AI will be a major player in cyber threats and how businesses respond to them in the years to come. Here are some of the key trends to keep in mind as you address these new threats and decide how to integrate AI into cybersecurity operations.
Artificial intelligence has dramatically accelerated the pace of cyberthreat evolution. It has significantly lowered the barriers to entry for cybercriminals around the world, from the widespread availability of powerful social engineering tools such as large-scale language models (LLMs) and deepfakes to AI-powered data monitoring and analysis. At the same time, organizations are increasingly using AI to bolster their cyber defenses through automated vulnerability assessments, remediation, and security tasks.
Last year, RTInsights published a article which looked at how AI would drive changes in cybersecurity. The article was based on research According to a Gartner study, several of the most significant cybersecurity trends have been mapped and AI has analyzed the interactions between these trends. While some trends have persisted through 2024 (such as the need to update cybersecurity awareness training), several new developments are expected to change how companies approach cybersecurity as AI advances.
AI will be a major factor in cyber threats and how businesses respond to them in the years to come. Now is not the time for CISOs and other security leaders to be reactive: they must prepare their organizations to navigate a new cyber threat landscape while determining how to integrate AI into their cybersecurity operations.
See also: Report: AI and cybersecurity drive industrial investment
Trend #1: AI will unleash a new wave of social engineering attacks
The emergence of LLMs and deepfakes will make social engineering more effective. According to Verizon’s 2024 Data Breach Investigations Report, 68 percent Breaches involve a human element. That’s why cybercriminals are taking advantage of new AI weapons in their arsenal to deceive and manipulate employees to infiltrate networks, exfiltrate sensitive information, and steal money.
For example, cybercriminals use LLMs to mass-produce highly personalized and convincing phishing messages that victims are much more likely to click on. reports that businesses should expect LLMs to be “used in phishing, SMS and other social engineering operations.” Meanwhile, Microsoft has already observed the widespread use of LLMs by major cybercriminal organizations around the world.
Cybercriminals have also used deepfakes to launch sophisticated, multi-layered cyberattacks. For example, after receiving a phishing message, victims may call to confirm and end up speaking to a spoofed contact. As fraud rates rise, the FTC expects to deepfakes to “boost this scourge.” It’s no wonder: less than half of Americans say They are “confident in their ability to identify deepfake videos or AI-generated audio files.”
Trend #2: AI will force companies to reevaluate their existing cybersecurity processes
While AI offers businesses a broader range of cybersecurity tools than ever before, the rapid evolution of the technology has also given rise to an AI arms race: As defenses improve, so do the methods of intrusion. This means that CISOs and other security leaders will need to reevaluate several key cybersecurity mechanisms.
For example, deepfakes are set to make biometric identity verification less effective – Gartner’s latest study found that 30 percent of companies will no longer consider these “authentication solutions as trustworthy in isolation” by 2026. Companies are implementing AI-based “identity threat detection and response” tools, such as phishing defenses that analyze messages based on content, sender credentials, and email header information. But cybercriminals are simultaneously developing workarounds using LLM and other AI tools, and phishing remains the top threat. the most common and the second most costly initial attack vector.
By 2025, Gartner predicts that AI will force enterprises to increase their spending on application and data security by at least 15%. These findings are consistent with other research, such as a recent study by PwC reportwhich found that 79% of executives will increase their cybersecurity spending in 2024, up from 64% in 2023. CISOs and other security leaders need to determine how to make these investments most effectively.
Trend #3: AI will have a significant impact on supply chain cybersecurity
Supply chain breaches are among the most destructive cyberattacks. The SolarWinds hack was one of the largest infiltrations of all time, and the company find that “the most likely attack vectors were from compromised credentials and/or access via a third-party application.” According to Verizon’s latest data, there has been a 68 percent increase in the volume of “supply chain interconnections” involved in violations between 2023 and 2024.
In 2022, Gartner predicted that 45 percent organizations worldwide will experience cyberattacks on their software supply chains by 2025, a threefold increase since 2021. This new era of supply chain cyberattacks has arrived. reports that 27% of total breaches in 2023 could be attributed to attacks on business partners’ software or supply chains.
Companies can use AI to run simulations that replicate potential supply chain attacks, detect fraud and malicious activity on the network, and help companies reduce response times in the event of a breach. But AI also enables cybercriminals to probe for potential weak links in the supply chain and launch social engineering attacks that give them a foothold at critical access points. These are reminders of the importance of having the right security protocols in place throughout the supply chain, from AI identification and response systems to high-quality cybersecurity awareness training.
Trend #4: Comprehensive cybersecurity is essential in the age of AI
The race for artificial intelligence is heating up, and businesses can’t afford to wait for the latest cybersecurity technologies to come out. With social engineering still the preferred tactic for most cyberattacks, security leaders must ensure they are building a cybersecurity culture at every level of their organization and providing employees with the resources they need to protect the organization.
According to IBM, employee training is one of the the most significant Mitigating factors in the overall cost of a data breach extend beyond insurance, encryption, AI-driven insights, and other resources. AI and cybersecurity training must complement each other. Gartner predicts that “by 2028, multi-agent AI in threat detection and incident response will grow from 5% to 70% of AI implementations to primarily augment, not replace, staff.”
Cybersecurity awareness training must evolve to meet the demands of the AI era. It’s not just about training employees to spot sophisticated LLM-generated phishing messages and deepfakes. It’s also about leveraging AI to generate predictive behavioral profiles, addressing specific employee vulnerabilities with personalized interventions, and empowering employees to thwart cyberattacks in an age where they can no longer trust their eyes and ears. As Gartner has noted, put itCompanies should “prioritize investments in AI-enabled workforce augmentation, not just automation of tasks. Prepare for increased spending in the short term and changes in skills needs in the long term due to GenAI.”
Nearly 90% of companies are still in the research or piloting phase of generative AI, so it’s hard to predict which technologies and applications will fade away with the hype and which are here to stay. But companies can prepare for what the future holds by developing a comprehensive cybersecurity strategy that harnesses the power of AI while preparing employees to withstand the ever-evolving threats this revolutionary technology has created.
