Empowering cyber defense systems with GenAI

In my last blog, I highlighted how the proliferation of generative AI (GenAI) tools in the last 18 months has created an entirely new set of cybersecurity threats for companies, from data manipulation to inadvertent data or regulatory breaches. If deployed intelligently, however, the same technology also offers a tool of unprecedented power in the fight against cybercrime.?

EY teams are working with organizations to use GenAI in exactly this positive way. We aim to help cybersecurity teams anticipate and prepare for threats before they surface and to automate tasks, freeing up time and resources.?

Compliance and automation

Corporate cybersecurity teams have taken a steadily increasing share of technology budgets in recent years as companies in all sectors accept that technology represents a significant vulnerability. But this cannot be assumed to continue in perpetuity. As organizations struggle with economic headwinds, cybersecurity budgets are starting to plateau exactly when cyber threats are increasing at their fastest rate, as bad actors use GenAI to launch new forms of attacks.?

Cybersecurity leaders, therefore, need to urgently find ways to reduce costs and make the most productive possible use of their staff. This creates an opportunity to turn to automation powered by generative AI.???

One of the most straightforward functions of the large language models (LLMs), which underpin GenAI technology, is to parse and summarize publicly available information in real time. As the regulatory landscape evolves, with new rules around data privacy, digital resilience and cybersecurity published by multiple agencies in different jurisdictions, GenAI tools can keep abreast of compliance requirements and automate reporting to meet them.?

Threat intelligence - understanding existing or potential cyber threats - also often requires scouring vast, unstructured libraries of information, code and plain text. Again, GenAI tools can ingest and summarize such data to provide real time summaries of such threats.??

?

Threat simulation and response?

GenAI tools not only summarize existing information but can also generate content on demand. For cybersecurity teams, AI tools can be developed in-house to act as digital assistants, capable of churning out synthetic content to train the company's cyber defense tools to respond to threats.?

Think of phishing, for example, when an employee is targeted with an email or message to gain access to a company's IT systems. A GenAI text generator could be tasked with outputting thousands of unique phishing emails covering an array of sophisticated social engineering ploys to test anti-phishing filters. Running natural systems against these varied simulated attacks makes the systems more robust.

GenAI-produced algorithms can also generate and run simulated attacks against corporate IT systems to find potential weak points. This can include automated brute force attacks, SQL injection attempts or other common attack vectors.

Meanwhile, when breaches occur, GenAI tools can rapidly generate threat intelligence summaries, indicators of compromise reports and detailed timelines to accelerate incident response and free up security analysts to focus on critical thinking and recovering from the breach.

?

Predicting hacks?

However, the most promising area for GenAI in terms of cyber defense is in advanced threat intelligence and forecasting. Rather than simulating known attack strategies, forecasting involves predicting the types of attack vector adversaries are likely to produce next so that corporate cybersecurity systems can be readied to defy them.?

Even before GenAI tools went mainstream, machine learning tools were shoring up cybersecurity defenses through techniques such as pattern recognition, where unusual activity within a corporate IT system would be flagged for investigation. However, GenAI offers the potential to anticipate entirely new strategies before they are launched against a company.?

LLMs can synthesize data across news, cybersecurity forums, and, crucially, dark websites where hackers congregate, to identify emerging hacking techniques, tools and vulnerabilities before they are exploited in the wild. This enables security teams to get ahead of threats and strengthen defenses before attacks are launched.

When considered across these three broad areas - automation, threat simulation and threat prediction, our EY analysis suggests that deploying GenAI in cyber defense can generate significant productivity gains equivalent to savings of between 15% and 40% in several cyber defense scenarios. For this to happen, however, cybersecurity teams must be prepared for the technology.?

?

AI readiness?

To deploy GenAI tools in all aspects of cybersecurity, organizations must ensure they have robust data management in place, with data structured and easily accessible for AI tools to work on. Centralized data lakes combining network activity logs, endpoint detections and other streams provide the raw material for generative AI systems to derive insights. Whether building GenAI tools in-house or with third-party partners, strict controls will also be necessary to prevent the models from misusing or leaking sensitive data.?

GenAI tools will also need firm guard rails. Regulatory complexities around data privacy, AI ethics, and automation must be navigated carefully to ensure GenAI tools do not inadvertently breach rules. Transparency about how models are trained and deployed will be increasingly important to build trust with the public and regulators.?

A layer of human intervention will also be necessary: cybersecurity leaders must be able to explain to both executives, internally, and to customers and regulators externally how tools work and what steps have been taken to ensure their security. Used judiciously in this way, however, under the watchful eyes of cybersecurity professionals, generative AI offers companies a new tool to respond to adversaries.?

Bad actors are already actively misusing GenAI, deploying LLMs to launch attacks of unprecedented sophistication and scale, bringing new challenges for cybersecurity teams. Responsible companies must integrate GenAI into their defenses in response. With proper oversight and control, GenAI could be the security partner organizations need to outpace threats.

?

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.