chat
expand_more

How CISOs Are Staying Ahead of Bad AI with Good AI

Learn how CISOs are using good AI to fight bad AI in this recap from Chapter 2 of our Convergence of AI + Cybersecurity series.
October 26, 2023

This is a recap of part two in our three-part series, The Convergence of AI + Cybersecurity. Read the recap of part one here.


Cybercriminals can and are using artificial intelligence for the same reasons that non-criminal organizations are: to augment and enhance human potential. Leveraging generative AI and large language models, threat actors can craft more complex, personalized email attacks at scale.

During the second chapter of The Convergence of AI + Cybersecurity web series, a panel of Fortune 1000 CISOs shared how they are fighting back in kind, tackling the malicious use of AI by adopting AI-native cybersecurity solutions.

Here are a few important insights from the webinar.

Generative AI Enables Novice Cybercriminals to Uplevel Attacks

Cybercriminals have harnessed large language models and generative AI to enhance the sophistication and scalability of their email attacks. Utilizing this technology to collect real-time data on their targets and convincingly impersonate individuals, threat actors of all skill levels can increase the effectiveness of their attempts to acquire sensitive information or funds.

Although legitimate tools like ChatGPT have built-in measures to prevent malicious use, these safeguards can be circumvented. Additionally, tools like FraudGPT further facilitate hacking by lowering the barrier of entry for less advanced attackers.

“For all the reasons we want to use AI for good, they're using it for bad, and they're focusing on where they can get sort of better bang for their buck. We see bad actors using technologies like FraudGPT to create things like phishing-as-a-service.”
—Gary Brickhouse, CISO and Vice President, GRC Services, Guidepoint Security
“We had this in the mid-2000s when hacker and fraud forums popped up and they were all teaching each other. It made us really, really nervous about how quickly a lay hacker could get up to speed. This is just another iteration of that [except] much, much faster and much, much better.”
—Stephen Ward, Managing Director, Insight Partners

AI Empowers Security Teams to Be More Effective and More Efficient

AI is perfectly suited for sifting through large amounts of data very quickly and automating complex actions, which means it excels in reliable threat detection. By combing through an organization’s network, AI-powered solutions create a baseline of good behavior and trusted devices. The AI then flags any deviations that might indicate a threat.

Additionally, the panelists agreed that AI has the potential to significantly enhance the efficiency and effectiveness of security operations. By using AI to filter out false positives and automate routine tasks, security teams can focus on more strategic and value-added work.

“We're now feeding the contents of suspicious inbound email messages into a large language model to discern whether they were created by generative AI. This helps us detect more sophisticated phishing and BEC messages that lack some of the indicators of human-created attacks. Sometimes it takes generative AI to detect a generative AI-created threat.”
—Bradley Schaufenbuel, CISO, Paychex
“We're reducing the time that an analyst spends chasing down a given threat by using the AI engines. That's measurable, and it benefits the entire organization.”
—Patrick Hellman, Vice President and Chief Security Officer, Arrow Electronics

Enterprises Must Embrace the Paradigm Shift

AI is still an emerging technology, and even the experts aren’t certain where it will go in the years to come. But for these CISOs, it’s clear that AI is here to stay, and embracing it is essential in order to stay ahead of threats.

Further, while AI is undeniably powerful, the panelists emphasized the need to ensure your organization isn’t just using AI for AI’s sake. They highlighted the importance of understanding the specific functionality of AI-powered tools and the outcomes they aim to achieve, such as reducing false positives, decreasing response times, and improving overall threat detection.

“Necessity prompted us to start using AI-enhanced security tools. The more cybercriminals leverage AI, the more sophisticated attacks become, and the lower the efficacy of our traditional security tools.”
—Bradley Schaufenbuel, CISO, Paychex
“Innovation requires bravery. We're very lucky to be a part of this moment. There's going to be a lot of bravery that's needed over the next 10 years to really see where this takes us. But it's an incredible time to be in this space.”
—Stephen Ward, Managing Director, Insight Partners
“Using AI to fight AI is the key. Our teams loved jumping in and seeing what the tools could do. And with that, we have to apply some guardrails. But don't be afraid of the tool. Get in, use it, and see how it can help you do your job and fight the bad guys.”
—Patrick Hellman, Vice President and Chief Security Officer, Arrow Electronics

For additional insights into the evolving threat of AI, watch the on-demand recording of Fighting AI with AI: A CISO Panel on Security Best Practices.

Watch the Webinar
How CISOs Are Staying Ahead of Bad AI with Good AI

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Convergence S2 Recap Blog
Season 2 of our web series has come to a close. Explore a few of the biggest takeaways and learn how to watch all three chapters on demand.
Read More
B 1500x1500 Adobe Acrobat Sign Attack Blog
Attackers attempt to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA and branded phishing pages.
Read More
B 4 15 24 RBAC
Discover how a security-driven RBAC design pattern allows Abnormal customers to maximize their user setup with minimum hurdles.
Read More
B 4 10 24 Zoom
Learn about the techniques cybercriminals use to steal Zoom accounts, including phishing, information stealers, and credential stuffing.
Read More
Social Images for next Cyber Savvy Blog
Explore how Alex Green, the CISO of Delta Dental, safeguards over 80 million customers against modern cyber threats, and gain valuable insights into the cybersecurity landscape.
Read More
B Images for EDB Blog from Sanjay
Abnormal is excited to announce the establishment of a strategic partnership with the Singapore Economic Development Board (EDB).
Read More