Time to transform cybersecurity as good vs bad GenAI debate rages – ET CISO
https://etimg.etb2bimg.com/thumb/msid-107378927,imgsize-173768,width-1200,height=765,overlay-etciso/next-gen-tech/time-to-transform-cybersecurity-as-good-vs-bad-genai-debate-rages.jpg
Bangkok: As industries, governments and law enforcement agencies all over the world struggle to keep up with the vast and ever-evolving cybercrime ecosystem, specialist cyber defenders building and upgrading firewalls, say that sensitisation and prevention are always better than cure. And it is the Generative AI itself that can do the saving.
Much like what Dutch philosopher Desiderius Erasmus said around 1500 BC and is now a principle of modern strategies — ‘prevention is better than cure’ — this health tip may help organisations/individuals to safeguard their data and systems and also secure their unhindered growth.
In achieving the safety targets and ensuring high efficiency, the defenders are continuously working on finding solutions. Organisations worldwide are increasingly turning to these defender groups for guidance, not only on their cyber security solutions, but also for regulations and building cyber resilience.
Dr Dorit Dor, one of the world’s leading women in the cyber world and the Chief Technology Officer at Check Point Software, told IANS here that it is the organisations themselves which have to build a system that ensures safety.
“First thing to understand is that you need to build an architecture. You need to map the elements, the module, how they interrupt and decide what kind of security you build at every juncture or entry point. It not only has to be active, it has to be proactive also. You have to sit down and build an architecture of how you secure it,” Dr Dor emphasised.
“Second, it has to be updateable. Things are changing very fast. It is not that you did security architecture a few years ago and you think you are secure. That’s not going to hold. The build-up of the architecture has to be such that elements would get updated all the time, it has to be like living all the time. The baseline design and the capability of the design are very important.
“Third element is to learn from the cases in other industries or places and inside your own organisation. Maybe you have blind spots or weak spots that need to be fixed. The system needs to be alive all the time. There’s no scope for no updation.”
One of the key elements in effective cybersecurity in today’s world lies not only in robust systems but in continuous education and awareness. “Knowledge is as crucial as technology in this fight against cyber threats,” said Maya Horowitz, Vice President at Check Point Research.
She said: “As cybercriminals grow more sophisticated, our approach to cybersecurity must be dynamic and proactive, not just a static line of defence. Just as da Vinci used his visionary mind to revolutionise art and science, we must harness similar innovation in cybersecurity to counteract the sophisticated cyber threats.”
While cybercriminals are using various phishing techniques, deepfakes and indulging in other coercive activities, awareness and continued updation is being stressed upon by the defenders, who also say that AI can be used to beat AI negativity as well.
Rupal Hollenback, President, Check point Software Technologies, told IANS: “Using AI to combat AI, to be predictive and using AI to get into prevention because the bad guy is at the door. You have to stop them at the gate. You have to be preventive. By harnessing AI you cannot only be preventative but also catch them down the street. You can use AI to sort of look at things like supply chain risk, threat intelligence from third parties and bring everything in and secure them.
“Having organisations put their heads in sand and say that it is not happening is not going to work. Being aware of it, well-trained, well informed, constantly learning and being educated all that time. That is the key.”
As the number of individuals and organisations falling prey to criminals is increasing, cyber defenders stress the need to educate people about the perils. This could begin from school itself.
“The governments should think about it and make cyber education a part of the curriculum,” said Dr Dor.
As the world continues to grapple with the perils of technology advancement, which is likely to become more intense in future, governments and law enforcing agencies have a huge task at hand. The problem is aggravated by the bitter truth that the number of experts is far less than criminals.
Hollenback said that hackers can be anyone–anyone that can write a good phishing mail.
“Generative AI has democratised bad action, hackers getting sophisticated. Anyone can be a hacker…I can write amazing phishing mail! Regardless of the blocks there are, I can get you to click on links by all using generative AI tools. If I can make everyone a bad actor, I cannot make everyone a cyber security expert. So, for a company like ours, we are using AI to combat AI. AI for good has to combat AI for bad. There is no other way.”