing AI and automation of your own into your SIEM and Threat Response capabilities is the only way to make sure that you can stay ahead of the cyber criminals and safeguard your critical assets.

Cyber Resilience Assessment

Celerity’s Cyber Resiliency Assessment is designed to identify gaps, strengths, & weaknesses against best practice requirements based on the NIST Cyber Security Framework, helping you to understand the risk and maturity level of your environment.

In turn, you’ll be able to create a plan to protect your business and streamline your data security processes, with a customised cyber resilience strategy that is fitted to your vision and mission.

Download the brochure here, or get in touch with us to learn about this free evaluation of your data protection strategy.