Companies that protect themselves can make a difference for everyone, even though the gap between perceived threat and proactive action might be difficult to close.
A year is a very long period in technology. The artificial intelligence chatbot ChatGPT, developed by OpenAI, was released in November 2022. It can generate text that appears to be written by a human being in response to a command. Thanks to the clever wording and intelligent technology behind this new chatbot, scam and phishing attempts that were earlier exposed by poor syntax and awkward words have already been replaced by more convincing ones. The entrance hurdle for would-be hackers is projected to decrease even further with the development of new language models like GPT-4, a multimodal large language model that can create code.
Businesses are already ill-prepared for the cyberattacks of today. 52% of European businesses reported a cyber security event in the previous year. Of those, 32% said that the incident cost them about $500,000, while others cited higher costs. The majority of firms intend to boost their spending for cyber security, yet studies show that this is still insufficient.
The double-edged sword of AI
“AI tools aid on both ends of the cyber security struggle,” asserts Amanda Finch, CEO of the Chartered Institute of Information Security. By more quickly and consistently identifying possible risks, prioritizing alarms, and responding to attacks, “traditional” machine learning and other AI methods can free up the work of security professionals. In contrast, malicious attackers might automate and speed up their attacks using machine learning, for example by repeatedly attempting several approaches to a target until they find one that is effective.
The industry will require more security specialists, not fewer, as a result of advancements in cyber security technology. According to Finch, AI will expedite and complicate this process rather than eliminate it, which is a key component of security. Ironically, as end users’ security knowledge develops to match the sophistication of cyberattacks, advancements in AI will increase the importance of the human side of the security sector.
The number of vulnerabilities in any particular network is increasing as home working is still prevalent post-pandemic and businesses become more integrated through cloud computing technology. Organizations must increase the “cyber security poverty line” in order to prevent the weakest link from bringing the entire chain down. They cannot continue to function as individuals.
Employee awareness is key
Even while businesses are aware of this, few have implemented the essential safeguards in the critical areas where they can concentrate to stay safe: protecting their network, confirming the identity of all users, safeguarding all devices, encrypting and backing up data, and securing the endpoints of each application utilized. All personnel, from new hires to long-term management, should be aware of these security precautions as a vital line of defence against nefarious individuals.
Four out of five security leaders (82%) believe that cyber security incidents will likely disrupt their businesses by 2025, but only 15% of businesses received a “mature” rating for their cyber awareness, which is the highest ranking compared to beginner, formative, and progressive. The rate of cyber awareness for enterprises in Indonesia, the Philippines, and Thailand is similar to that of companies in Japan and South Korea by a factor of six, whereas countries in the western world lag behind nations that have just adopted digital technology.
The overwhelming number of vendors in the cyber security sector helps to explain this in part. Any one of the 50 or 70 organizations that many businesses may have in their cyber security stack could cause a systemic flaw. According to Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, “the analogy that is utilize is: if you think about a symphony, imagine that every musician was doing a fantastic job by themselves.” The situation would be disastrous if everyone were to be performing the symphony in silence in separate rooms, unable to hear each other. In other words, it’s essential to take a comprehensive approach and take into account advanced defense like packet capture and sensor technologies, which intercept, log, and analyze network traffic and data.
Future action
The cyber security measures of tomorrow, not simply today, must be implemented by businesses. From MS-Dos to smartphones, computers have advanced; AI models and prompt interfaces are on the future. Patel, though, is confident that the intimidation element will vanish sooner than people may anticipate. He expects that if security rules are built up using natural language, it will be much simpler to do so since you will be able to discover conflicts between two policies and determine what has to be done in addition to setting the policy. People will no longer be distinguished by their ability to use machines with dexterity or without, and this will change how we define success.
In the future, a company’s cyber resilience—how well it can avoid or recover from breaches—will be a crucial determinant of how it will adopt new technology and how profitable it might end up being in the long run. The greatest defense is a collective effort by businesses to build a cyber security environment that is far greater than the sum of its parts; yet, as the breadth of potential threats rises, security budgets will be increasingly more stretched to comply.