 |
| By Karen Riccio |
Armed with the latest and greatest tools, cybercriminals are fully capable of outsmarting even the savviest security pros — let alone mainstream folks who push buttons first and ask questions later.
June is Cybersecurity Awareness Month. So, it’s the perfect time to talk about artificial intelligence.
Not for all the ways it can thwart crime, mind you. But because of the massive headaches it’s already causing security pros.
We can blame a lot of today’s pain on the two-month-old shiny, new app already being used by 100 million users: ChatGPT.
However, it’s just a matter of time before the headaches turn into mind-numbing migraines as more AI products come to market.
Sure, companies like Microsoft (MSFT), Alphabet (GOOGL) and NVIDIA (NVDA) might be striking it rich from the current frenzy.
But critical issues that potentially make AI “a cure that’s worse than the disease” may really boost the coffers of cybersecurity companies fighting ...
An Already Costly War
Annually, cybercrime is already a$6 trillion problem.
It’s expected to reach $10.5 trillion by 2025.
If it were a country, cybercrime would be the world’s third-largest economy after the U.S. and China.
And AI will only extend the scale and sophistication of these cyberattacks. That’s why not having a bulletproof security plan in place makes me extremely nervous.
So does what Brian Finch, co-leader of the cybersecurity, data protection and privacy practice at Pillsbury Law, said: “It’s generally easier and cheaper to launch attacks than to build effective defenses. AI will be, on balance, more hurtful than helpful.”
Until that balance shifts, I’ll stick to the adage, “Just because you can, doesn’t mean you should.” Mark my words: It has nothing to do with being tech-phobic or technically challenged.
For example:
- I’ve only used emojis three times, and two were by mistake. In fact, when someone sends me a series of them in a text, I type back, “Use your words.”
- And every auto-correct, auto-spell, auto-anything feature on my computer and phone are disabled to keep my brain working and avoid relying on these tools too much.
- I was also one of the last holdouts to buy a wireless phone. I kept asking myself, “Why in the world would I want to be accessible 24 hours a day?” I’m still asking myself that question.
So, when all the ChatGPT buzz erupted, I rolled my eyes, shook my head and uttered, “Not again.”
The déjà vu I felt was palpable.
It took me back to those years I lived and breathed technology as editor of an IT magazine.
One of the most interesting times came with the advent of the internet in the late ‘80s to early ‘90s. It wowed users but spooked the daylights out of folks responsible for managing computer systems and data.
I interviewed many IT professionals who warned about the ramifications of widespread connectivity — just like the tech elite today who are pleading with the world to “treat AI as a danger on par with pandemics and nuclear war.”
Scientists treated security as an afterthought when the internet launched, and we’ve paid dearly. Now …
We’re Doing It Again with AI
You can’t blame anyone for their ignorance when the “Wild Wild Web” was unleashed decades ago. But what’s the excuse for not applying the important lessons learned all those years ago to AI today?
Some experts suggest that companies just want to get their devices out to the public as quickly as possible, and at the cheapest cost to manufacture.
Because building layers of security takes time, effort and money, it often takes a back seat to pushing a product out to market before similar products made by competitors saturate the market.
So, we’re dealing with a potential monster. And as I mentioned at the beginning, but it’s certainly worth repeating — armed with AI (the same tool used by the good guys), cybercriminals are fully capable of outsmarting even the savviest security pros — let alone mainstream folks.
I recently reached out to a good friend and peer of mine in the IT industry, Bill Kleyman, who just returned from keynoting Data Center World, one of the biggest educational conferences and trade shows of its kind.
Bill is also a board member and investor in the startup, Neu.ro Inc., an AI infrastructure company using machine learning and deep learning to solve real-world problems for business and science.
Prior to that, he was executive vice president of Digital Solutions at Switch, the third-largest data center in the world.
Bill has a genuine stake and interest in AI. He told me he was floored when he asked the thousands of IT pros in the audience how many tried ChatGPT, and “nearly everyone in the room raised their hands. That’s mainstream to me! ChatGPT is a monopolist. It’s just a powerhouse of an app that came in as a Category 5 hurricane. There’s no stopping this thing.”
He continued:
“Look at how fast it’s developing. For example, just within the past couple of weeks, OpenAI and ChatGPT gave users the option to toggle and delete chat history. … It’s been around for a minute. It’s hard to grasp the gravity of the technology with 1 million users in five days and then 100 million users in two months since its launch. We have no precedent, and we have nothing to compare this to.”
My interpretation: We’re basically running blind and not sure at all what’s lurking around the corner.
What’s worse is that companies not only need to worry about outsiders stirring up trouble, but also about insiders who expose important data unknowingly. They might actually be the worst of the two offenders.
Sensitive data currently makes up 11% of what employees paste into ChatGPT, according to security firm Cyberhaven, which Bill referenced during our conversation.
Cyberhaven monitors how companies input confidential information. And of the 1.6 million employees that make up its clientele, it only detected and blocked 4.2% or 70,000 requeststo input data into ChatGPT.
Every one of these requests risked leaking confidential information, client data, source code, etc. One case involved an executive who cut and pasted his firm's entire 2022–2023 strategy document into ChatGPT and asked it to create a PowerPoint deck.
In another case, a doctor input his patient's name and medical condition and asked ChatGPT to craft a letter to the patient's insurance company. Violation of privacy? HIPPA would think so.
Privacy is hardly the only thing at stake. Many of these attacks, akin to cyberwarfare, come from outside the U.S. In fact, pipelines were targeted so they were unable to deliver fuel. So were hospitals during the COVID-19 outbreaks and even highly classified U.S. defense documents were breached.
We cannot afford to rest on our security laurels. Just as AI is expected to reduce the number of jobs performed by humans, it’s creating a huge need for security experts, and a steady stream of customers for companies with the technology capable of winning the cyberwar.
The Opportunity
Is Massive
Research and consulting firm Acumen estimates the global AI cybersecurity market that accounted for $14.9 billion in 2021 will reach $133.8 billion by 2030.
Next time you hear from me, I’ll tell you about a pioneer in this space positioned to capture the lion’s share of the market.
I recommended it for another publisher when it traded for $56 per share. At the time of writing, it’s now trading at $224 and up 62% year to date.
Can’t wait to share more, so make sure you don’t miss the second part of this series next week!
Until next time,
Karen
P.S. Desperate governments do desperate things. And with Uncle Sam dead broke and drowning in debt, it’s easy to see why the government is pulling out all the stops to get its hands on more of your money. Including a new Fed program launching this July that will give unelected officials the power to spy on and even take control of your bank account. Bottom line: Hold on to your wallet and don’t miss Dr. Martin Weiss’ Emergency Summit to Protect Your Money from Imminent Government Attacks. Click here for more.
