Has AI Broadened Cyber Attack Surfaces More than It Can Help Reduce It?

AI was one of the hottest topics in 2023, especially in the cybersecurity industry. If you were to take a look at the headlines being shared across the web, you would have been able to pick out two distinct themes.

One suggested that AI was one of the biggest threats that the cybersecurity sector had seen. The other suggested that AI was a defensive tool that would ultimately aid businesses and the general public, rather than threaten them.

The truth is that AI is a double-edged sword. At the moment, it is hard to say which edge is sharper, but there are some definitive clues that could foreshadow what we might be in for over the next few years.

How Are Cyber Criminals Using AI?

Throughout 2023, AI has been used by cybercriminals to carry out several attacks. This includes AI password cracking. In a report by Home Security Heroes, it was revealed that AI could easily decipher common passwords, with 51% of those passwords being cracked in under a minute, while 65% were cracked in just an hour.

As well as this, AI has been used to automatically generate phishing emails. As of 2024, phishing has been one of the biggest problems faced by both businesses and the general public. While everyone is able to remove sensitive info from the internet to stem the problem, not everyone is aware of how serious the problem is, leaving them vulnerable.

Cybercriminals will only take further advantage of this in 2024. While the vast majority of phishing emails are identifiable, AI-generated phishing emails make it easier to write believable phishing scams, mimicking the tone of legitimate emails or texts, including their language and style.

This is another reason why removing information from the internet is so important. Based on the data that cybercriminals gather on the internet, they can feed AI specific information that can help to personalise emails and make them harder to spot.

Add to this that AI technology can increase speed, scalability, and sophistication of attacks, and it’s clear that AI – which is still in its very early stages – could be an even more deadly tool in cyberspace over the next few years.

Has AI Broadened Cyber Attack Surfaces More Than it Has Reduced Them?

This isn’t to say, of course, that AI is solely a hacker’s tool. In fact, AI technology is already being used to increase sales and to boost security. During a survey conducted last year, 48.9% of global executives and security experts considered AI to be a potent tool to combat cyber threats, with 44% of global organisations already leveraging it to bolster their defences.

One of the most significant ways in which they are doing this is through automated threat detection. While AI can configure new techniques to infiltrate multi-cloud systems, machine learning can work to recognise those techniques and pinpoint anything that doesn’t fit inside the original network.

This is also helpful when considering costs. AI-driven automation can lead to vast cost reductions in several areas of cybersecurity, especially when it comes to log analysis, patch management, and vulnerability assessments.

With improved scalability also added to the mix, AI can help business security to grow in the same way that criminal attacking methods can grow, keeping the playing field even despite hackers’ increased capabilities. In this way, it is currently a balancing act. As mentioned before, it’s unclear where the pendulum will swing, but AI certainly has the ability to aid security while working to damage it.