How Generative AI is Redrawing Cybersecurity Battle Lines

Technology

In 2024, the people in 55 countries – who represent 42% of the global population – will vote to elect their leaders, including high-profile elections for the US Presidency and the European Union Parliament1. In addition to attracting billions to cast their ballot, these events are likely to lure malicious actors. With generative artificial intelligence (AI) tools at their disposal, they seek to directly sabotage the electoral process by hacking systems or to sway public opinion using misinformation or deepfakes – their capabilities are greater than ever before.

 

How is generative AI transforming the cybersecurity battlefield and what might this mean for investors as they postulate what lies ahead for this investment theme?

How investors can access the opportunity

WisdomTree Artificial Intelligence UCITS ETF has been built in partnership with NASDAQ and the Consumer Technology Association (CTA) with the aim of embedding AI industry expertise into an investment solution. CTA’s input into the stock selection process facilitates the curation of a pure AI exposure that is differentiated and evolves along with the underlying technologies. Moreover, diversification across the AI value chain helps avoid the pitfalls of the hype cycle, something that is inevitable in a rapidly emerging theme. The ETF provides a direct way to capture the most exciting trends, technologies, and companies that stand to benefit from the explosion of interest in generative AI.

 

WisdomTree Cybersecurity UCITS ETF has been built in partnership with cybersecurity industry experts Team8 and invests across eight different cybersecurity themes. The ETF provides investors with a pure exposure to the theme by only including companies that derive at least 50% of their revenue from cybersecurity activities.

How generative AI can help attackers

Historically, basic cybersecurity training had been sufficient in enabling people to identify and defend against phishing attacks. Poor grammar, suspicious domains and questionable links were generally easy to spot. However, generative AI tools, like WormGPT2, that are trained on malware-related data and developed specifically for criminal activity can not only eliminate the easy-to-spot giveaways in phishing emails, but they also lower the bar for becoming a malicious actor.

 

Generative AI can also help polymorphic malware code, a type of program that learns and evolves to automatically become smarter after a failed attempt. This means that if the target does not update its security software, the malware code will come back stronger and exploit any vulnerability in the system3.

 

Generative AI is also improving the quality of deepfakes. According to the World Economic Forum, between 9 December 2023 and 8 January 2024, 100+ deepfake video advertisements of British Prime Minister Rishi Sunak on Meta were identified, many of which elicited emotional responses, using language such as “people are outraged”4.

 

Generative AI can also be used for identity theft. If a victim is indeed deceived and discloses their sensitive personal information, then documents like passports and driving licences can be forged.

How generative AI can help defenders

It is imperative that generative AI is also employed to defend against increasingly sophisticated attacks. For example, generative AI can help develop more advanced training modules to empower users to better guard themselves against high-quality phishing attacks.

 

Generative AI can also be used to analyse large quantities of data to identify patterns, trends, and anomalies that may indicate vulnerabilities in the system. It can also help cybersecurity teams plug the gaps before a polymorphic malware code makes a return.

 

Also, generative AI can be used to automate repetitive processes, streamlining tasks that are not only tedious but also prone to human error, like incident response, threat hunting, and malware analysis.

Cybersecurity is more important than ever

The figures below provide an alarming reminder that the importance of cybersecurity cannot be overstated.

Sources: CrowdStrike, ‘2024 Global Threat Report’, IBM, Cost of a Data Breach Report 2023

Most people who own a smartphone or a laptop typically use dozens of cloud-based software applications. Criminals are recognising this broader attack surface and are increasingly attacking their victims via the cloud. There has also been an alarming increase in sophisticated malware-free attacks: 75% in 2023, up from 40% in 20195. This suggests that attackers are moving to faster and more effective means of infiltrating their target organisations, using means like social engineering rather than always counting on planting malware in their victim’s system. This is an important reminder about how cybersecurity training must not only teach users to defend against phishing attacks but also remain guarded against physical deception.

 

The e-crime breakout time is how long it takes an attacker to move laterally within an organisation. This means gaining access to other users after initially compromising the first victim. The average e-crime breakout time fell from 84 minutes in 2022 to 62 minutes in 2023, with the fastest recorded time of just over 2 minutes6. And finally, the average cost of data breaches in 2023 to organisations was USD4.45m. This means that attackers are becoming faster, employing a wide range of tools, and causing serious harm to their victims.

 

Fortunately, organisations are waking up to this reality. According to IBM, 84% of executives plan to prioritise generative AI cybersecurity solutions over conventional cybersecurity solutions in 20247.

What it means for investors

Cybersecurity was among the top-performing themes in 2023. The WisdomTree Team8 Cybersecurity UCITS Index returned 66.5% in 2023 and even beat the NASDAQ CTA Artificial Intelligence Index which returned 55.9%8. It is, of course, impossible to predict if we will see similar numbers again in 2024. But if the market performance for thematic strategies is a function of strong positive currents in the underlying technologies combined with a broader appreciation of those trends, there is certainly plenty to remain excited about generative AI and its impact on cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *