The excitement of the opportunities of Generative AI (GenAI) for businesses is palpable. The large language models of GenAI have the opportunity to be formidable weapons for cyber threat detection. This can be specially be true for initial responses while simplifying complex data and security engineering processes, according to the Middle East findings of the 2024 Global Digital Trust Insights by PwC.
The survey was conducted for over 3876 businesses and tech executives of global companies. This included over 110 respondents from the Middle East. It focussed on several critical cyber risk concerns, and the need to place controls across access and identity and also GenAI.
The survey found both regionally and globally, the breach costs and the number of high-dollar breaches are on the rise. But surprisingly while cloud attacks are the top cyber concern, close to one-third of organisations have no risk management plan to address cloud service provider challenges.
In the Middle East, as companies are pivoting towards a more digital business model, more data is being generated and shared among organisations, partners and customers. However, increased digitisation means companies are exposed to new digital vulnerabilities, making an effective approach to cybersecurity and digital trust more important than ever.
Pushing the limits of GenAI
Organisations today are pushing the limits of GenAI, and testing what is possible, especially with defenceGPTS. However, in its initial stages, it may be awhile before we see broad-scale use of defenceGPTS.
The survey nevertheless pointed out three promising areas for using GenAI in cyber defence:
Threat detection and analysis
GenAI can be proactively used to detect vulnerability exploits and assess the extent of these threats. It can be used to understand what’s at risk, what has been compromised, and what the damages are. It can then provide tried and tested options for defence and remediation. GenAI can effectively identify anomalies, patterns, and different indicators of compromise that are elusive for traditional signature-based detection systems.
Cyber risk and incident reporting
It can also be effectively used to simplify cyber risk and incident reporting. GenAI’s Natural Language Processing (NLP), can turn reams of technical data into simple concise content that can be understood by also. This in turn can help with threat intelligence, risk assessment, audits, regulatory compliance, and assessments.
Adaptive controls
GenAI tools and machine learning algorithms can automate controls, recommend, validate and draft security policies. All of these can be tailored to an organisation’s threat profile, business and larger technological objectives. Close to 89 per cent of the region responded believe that GenAI will play a strong role in the growth of their organisation.
Does this open up to newer risks?
While the use of GenAI in security is vast and varied, there are also concerns that it may open organisations to newer forms of threat. There are also strong concerns on the ethical and responsible use of AI. Close to 83 per cent of the region’s respondents strongly agreed that there is a focus on responsible and ethical use of GenAI tools.
There also is a strong push towards regulations. The respondents from Middle East agreed that there is a need for four types of regulations – harmonisation of cyber and data protection laws, regulation of AI, and operational resilience requirements.
“In the region, as businesses continue to evolve, organisations must reconsider their cyber security strategies and adopt a new approach. As the global report highlights – Innovation means making bold moves, and there’s nothing more empowering than ensuring safety. Today, the integration of robust security measures and the fostering of digital trust is non-negotiable. Organisations need to act quickly, turning threats to opportunities for strengthening defences,” said the report.
While still in its nascent stages, it will be interesting to see the different use cases of GenAI in controlling threats and vulnerabilities.
