It is predicted that business will revolutionize in the coming years with the capability of ChatGPT and similar generative AI to understand questions and give meaningful answers. Visualize a customer support chatbot that can understand complex questions and convey meaningful answers to those questions.
Generative AI has also proved the fact that it is also a game changer in cybersecurity. Key advantages of these generative AI are quick identification of threat surfaces, faster security posture assessments, recommendations for consolidation, and orchestration, and when integrated into threat detection and response to threats improved capabilities for recognizing unknown zero-day threats.
However, it should be noted that the latest powerful technologies present significant risks as well. A survey of 1500 IT and cybersecurity decision-makers stated that 51% of the respondents believe a successful cyberattack attributed to ChatGPT will happen within a year. 71% of the respondents believe that nation-states might have started using ChatGPT for malicious reasons.
Following are some of the instances and examples of security threats that ChatGPT and similar large language model (LLM) AI can create:
- ChatGPT can be used to generate new and unique malware. For instance, researchers created Black Mamba, a proof-of-concept polymorphic keylogger that automatically changes its code on the fly to evade detection by traditional EDR solutions.
- ChatGPT also makes it simple for threat actors without significant technical skills to design sophisticated attacks they couldn’t create independently. Budget-minded novices may turn to ChatGPT to avoid paying the already-low fees for commodity ransomware.
- Cyber attackers are already using tools like ChatGPT to develop more believable phishing emails that use correct spelling, grammar, and writing style. In the future, threat actors are predicted to move from phishing emails to crafting legitimate-sounding social posts and even “deep fake” audio, and video that may be indistinguishable from the original content.
Threat actors are also exploiting global interest in ChatGPT to attract the public into installing malware. For instance, around 2000 people a day installed a malicious browser extension called Quick Access to ChatGPT that harvested information about Facebook Business accounts. Other attempts to exploit public interest include promoting and distributing fake ChatGPT applications that install a variety of malware.
The growth of generative Artificial Intelligence (AI) and its cybersecurity impact presents new opportunities for MSSPs to elevate the value of their services. The MSSP value proposition has always incorporated delivering top-tier security at a minimal cost for a business to build, staff, and maintain its own SOC.
As generative AI can make it easier to design and spread malware, more small and mid-size businesses may be targeted. These organizations will truly benefit from enterprise-strength cybersecurity- including technology and human expertise at the forefront of research and innovation to identify and respond to known and unknown threats.
Cybersecurity training and education are other areas for MSSPs to deliver value-added services. For instance, as the quality of phishing lures and other fake content improves, employees must be trained to identify and report possible threats instead of immediately clicking links.
Customers also must understand how employee use of generative AI can develop cybersecurity risks and violate regulatory and compliance needs. For example, at some companies, employees have added corporate data into generative AI tools, to aid their analysis, without considering whether their actions were making proprietary, customer, and financial data visible to the public.
The demand for MSSPs that can help organizations develop and implement meaningful data protection, privacy, and cybersecurity policies and staff training might see a rise.
Helping businesses understand and manage both the internal and external impact of ChatGPT and other emerging AI can be a competitive differentiator among MSSPs. BlackBerry CylanceENDPOINT and CylanceEDGE are some of the solutions that are made to help MSSPs deliver the advantages of AI-based cybersecurity directly to the markets.