By Dean Coclin, Senior Director, Digital Trust Specialist, DigiCert
It’s clear that 2023 will be remembered as the point that artificial intelligence (AI) stepped out of the shadows and took center stage. Once an “under the hood” technology best understood by techies, AI was quickly democratized by tools like ChatGPT, Siri, Alexa, and even Netflix. Today, even high school students are getting comfortable using AI-powered technology.
However, the impact of AI reaches far beyond popular applications like online chatbots, school reports, and funny memes on social media. Together with quantum computing, increasingly intelligent technologies are rapidly transforming cybersecurity strategies. For security organizations charged with protecting the enterprise, the time to prepare is now.
A double-edged sword
AI has already proven itself as a valuable option for defending the infrastructure. Enabling solutions like advanced intrusion detection systems (IDS) and intrusion prevention systems (IPS), AI can help organizations spot and respond to signs of possible breaches faster than earlier generations of IDS.
But we will soon start to see AI use pivot from defense to attacks. As AI becomes more accessible, bad actors will increasingly use its capabilities to harvest data available online to acquire personal information about individuals and their organizations. We’ve seen deepfake clips showing how AI can be utilized to mimic a person’s voice. With technology available today, an attacker could harvest data from LinkedIn, YouTube, or other public sources to place a phone call, simulate a manager’s voice, and perform malicious activities like resetting an organization’s passwords.
We’re also seeing new threats from AI on the web. The ability to render new sites in response to search queries has a great potential for interacting with customers, but it can also introduce new fraud risks. The more generative AI search capabilities advance, the greater the possibility that organizations can lose control of the information on their own websites. It won’t be long before AI can write, construct, and render an authentic-looking page almost as fast as a search result can be served up. Whether the page is genuine, or contains false, malicious content may not be obvious to a viewer.
The pressure is growing for leaders to develop a strategy to manage AI threats as well as take steps to ensure trust for key company assets like public websites.
Preparing for a post-quantum world
Quantum computing has also been advancing rapidly over the past few years, and it’s posing a serious threat to existing cryptography. Soon, large-scale quantum computers will be capable of cracking most public key cryptosystems, potentially compromising communications on the Internet and other digital systems. Although many IT leaders are aware of quantum computing risks, their business counterparts may be unaware of the looming threat. According to a report by the Ponemon Institute, “Preparing for a Safe Post Quantum Computing Future: A Global Study,” most organizations have not yet established clear post-quantum cryptography strategies.
Despite the slow start, business leaders will soon become more aware of post-quantum cryptography (PQC). Industry organizations like NIST will release new standards the summer of 2024, which should encourage organizations to better develop and document their quantum strategies. With improved communication, better education and proactive planning, it’s expected that executives will take major steps forward in PQC preparation and accelerate their companies’ investments.
Trust takes a seat at the table
Much of the threat posed by AI and quantum technologies comes down to digital trust. Trust is fundamental to business relationships, and its loss can dramatically impact a business’ reputation and revenues. It’s not surprising that organizations are taking a close look at the role of digital trust in their organizations. As threats become more sophisticated and traditional perimeter-based defenses encounter new challenges, they are seeking to modernize their security approaches to go beyond the traditional infrastructure—and consider trust issues like personal identities.
Like any enterprise initiative, the overall strategy will need to come from executive leadership. Many organizations are establishing Chief Digital Trust Offers, or DTOs. The primary mission of a DTO is assuring that the organization’s digital assets and services can be trusted by customers and partners. They focus on ensuring that trust is integrated into every digital interaction, and work to keep the organization’s digital presence secure and dependable. A DTO leader sends a strong message about a company’s commitment to the security and trust of its digital infrastructure—and reassures internal employees as well.
With forward-focused leadership, good communication and proactive strategies, organizations can meet AI and quantum computing challenges in the years ahead—and be ready for new ones on the horizon.
About the Author
Dean Coclin has more than 30 years of business development and product management experience in cybersecurity, software and telecommunications. As Senior Director, Digital Trust Specialist at DigiCert, he is responsible for driving the company’s strategic alliances with IoT partners in the consumer security market, and with other technology partners. Coclin is also the previous chair of the CA/Browser forum.
Dean can be reached online at ([email protected]) and at our company website http://www.digicert.com/