Some statistics for setting context.
- The Global cyber security market in 2024 was $300 Billion and expected to reach $644 billion in 2033. Its growing with CAGR of ca. 9% which is more than S&P US index for last 50 years.
- There were 40000+ vulnerabilities added to National vulnerabilities database. & 40% of them are Zero day vulnerabilities with easily available exploit code in dark web.
- 1.7 billion stolen credentials were being circulated on dark web in 2024 – a 500% year-over-year increase
There are many vulnerabilities and exploits available. Organizations are safe not because of the plethora of security controls implemented by the security teams. They are safe due to the mood and laziness of the threat vectors waiting to use these exploits.
Some of the few reasons which can contribute to this exposed risk landscape in IT applications across domains are:
- Complexity of Hybrid cloud environments exposing more risk.
- Increasingly AI generated code introducing new and unique vulnerabilities.
- NO or badly implemented cyber security governance (where security is considered a support function and cost center).
In this short blog, let’s explore ‘The Good, Bad & Ugly side Generative AI and its impact of Cyber security landscape.
The Good
- For many years in a row the ransom ware is showing a downward trend. 35% down YoY.
2. Phishing attempts have gone down with 50%
3. Advanced persistent threats which were very hard to get rid of and detect has improved. Thanks to the investments being done in cyber security and implementation of systems like SIEM, EDR (endpoint detection and response capabilities.)
The Bad
- Credential theft, mostly due to social engineering have increased many folds. As it is often said in security world.
”It is easier to Login than to Hack in”.
2. Top 1000+ Zero day vulnerabilities which are being discussed on the dark web have readily available exploits.
3. ‘Access as a service’ are some new emerging trends. These services are being increasingly offered in various forums for monthly subscription fees.
4. Generative AI landscape and its use cases are soon reaching the top of its adoption Curve. Which means at this production stage when many of generative AI use cases are being applied across industries. Exploitation phase of this new tech. have also begun exposing new surface area for threat actors.
The Ugly
- In 2024, one of the first model AI chat bot exposed over 1 mn. sensitive data, API keys with very easy manipulation.
2. ‘RaaS – ‘Ransomware as a service‘ is one of the fastest growing service enabled by generative AI models. There are new applications which are easily available
Every coin has 2 sides. Just as in the past with invention of Fire, Internet etc. they provided humanity with lots of good things but also not so good things.
The cyber security landscape just entered an escalated phase. Generative AI is becoming mature. A plethora of new models are being launched at groundbreaking speeds. & both defensive and offensive capabilities are growing as parallel trajectories.
Some of the evergreen but easily ignored recommendations which you can enforce in your organizations are:
- Multi factor authentication – Something you are, something you have and something you know.
- Use passkeys over passwords.
- Implement AI governance models which save against Data poisoning attacks.
Are there any AI enabled threats and risks you have come across? Would like to hear your feedback and comments on this post.
//Stay secure & Add MFA :)
Chakshu Arora.
Chakshu Arora | Food for thought, Beyond the NOISE. 
Leave a reply to Lessons from Trenches and Clouds for Tech professional’s – Welcome to Chakshu Scribbles. Cancel reply