Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

AI is now being used by cybercriminals against people like you. It’s also useful in your defence

I’ve spent more than 20 years infiltrating company networks and testing the digital identities of employees. But with the rise of generative AI, I no longer need to “hack” my way in — I can just log in. And I’m not the only one.
Cybercriminals are increasingly using employees’ identities to access company networks, with a 71 per cent increase globally in these kinds of attacks last year. As a hacker and the chief architect for IBM X-Force, I’ve had the privilege of working alongside some of the brightest minds in the industry to stay one step ahead of the evolving threat landscape. But despite our best efforts, the reality is that cybersecurity remains a cat-and-mouse game, with attackers continually finding new ways to breach even the most secure systems.
In recent years, we’ve seen a significant increase in the number and sophistication of cyber attacks. From ransomware and phishing to advanced persistent threats (APTs), the diversity of attacks is staggering. And it’s not just large corporations that are being targeted — small businesses, individuals, and even governments are all fair game.
Amid the growing adoption of generative AI and cybercriminals showing more interest in its us, it may be only a matter of time before your identity is exploited and your information is made available on the Dark Web. And once identity data is exposed, it’s irreversible.
Our online identities are made up of multiple components, from credit cards to social media profiles. But these fragments are often exposed, stolen, or publicly available, making it easy for cybercriminals to stitch them together for malicious purposes. And with generative AI, this process is becoming even easier.
In the physical world, we take steps to protect our identities, such as using secure wallets and credit cards. But in the digital world, our identities are often more vulnerable. Cybercriminals can use stolen login credentials, emails, and other personally identifiable information (PII) to access our sensitive data. And with the rise of generative AI, they can even create convincing fake identities to deceive us.
While you may not consider your privacy severely violated if someone accessed your grocery-store loyalty card, you would likely change your mind if a cybercriminal stitched together multiple personal identifiers revealing your hobbies, patterns, and other traits. That online access would not only reveal where you shop, but also what you buy, what car you drive, where and when you went on holiday, and more. All of this can be valuable to someone with harmful intent. IBM has responded to breaches where cybercriminals have harvested details ranging from the type of pizza a victim orders to the diaper size they buy for their baby.
Somewhat ironically, while AI has emerged as a significant threat and greatly augmented threat actors’ attacks, it is also a crucial tool in the fight against cybercrime. By leveraging AI-powered tools, individuals and businesses can bolster their defences against cybercriminals seeking to steal sensitive information. AI can help identify and flag suspicious activity, such as unusual login attempts or transactions, letting individuals take quick action to protect their identities. Moreover, AI-powered authentication systems can provide an additional layer of security, making it more difficult for cybercriminals to gain unauthorized access to sensitive information. Statistics show that it is working.
IBM’s most recent Cost of a Data Breach study reported that organizations which extensively used AI and automation in their security operations over the last year had breach lifecycles that were 54 days shorter on average and cost $2.84 million (Canadian) less. That is an advantage that shouldn’t be ignored.
While AI for cybersecurity will be a lifeline for Canadian businesses and citizens, it is not a silver bullet. AI is just one part of a comprehensive cybersecurity strategy that includes pragmatic design, evolving risk mitigation controls, contextualized threat intelligence, and tested incident response planning. But as the threat of identity theft continues to evolve, AI is most certainly poised to play a crucial role in protecting individuals and organizations from malicious cybercriminals.

en_USEnglish