The double-edged sword of AI in cybersecurity

Imagine you’re the IT manager of a bustling organization. One morning, as you sip your coffee, an alert pops up on your screen: a sophisticated cyberattack is underway, targeting your organization’s sensitive data. Panic sets in — but then you remember the AI-driven cybersecurity system you recently implemented.

Within seconds, the system identifies the threat, isolates the affected systems and neutralizes the attack before it can do any damage. You breathe a sigh of relief, grateful for the advanced technology that just averted a potential disaster.

However, the story doesn’t end there. As you investigate the incident, you realize that the attack was itself powered by AI, designed to bypass traditional security measures. This underscores a critical truth: AI is both a powerful ally and a formidable adversary in the fight against cyberthreats. The same technology that protects your business can be weaponized against it.

• ALSO READ → No more excuses: get your security house in order

AI is here to stay — and raises security concerns

Considering AI from every angle has never been more important. We’ve all heard the story. A BCC Research report published in 2024 says the market for enterprise AI is expected to grow from $8.3 billion in 2022 to $68.9 billion in 2028 at a compound annual growth rate of 43.9%. And, looking at GenAI in particular, 99% of organizations are planning to increase their investment in this versatile technology, according to NTT DATA’s Global GenAI Report.

As investment in AI grows, it becomes a fundamental part of organizational technology and helps to identify exposures and manage vulnerabilities throughout business functions and processes. 

At the same time, though, our report finds that 89% of the C-suite are very concerned about the potential security risks associated with GenAI, and just 1 in 3 CISOs strongly agree that these security risks are adequately understood and being managed accordingly.

Furthermore, respondents in the GenAI report rate GenAI safety, security and ethics — as part of a comprehensive approach that also includes risk management and regulatory considerations, among others — as the top factor in selecting a GenAI partner.

So, to unlock the full potential of AI for protection, we first have to understand the multifaceted risks and benefits of AI-driven security.

The good: the benefits of AI in cybersecurity

Threat hunting and improved threat detection

By analyzing vast amounts of data, AI can identify patterns and anomalies that may indicate a cyberthreat —faster and more accurately than humans. AI systems can proactively search for signs of malicious activity that traditional security tools might miss, and detect malware based on its behavior rather than just its signature.

Automated responses

Because AI can automatically respond to certain types of threats, you can mitigate potential damage quickly. If known malware is detected on a device, AI can automatically isolate the device from the network to keep the infection from spreading.

Predictive abilities and improved incident analysis

AI can predict potential security breaches by analyzing trends and historical data, allowing you to proactively strengthen your organization’s defenses. And it can quickly analyze security incidents, identify the root cause and suggest remediation steps.

Continuous monitoring, vulnerability scanning and patch management

A significant benefit of AI is round-the-clock monitoring of networks and systems to promptly detect and mitigate threats. The technology can automatically scan for vulnerabilities, manage patches and prioritize vulnerabilities based on their potential impact and likelihood of being exploited.

Phishing detection

Human analysts can easily miss subtle signs of phishing, but AI is effective in analyzing the content of emails and web pages to detect phishing attempts.

Malware analysis

AI can analyze and reverse-engineer malware. This helps you to understand how malware operates and how to mitigate its impact.

Identity and access management

The technology can improve identity and access management by continuously monitoring the behavior of your users and detecting anomalies that might indicate compromised credentials.

Data-loss prevention

AI can help prevent data loss by monitoring data transfers and identifying suspicious activities that could indicate an attempt to steal sensitive information. AI also plays a crucial role in real-time data classification.

The bad: the risks of AI in cybersecurity

While AI can be an effective security tool, you need specialized skills to implement and manage AI-based security systems.

You also need quality data — AI relies heavily on the quality and quantity of the data it is trained on, and poor data can lead to ineffective threat detection. The extensive data collection and analysis involved in AI can also raise significant privacy issues.

Another risk in using AI security systems is the possibility of false positives: the technology can sometimes flag benign activities as threats, leading to unnecessary disruptions, wasted resources and the erosion of trust in AI systems.

The ugly: how cybercriminals abuse AI

Criminals are using AI to develop more complex and harder-to-detect cyberattacks, including:

• Data poisoning: Manipulating the data used to train AI models to produce incorrect results
• Deepfakes: Creating realistic but fake videos or audio recordings to deceive individuals and organizations
• Password hacking: Using AI to crack passwords more efficiently
• Social engineering: Composing convincing phishing emails and launching other social-engineering attacks, including pretexting (fabricating a scenario to gain the victim’s trust, such as posing as someone from the IT team and asking for their login credentials) and scareware (bombarding the victim with false alarms and fake threats).

AI also introduces new attack surfaces to protect, leading to changes in application and data security practices.

Balancing the good, the bad and the ugly

The good news is that the potential benefits of AI still outweigh the risks — that is, if AI solutions are implemented with cybersecurity always top of mind.

In healthcare, for example, a hospital might adopt an AI-driven patient monitoring system that analyzes patient data in real time to detect early signs of health issues. However, processing patients’ health data is highly sensitive and must comply with strict regulations. The hospital therefore has to focus on encryption and a secure-by-design approach to AI system implementation as well as other proactive, AI-enabled security monitoring tools to prevent unauthorized access or malicious activities.

Similarly, a manufacturer might use AI to improve their supply-chain management and predict demand, streamline inventory and automate logistics — but the complex network of partners and vendors creates many potential entry points for costly cyberattacks. So, they can use AI to continuously assess all vendors’ cybersecurity postures and the data channels between the company and its partners, complemented by an AI-driven incident response system.

To maximize your own AI-powered security solutions, follow these 6 steps:

1. Review your existing cybersecurity: Follow best practices and make sure your security measures are always up to date.
2. Implement internal training: Educate your employees about the risks and benefits of AI in cybersecurity.
3. Adopt zero trust architecture: Continuously verify and authenticate every user and device accessing your systems.
4. Develop AI-specific threat intelligence: Maintain a dedicated threat-intelligence feed for AI-related threats.
5. Conduct regular risk assessments: Regularly audit your AI systems to track and improve their security.
6. Embed robust security guardrails by design: These should span everything from risk management, compliance, data protection, model validation and training to cyber resilience and incident-response planning.

Partner up for full protection

AI is undeniably a double-edged sword in the realm of cybersecurity. It protects your business but also introduces new risks that must be carefully managed.

Working with an expert partner is a fast and reliable way of adopting a proactive and comprehensive approach to AI-driven security, including full-time monitoring. An experienced service provider like NTT DATA will also understand the nuances of your industry and fine-tune your security accordingly.

• ALSO READ → AI in the SOC: the future of cost-efficient cybersecurity