AI empowers criminals to launch ‘customized attacks at scale’—but could also help firms fortify their defenses, say tech industry leaders
Artificial intelligence is giving cybercriminals new tools to find holes in a company or institution’s defenses—with costly, or even life-threatening, consequences if they break through.
Over the past decade, “cyberattacks have gone from more innocuous attacks to really destructive ones,” Bipul Sinha, CEO of cybersecurity firm Rubrik, said Monday during a lunch session at the Fortune Global Forum in Riyadh, Saudi Arabia. (Rubrik is a partner of the Fortune Global Forum, and the host of Monday’s lunch session)
Cybercriminals can now use AI’s ability to customize content en masse to steal credentials. Previously, conducting a social engineering attack was “a very labor-intensive process,” requiring fraudsters to research a company’s strategy and write a compelling phishing email, Sinha said. “Now AI can conduct such customized attacks at scale.”
A more connected world is also opening up new avenues for attack. “We started with having to defend very simple core systems,” said Pieter Bil, managing director of Middle East and Africa for Kyndryl, a global IT infrastructure service provider. “But now we talk about IoT, AI cloud, working from home—all these things broaden the network.”
Cyberattacks could even have life-threatening consequences. Michael Martin, co-founder and CEO of Rapid SOS, a platform that links data to first responders, pointed out that at least four statewide 911 outages in the U.S. last year could be linked to cyberattacks.
Stuart Isett for Fortune
“In the middle of a heart attack, school shooting or sexual assault, people called 911 and the line was dead,” Martin said. “We’re talking about securing critical infrastructure against sophisticated adversaries that are no longer just a kid in a basement.”
Sinha, from Rubrik, added that other key institutions in the public and non-profit sectors, like hospitals are at risk of cyberattack. These entities have three times more sensitive data than the average organization, making them appealing to attackers. They’re also starting to adopt new digital technologies, but lack the talent or resources to adequately protect their own systems, and are thus overexposed to threats.
Making it ‘a fair game’
Yet panelists noted that AI could also help to level the playing field between cybercriminals and cybersecurity executives.
“It’s not a fair game,” said Bil, from Kyndryl. “Attackers only need to be right once, but defenders need to be 100% right, and they need to be very quick.” That means it’s crucial for industry leaders to embrace AI, train the right people, and “get to the next level” with this new technology.
Stuart Isett for Fortune
Governments have a role to play, said Ali Abulhasan, co-founder and CEO of Tap Payments, a Riyadh-based digital payments company. “We’re lucky to be operating in the Middle East and Saudi Arabia, specifically due to the high attention and proactiveness of the governmental bodies here towards cybersecurity,” he said.
One place where AI can help is automating low-end work in the cybersecurity space, freeing up more interesting roles to attract talented computer science graduates.
“In the U.S., our challenge is that cybersecurity is not a field that our top engineers aspire to enter out of college. People are going into algorithmic designs, social media and advertisements,” Sinha said. “But the need for ‘grunt’ work will reduce with the introduction of AI, and that may excite new grads with computer science degrees to go into cybersecurity.”
