ChatGPT has increasingly become a powerful tool, with use cases expanding from customer service requests to even recipe generation based on a picture of your refrigerator contents. Since its launch in December 2022, 49% of companies have reported that they are already currently using the technology – with an additional 30% indicating that they plan to use the tool in the future.
But as businesses look for ways to leverage AI to drive internal efficiencies and improve customer experience, threat actors are simultaneously identifying ways to harness ChatGPT and capitalize on unsuspecting victims. However, with the proper mitigation strategies, businesses can also leverage the tool as a method to strengthen their cyber defenses and, in turn, achieve operational resilience.
Threat Actors Reimagine Attack Strategies with ChatGPT
Phishing emails can often be easy to spot, with their unknown business names, irrelevant questions, or urgency to take action immediately. Threat actors have historically created these types of phishing emails in mass and personalized spear phishing attempts based on publicly available information, scraping online sources for relevant details and writing emails that are intended to make unsuspecting victims disclose sensitive information.
Now, enterprising fraudsters are also using AI tools like ChatGPT to quickly generate sophisticated phishing emails that can easily deceive recipients. Recent research from CheckPoint demonstrates how AI models can create an entire infection flow, ranging from spear phishing to executing a reverse shell. And even worse, it does not take a sophisticated user to generate these threats; even novice users can now use generative AI chatbots to compose phishing emails and create malicious attachments.
Generative AI Boosts Efficiency for Cybersecurity Professionals
As cyber criminals evolve their attack strategies with generative AI, so are cybersecurity teams. Blue Teams (often composed of the security personnel within an organization who work to identify security threats and risks) already leverage chatbots to enhance their defense capabilities. ChatGPT features, including Python queries and PowerShell scripts, save time and can search for anomalies as well as apply mitigations. These capabilities allow cybersecurity staff to use just the same tools as threat actors, but in the beneficial way of automating their organization’s mitigation strategies.
Robust employee cyber knowledge is also crucial, as employees are the first line of defense in preventing a cyberattack. Security teams can use ChatGPT to answer employee cybersecurity questions or simulate realistic phishing attempts with automated response feedback. Chatbots can also conduct regular employee training to reinforce proactive security practices to drive efficiency.
Real-time threat detection is also essential to secure critical data, and generative AI can be trained to detect and alert security incidents in real time. For example, security teams can program chatbots to identify anomalies in network traffic, sensitive data exposure, and malicious files and can then notify relevant staff accordingly. ChatGPT can also quarantine infected machines or block malicious IP addresses to automate incident response procedures. AI chatbot use cases for security incident detection and response allow organizations to achieve quicker response times as well as reduce the burden on human security teams.
Sensitive Data Inputs Threaten Security
Generative AI learns from its inputs, outputs, and subsequent responses, meaning that the information that is uploaded to the AI model enhances the tool’s operational efficiency. As such, if inputting company data, it may become embedded in the tool’s AI model and, therefore, become visible to external users outside of the organization. This possibility has prompted some organizations to ban staff from using the technology over data security concerns.
Improvement-centered generative AI may pose confidentiality concerns for some businesses. Companies should be mindful that input data is subject to associated risk and must take necessary measures to ensure confidentiality.
Achieving Operational Resilience with AI
The cyber threat landscape continues to evolve, as organizations face increasing challenges around confidentiality, privacy, and intellectual property protection. AI is becoming more prevalent in addressing these challenges efficiently, but the use cases are still developing. Organizations must remain vigilant and keep these risks at the forefront of cybersecurity strategies and policies in order to achieve operational resilience efficiently as well as respond to disruptions with agility.
