Generative AI aids hackers in entering high-risk systems
AI tools are misused by cybercriminals.
Generative AI has not only unlocked new potentials for innovation but has also provided cybercriminals with tools to enhance their malicious activities, according to Jeremy Pizzala, EY Asia Pacific’s Cybersecurity Consulting Leader.
"Generative AI is able to help bad hackers develop malware on the fly," explained Pizzala. According to him, cybercriminals can use AI to produce ransomware or other types of malware simply by using the right prompts, a process known as 'prompt poisoning'.
He said that generative AI is being employed to craft highly convincing phishing and spear phishing emails with excellent grammar.
In response to these advanced threats, Pizzala underscored the importance of robust cybersecurity measures. Organisations are advised to bolster their defences by maintaining strong threat detection and response capabilities, including a mature security operations centre that utilises threat intelligence and automation.
Another strategy is the implementation of comprehensive identity and access management programs, particularly around privileged identities. "Zero trust is very important, ensuring that people and devices have zero trust as they traverse through your network and your applications," he stated.
Pizzala pointed out that technologies like machine learning, deep learning, and even generative AI itself can be powerful allies for cyber defenders. These technologies can enhance the ability to detect and respond to cyber threats more efficiently.
Pizzala also clarified the concept of "shifting left" in cybersecurity, which emphasises the integration of security measures at the early stages of technology or business transformation projects, especially in the development of new applications.
“So an application is highly secure, because what we see today, unfortunately, is security to the right, which means that, often, security has been forgotten at the time of design and build of applications, and therefore makes it much easier for hackers and other cyber malicious actors to gain access,” he explained.
Commentary
Why bigger digesters alone won't solve Asia's renewable energy challenge
Only the agile will win across ASEAN’s evolving markets
Scaling for resilience: What Asia Pacific’s bioenergy markets can learn from each other
Asia is leading payments modernisation and banks can't afford to fall behind
To outsmart modern fraud, we must first know the enemy
Why Western firms keep misreading the Chinese and Korean trust architecture
Platinum cards, paper-thin compliance?
How Asian enterprises can deliver modern, data-driven HR on time and on budget
Why high turnover persists in hospitality, and what’s changing
Energy price volatility highlights structural gaps for managing FX risk in APAC