The Double-Edged Sword of AI in Cybersecurity
On the 3rd episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Ryan Fritts, CISO at ADT. ADT is a renowned industry leader in security and automation solutions, dedicated to protecting homes and businesses. ADT's focus on reliability has earned them the trust of millions of customers worldwide. In this conversation, Ryan discusses the hype vs. reality of AI in cybersecurity, the evolving security risks from adopting cloud computing, and considerations of AI regulatory frameworks.
A newly ignited wave of interest in generative AI capabilities presents a unique set of opportunities and risks for enterprise companies. Ryan acknowledges the benefits of AI and analytics in enhancing security outcomes, such as detecting abnormal network usage and identifying increasingly intelligent phishing attempts. However, Ryan also raises concerns about attackers' adversarial use of AI. "That is the double-edged sword; when something gives you efficiency in an operation, it doesn't just give it to you. It gives it to everybody. And it's the last thing we want, ne'er-do-wells, to be more efficient and effective, particularly relative to phishing and social engineering scams. The ability to social engineer via prompt engineering, and you don't even have to do it in English, it's a frightening proposition."
For defenders, Ryan is optimistic about AI's potential to help security teams more effectively address increasingly sophisticated attacks. As he describes, "That is where AI and analytics shine, is taking data, understanding the context, and calling out things that don't look like the rest. Even from a network perspective, the network is so data intensive. What looks like abnormal network usage? What system is talking to systems in Russia? The ability of AI and analytics to look over a problem, know what normal looks like, and call out things helps turn the pile and the mountain of hay that you're trying to find the needle in into the pile of needles." However, Ryan cautions that he believes AI is a tool for increasing efficiency and not a replacement for security teams in place. "Everybody assumes you drop ChatGPT into a product and magically it's a hundred times better, and it does everything for you. It solves all of your problems. That's not true. I think everybody sees the reality of ChatGPT and the efficiency side of it, and instead of highlighting efficiency, they just overpromise." Balancing the hype of new technology tools and the reality of what can be achieved by an enterprise business remains one of the most challenging considerations for many security executives navigating uncharted territory.
Security leaders must also remain aware of the shifting infrastructure needs as global adoption shifts from traditional IT setups to cloud-based infrastructures. There has been a subsequent increase in focus on the interconnectedness of computing functions and the implications of these innovations. Ryan shares that with this transition comes more potential failure points, demanding a more comprehensive approach to security. "Today, the thought of the four walls and a moat doesn't really exist. The whole IT ecosystem has been kind of deconstructed and reconstructed in services that third parties host."
With such unprecedented new potential presented through AI adoption, Ryan explores the need for regulatory clarity to address challenges related to its emergence effectively. He emphasizes the importance of a consistent liability framework considering the complexity of attacks orchestrated by nation-state actors. "There isn't a real federal standard here in the US, but if I think about regulation, which most people are going to think of the US, the liability and liability shields, can it be an unlimited liability if it's a nation-state actor? An insurance provider will view a nation-state actor as a potential act of war. And who can stand opposed if a nation-state moves against you as a private company? They are dealing with a level of sophistication that is difficult to oppose in perpetuity." Ryan believes in the necessity of clear regulations to guide security strategies and decision-making, enabling organizations to plan and mitigate risks effectively.
Ryan's insights emphasize the importance of adaptability, continuous learning, and passion for understanding and solving security problems. "Everything that is being developed today didn't exist when I started working on computers. When it comes to security, it's a set of problems, and the best way to solve them is to understand and try to break them down into the smallest possible constructs. And the more passionate you are about understanding problem-solving, the better you'll be." As cyber capabilities continue to evolve, these lessons will serve as valuable guideposts for governments, security leaders, and organizations seeking to navigate the complex realm of cybersecurity and the new tools derived from artificial intelligence.
