It’s 2024, and you can now deepfake world leaders to sing your favourite Taylor Swift song using only AI and an existing video of the individual. Whether we like it or not, AI-generated content has crept into most aspects of our daily lives.
That’s not all. The advertisement you’ve just walked past, the music playing in the background, and the blog post you’re trusting to give you a legitimate recipe all hold the possibility of having generative AI’s contributions in them.
Unlike the expensive and cumbersome VR headsets or waitering robots, it is almost too easy to access and adopt generative AI into our daily tasks. Because of its accessibility and low barrier to entry, the technology has gained momentum, exploding into a US$45 billion market last year, and is expected to grow by leaps and bounds until at least 2030.
The generative AI gold rush
The figures are staggering. Given how generative AI is applicable in a range of use cases across all industries, almost every organisation is tapping into the AI gold rush. Those who aren’t are simply missing out on that first-mover advantage and will inevitably lag behind competitors.
Widespread adoption of generative AI is already occurring in security teams. A recently launched State of Security report by Splunk found that 91% of respondents globally are using it, with 46% declaring that the technology will be “game-changing” for their security teams.
While AI has always been part of security operations centres’ set of tools, this new strain of generative AI has opened doors for unprecedented and never-imagined enhancements, including threat detection and prevention, anomaly detection, endpoint security, user authentication, automated response, vulnerability management, security analytics, and threat intelligence.
Essentially, generative AI has the ability to close the skill gap by empowering security teams to swiftly detect and respond to threats, thus better protecting critical data and infrastructure. With its adaptive defences, generative AI allows organisations to proactively adjust security measures in real time, outmanoeuvring cybercriminals.
Singapore’s state of cyber affairs for generative AI
The Singaporean government has been proactive in promoting cybersecurity and investing in cutting-edge technologies. Initiatives such as the Cybersecurity Strategy and the National Cybersecurity R&D Program demonstrate the country’s commitment to fostering innovation in the field.
Relevant stakeholders are also actively discussing how they can better develop policies and regulations specific to generative AI in cybersecurity to ensure responsible deployment and address potential risks.
Yet, despite a strong national focus on the technology, it is curious that only 76% of local security teams in Singapore seem to have confidence in the technology – the lowest across all countries surveyed by Splunk.
This is also reflected in actual implementation, where Singapore has the lowest percentage (77%) of organisations that have or are developing a formal generative AI plan for cybersecurity.
Why are security teams in Singapore sitting on the untapped potential generative AI can offer in cybersecurity?
While the island state has always welcomed and championed innovation, local players tend to adopt a more cautious approach. For a field with so much at stake, cybersecurity practitioners cannot afford to rush things, and it seems that local organisations are taking heed.
Moreover, cyber anxieties born out of “AI anxiety” are not uncommon.
A Censuswide survey reported that 48% of respondents are worried they cannot keep up with developments in AI. Another 48% believe their colleagues are better-versed in AI than they are, and 63% of respondents said they want to learn more about AI, even if they do not know where to start. Splunk’s State of Security report also found that 46% of respondents found it “more difficult to keep up with cybersecurity requirements over the past two years.”
Taming the generative AI beast
The benefits of adapting to the new generative AI normal cannot be understated; it would allow cybersecurity teams to unlock their full potential. However, it is imperative to practice caution and leverage the wisdom gained from cloud and IoT adoption. A lack of responsible processes, guardrails, and planning could come back to haunt security teams.
Rushing without proper consideration can result in unfavourable outcomes.
To navigate the ever-evolving landscape of cybersecurity, organisations must strike a delicate balance between embracing innovation and implementing thoughtful, sustainable processes.
Robust policies and procedures are essential, but they can only be effective if security teams possess a deep understanding of the technology at hand. In fact, a staggering 65% of security teams admit to lacking education around generative AI.
Addressing this knowledge gap requires a nuanced approach. While it may be tempting to clamp down tightly on generative AI due to security concerns, doing so risks falling behind competitors who are harnessing its potential.
Moreover, such a restrictive approach leaves organisations vulnerable to threat actors who have already demonstrated their willingness to exploit these tools.
Embracing AI with thoughtful policies in place will help alleviate anxiety, while strong collaboration among teams, including compliance, will help in the long run.
While looming AI attacks sound terrifying, it is important not to forget the basics. Cybersecurity threats are becoming more sophisticated, but adversaries still rely on tried-and-true techniques, and misconfigured systems remain a top vector in 2024.
Implementing basic controls is where organisations can get the greatest return on investment, making it easier to keep up with requirements in the long term. Although 76% say completing an IT asset inventory takes too much time, it’s time well spent. An up-to-date view of your assets and their dependencies can prevent dangerous blind spots.
It is crucial to learn from past experiences and avoid repeating the mistakes of haphazard adoption. By embracing generative AI with a thoughtful and informed approach, security teams can safeguard their organisations while staying ahead in the digital race.