Like many organizations, RSA hosts annual meetings where our team reviews the previous year’s performance, details our go-to-market-plans for the coming fiscal year, and celebrates our biggest wins.
During last year’s meeting, I presented a conversation that I had had with ChatGPT. This was in February 2023, when the large language model was one of the more interesting party tricks that users were testing to see if it could pass law exams, write code, or tell town-specific jokes.
I had asked ChatGPT if it had a message for the RSA sales team and what RSA could do to improve. Obviously, I was not turning over leadership decisions to a chatbot, but it was still a worthwhile exercise if only to see what ChatGPT (and the internet) thought about our sector and the trends that were shaping it.
One of its recommendations was to invest in “emerging technologies such as artificial intelligence and machine learning to stay ahead in the fast-paced cybersecurity market.”
The bot noted that AI can provide “advanced and automated solutions for threat detection and response, improved user experience, and increase efficiency.”
RSA had already been using machine learning in authentication for 20 years, and even while the recommendation struck me as self-serving (an AI recommending AI?), it also seemed like a reasonable suggestion given where the market was headed and what we were hearing from analysts and customers.
A year later, although ChatGPT got many of the benefits of using AI correct, it overlooked something just as important: namely, that cybersecurity needs to use AI if only to fight back against the threat actors that are deploying it themselves.
How AI is Changing Cybersecurity: For Better and Worse
Over the last year, we’ve seen AI drive a 1,265% increase in phishing emails, a 3,000% increase in deepfake fraud attempts, write polymorphic malware, and even use ‘Tom Hanks’ to sell dental insurance. Between the US presidential election, ransomware continuing to make headlines and steal millions, and now AI, cybercriminals have more tools, noise, and, motivation at their disposal than ever.
Rather than relying on ChatGPT to game out how those trends would develop in 2024, we turned to our customers, analysts, partners, and team to predict the threats and technologies that would shape the coming year.
Our new eBook, Top Trends in Identity for 2024: Securing the Future of Identity in the AI Era, details why we think passwordless authentication will realize significant progress, the industries we see coming under attack, and why AI is a double-edged sword that will cut even deeper this year, and more.
Moreover, our eBook details what we think organizations should do about those trends.
Take AI: it is about as buzzy a topic as there is in tech. That buzz can both inure users to its risks and overshadow its real cybersecurity potential. To harness that potential, security teams need to get into the weeds and understand what kind of AI model lends itself to cybersecurity and the security questions that AI is best suited to answer.
Getting that right can create stronger, smarter, and more effective cybersecurity: the IBM Cost of a Data Breach Report 2023 found that organizations that use security AI and automation “experienced, on average, a 108-day shorter time to identify and contain” a data breach. That time translates directly to an organization’s bottom line: organizations with sophisticated AI and automation “reported USD $1.76 million lower data breach costs.”
Importantly, most everyone wants AI to help them stay safe. In a 2023 RSA survey of more than 2,300 users, over 91% of respondents felt that AI had a critical role to play in improving cybersecurity.
Predictions Should Inspire Actions
When I stood on that stage a year ago and shared ChatGPT’s answers with the RSA team, I did not understand just how telling that exchange would become: that AI was reshaping the cybersecurity industry, but not in ways we could completely predict.
I think that’s the value of predictions generally, and one of the reasons why we’ve made our eBook freely available.
Not because we will get everything right—we certainly will not. But in trying to predict what comes next, organizations can learn where their blind spots are, evaluate ways to account for those omissions, and take actions today that change conditions tomorrow.
We cannot predict the future—no one can. But we can strive to improve it.