Power to the Noobs: Cybersecurity is now a Horde Survival Game
Like most people my age, I am on Tik Tok?and enjoy the sweet dopamine hit I get scrolling through the endless stream of memes, funny videos, and sports highlights. However, as much as I have enjoyed the recent videos mocking Drake (wop wop wop ), in an effort to try and be a bit more productive, a while ago I also began to seek out more educational content that might actually be useful to my learning and development.?
One account that quickly stood out to me as a phenomenal source of knowledge was Nate b Jones (@nate.b.jones), an experienced product leader who regularly shares super useful analysis of broad trends in tech, as well as practical advice for those working in tech and startups. (I promise this is not a sponsored ad, I'm just a fan. Nate has been added to my list of Resources for Those in Startups and Tech ). With every major event or shift in the tech industry, I eagerly await Nate’s thoughts to hear what he has to say.
Recently, Nate got lit up for a take he had in one of his videos. The premise of his video was that
“the opportunity cost for human intelligence has dropped through the floor because a lot of tasks that previously proxied for human intelligence are now fully doable with LLM’s”.
The ignorant mob on Tik Tok was quick to accuse him of saying LLM’s are intelligent in the way humans are intelligent and that he was a moron for saying something so stupid. They completely missed his point.
AI now allows people with no experience to quickly learn and do things that once required extensive knowledge, prior experience, expertise, time and thought.?
It allows people to learn at a rate never before possible. While it is not perfect by any means, it allows people to go from 0% to 80% in a fraction of the time it would have taken them a few years ago, and find immediate answers to questions that would’ve taken hours of research.?
This also applies to utilizing the knowledge and information acquired. With a quick series of questions on ChatGPT, you can find an answer to almost anything you’re looking for, and draft a plan on how to apply that knowledge to accomplish whatever you want. Will it be perfect? No. But is it good? Very. And most importantly, it allows you to move infinitely faster than you could’ve just a few years ago towards any objective you have, without being limited by lack of information or experience.
The significance of this is massive.?
Faster acquisition and application of information means much faster learning and many, many, more at-bats to get something “right” (whatever that means in the context of what you’re working on). This means that someone with no prior experience or knowledge on something can quickly pick it up, iterate, learn, and achieve their goals at unprecedented speed. This has huge ramifications across industries and is a large reason why there is so much hype around AI.
I also think this is also the core of why so many people are concerned about the impact of AI on jobs.?
Historically people spent years investing in the accumulation of knowledge and experience that served as a “moat” and barrier to entry for many professions and careers. With this moat removed in a lot of places, people are fearful that others can now quickly close the gap and compete with them (or their job will be automated completely). This influx of competition could in turn lead to reduced salaries, job loss, and outsourcing of their position. The thing is this new reality applies to everyone, including the people who are scared. They too can now quickly accelerate their learning and development at a pace never before possible. But this is uncomfortable and requires acceptance of this new world.?
Curiosity, speed, initiative, resourcefulness, problem solving, comfort with discomfort, social skills, and critical thinking have now become more important than ever before, and certainly more important than historical knowledge or experience with anything. With the skills listed, and some tenacity and grit, anyone can quickly close the gap on someone who relied completely on their moat made up of years of knowledge and experience. As an employer, the skills listed above are the ones I would be looking for first and foremost in new hires.
Now, I do want to qualify this by saying that true mastery of a complex subject, skill, topic, and role is still incredibly valuable and defensible. However, the next generation following in the master's footsteps will now be able to reach that level in much less time.?
Switching gears a little bit.
I want to go more in depth on why this is going to have a profound impact on cybersecurity (although I’m sure it would be fun to explore other areas as well…. Maybe another time).
领英推荐
I’m going to put on my tinfoil hat here.?
I believe we are witnessing the democratization of cybercrime. (Did I really just say “democratization” and “cybercrime”? ??) But honestly, there has never been a better time to enter the arena as a bad guy. Similar to how in other industries and occupations it is now easier to enter and up-skill than ever before, the same thing now applies to those looking to make a living off of attacking others. The barriers to entry have been lowered so that every aspiring criminal can quickly learn and execute attacks that once would’ve been limited to those with specialized tools, experience, and knowledge. In all the discussions around the impact of AI on cybersecurity, I have yet to see this talked about.?
My prediction is that this is going to result in a dramatic increase in the total volume of attacks that target individuals and organizations, the sophistication of these attacks, and their effectiveness.?
Because of this, security has NEVER been more important. Both at work and in our personal lives.?
Another hot take:
As a consequence of this I think security professionals are likely about to get PAID, even more so than they are right now. Businesses of all types are going to quickly learn (likely the hard way) that investing in robust cybersecurity is absolutely critical, and that they can’t afford to withhold any resources from their security teams. In turn, the pressure and responsibility that will be put onto security professionals will be enormous. They will have more attackers than ever before trying to exploit every single attack vector and potential vulnerability. Incident response will become even more critical, because there will be incidents. (As a side note, it will also be interesting to see how cyber insurance providers respond to this… but that’s another topic for another time).?
The human aspect of security will also increase in importance.?
With the volume and quality of attacks targeting employees increasing dramatically, training will continue to be vital, but not enough. Security teams will need to take additional measures leveraging new tools and processes to protect the employees in their organizations. This is especially true when it comes to defending employees from social engineering attacks, phishing, and fraud leveraging deepfakes (I’ve written about this previously ) where employees (and humans in general) are becoming increasingly vulnerable. We are already seeing a dramatic increase in the volume of both deepfake and voice phishing attacks with 30% of american businesses experiencing a cybersecurity incident involving deepfakes over the last 12 months and explosive growth in phone based phishing . While we are still waiting for the data to come out on the loss totals resulting from these types of attacks, I don’t think it’s outrageous to say that it will be much much higher than last year, and will likely continue to grow year over year as deepfake quality, effectiveness, and adoption increase.
I hate feeling like I’m fear mongering.?
I swear I’m not Chicken Little screaming that the sky is falling (I fancy myself as more of a Paul Revere, or maybe more aptly, Noah, sitting with an ark available as rain is starting to fall), and I certainly don’t want people to think that the world is ending, because it’s not. But at the same time, I firmly believe that a lack of education and action related to this issue is going to cause people and organizations a lot of pain and suffering in the coming years. And while I’m obviously heavily biased since I’m a co-founder at a company helping solve this problem, it’s my belief in the severity of the problem that has led me to drop everything and build a company (or should I say ark?… haha see what I did there? Man I’m corny and self righteous...) and write blogs like this one in an attempt to help people understand what is coming and provide a lifeline.
Anyways, that’s all for today.?
Y?o?u? ?c?a?n? ?l?e?a?d? ?a? ?h?o?r?s?e? ?t?o? ?w?a?t?e?r? ?b?u?t? ?y?o?u? ?c?a?n?’?t? ?m?a?k?e? ?i?t? ?d?r?i?n?k?.? Whenever you need help defending your organization from AI powered social engineering, fraud, and phishing, I’m your guy.
My company DeepTrust helps security teams defend against advanced social engineering, fraud, and phishing by providing next generation voice security built for deepfake threats. Seamlessly integrating with VoIP services like Google Meet, Zoom, Microsoft Teams and others, DeepTrust authenticates voices, verifies devices, and alerts both users and security teams of suspicious activity.
If you’re interested in learning more, or have additional questions about deepfakes, I’d love to chat. Feel free to shoot me an email at [email protected] .
Ready to get started? Sign up here !
Finally, if you enjoyed this blog, I invite you to follow my newsletter, Noah’s Ark on LinkedIn.