Artificial intelligence (AI)’s revolutionary strides in the cybersecurity landscape has been identified as double-edged, presenting both opportunities and challenges for businesses in Africa.
This observation by Allan Juma, Cyber Security Engineer at ESET East Africa presupposes that, although AI-powered defense mechanisms can detect and respond to cyber threats with unprecedented speed and accuracy, cybercriminals are leveraging on its advances to coordinate more sophisticated attacks, exploiting human vulnerabilities on a massive scale.
Juma, in a statement said, AI itself is not inherently bad, but pointed out that it has the potential to be both good and bad.
He said, “In the hands of defenders, it can offer powerful protection from cyberattacks; in the hands of cybercriminals, it can be used to exploit human vulnerabilities on a massive scale.”
Recent reports have shown that cybercriminals are using AI to craft persuasive phishing emails, automate vulnerability scanning, and identify compromised internal accounts. This is as it hasl also been establihed that generative AI and large language models, such as ChatGPT, make it easier for attackers to imitate executives or colleagues, targeting new regions and smaller countries with niche dialects.
“Advanced social engineering is one of the top AI-enhanced cyber threats on our radar,” Juma said, adding that these models are skilled with translation, allowing attackers to target specific regions and demographics.
Meanwhile, experts have also revealed that a significant percentage of data breaches result from human error, making cybersecurity awareness training essential to combatting AI-driven cybercrime.
According to Juma, “A lack of knowledge is the greatest threat to cybersecurity in any business – and cybercriminals know that, and they’re going to take advantage of it.”
Research conducted by the Google Threat Intelligence Group (GTIG) found that cybercriminals are using Google’s AI model Gemini for research and content generation, including developing target personas and messaging, translation, and localization.
Where training and vigilance fail, AI-driven defense mechanisms may be the key to protecting business operations from cyber threats. Security teams can use AI to analyze patterns and predict cyber threats before they happen, automating responses to detected threats and reducing reaction times.
Juma said AI has been part of cybersecurity approaches and software for a long time.
He said, “This gives an advantage, because we’ve been able to spend more time with it and integrate it into our systems.”
The expert has warned that as AI continues to evolve, businesses must stay vigilant and aware of the risks.
“The danger with AI becoming such a pervasive topic is that we have forgotten how dangerous it can be. Businesses need to keep it top of mind and be aware of the risks so that they can address them,” Juma said.
AI-driven cybercrime is a growing threat that requires a multifaceted approach to cybersecurity. By combining AI-powered defense mechanisms with cybersecurity awareness training and human expertise, experts say businesses can stay ahead of the threat and protect their operations from cyber attacks.
