Diversity Is Key To Combating Gen-AI Hackers

Uploaded on 2024-12-17 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Hackers, JOBS-Careers, FREE TO VIEW

This year, a Hong Kong business fell victim to a sophisticated cyber attack, losing $25 million after an employee was deceived by a deepfake video call impersonating their CFO. This incident highlights just how much generative AI (genAI) is changing the complexity of cyber attacks. 

While not all threats reach this level of sophistication, the Brirish  National Cyber Security Centre warns that AI is increasingly being used by a range of threat actors including state or non-state, highly skilled or even less experienced.

The adoption of AI in cyber attacks is reshaping the threat landscape, making vigilance and innovation in defence more critical than ever. 

Balancing Threats & Opportunities 

GenAI is creating a dynamic and challenging threat landscape for cyber teams. Issues such as misinformation and deep fakes are becoming more common, complicating efforts to protect organisations. As genAI tools become more widely integrated into workplaces, data protection has emerged as a critical concern, particularly for organisations using open-source AI tools. These developments demand more robust strategies to mitigate risks effectively. 

However, it’s not just the criminals using genAI to their advantage. Cyber leaders are harnessing the technology to identify weaknesses in their attack surfaces and to improve their detection and triaging of attacks and malicious campaigns. 

They’re also getting on the front foot by establishing clear policies on the appropriate uses of AI in the workplace and prioritising training in AI literacy and safety for employees so security risks can be avoided. This can include the workforce not falling foul to voice clones or using insecure third-party chatbots that may give attackers unauthorised access to networks. 

The Importance Of The Makeup Of A Cyber Team 

Adapting technologies and policies to address the emerging threat landscape shaped by the rise of genAI is crucial. But this alone will not be enough to battle AI-armed hackers. Just as important is the makeup of a cyber team itself. Why? While the AI threat may be digital, its driver is human. That means you need people who can get into the minds of hackers. To understand them. And, to outthink them. 

Diversity is key to this. Teams must be formed of people from different backgrounds and who have different experiences and skill sets, so they approach AI threats in innovative ways. This will enable teams to avoid blind spots by bringing together different perspectives and critical thinking to tackle new challenges with creativity and ingenuity. 

The Issue With Traditional Hiring Routes 

If you work in cyber, though, you’ll already know that many teams aren’t diverse. Sometimes this is down to the broader issue of the UK skills gap, given 30% of cyber firms in the UK say they have faced a problem with a technical skills gap. We also know that a catalyst for this skills gap is a grassroots issue that inhibits more diverse representation into this traditionally white male-dominated career path.  

It is also a hiring issue. When a cyber role is advertised, you’ll see heavy emphasis placed on the candidate having completed a relevant degree and even for an entry-level position, having some level of industry experience (sometimes three years!). 

Continuing in this vein means that hiring managers risk narrowing the talent pool and continuing to hire the same ‘cookie cutter’ version of what they think is an ideal cyber security employee. The homogeneity of a traditional cyber team, made up mostly of white, middle-class men can jeopardise an organisation’s security.

With a host of similar worldviews, these teams may lack the diversity of skills and ideas to tackle rising genAI threats and get into the minds of hackers.   

The Industry’s Need For Impact Skills 

The hiring process is a place where a lot of this progressive change can happen. Ensuring hiring managers are prioritising skills and experience over qualifications can help encourage career changers and those from non-traditional cyber routes into the industry. By prioritising these types of candidates, cyber leaders can bring unique insights into how cyber threats impact different business areas. 

Organisations are often well-versed in placing experienced hires, graduates or apprentices. However, they often lack a defined path for experienced professionals with new cyber skills. For example, project managers transitioning to cyber project managers often don’t fit into predefined hiring categories.

By opening these paths, organisations can leverage the experience of individuals who can apply their knowledge to cyber-specific challenges.

This approach also means the hiring focus does not solely focus on individuals with advanced technical skills, aligning with the outdated perception that only individuals equipped with this will succeed. In reality, those skills are often the easiest to teach and continuous technical training is needed, regardless, because of the new threats emerging thanks to genAI and other technologies. What the industry needs is impact skills, which range from creativity and problem-solving to critical thinking, which aid teams to get into the minds of the hackers using genAI. 

Breaking Down Barriers 

Addressing the risks posed by genAI in cyber security demands removing barriers to professional education and expanding access to the field. The UK’s cyber security workforce faces a critical skills shortage, limiting its ability to identify and mitigate threats effectively. To close this gap, hiring practices should prioritise candidates with diverse skills and non-traditional backgrounds, broadening the talent pool. 

By assembling teams with diverse perspectives and expertise, organisations can not only mitigate AI-related cyber risks but also innovate and gain a competitive edge in the digital age.

Dr. Andrea Cullen is CEO &  Co-Founder of CAPSLOCK

Image: Ideogram

You Might Also Read: 

One Third Of Cyber Criminals Are Women:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« British Spy Agency Opens A New Cyber Centre
The Corporate CISO Role Is Evolving  »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Department of Justice & Equality - Cybercrime Division - Ireland

Department of Justice & Equality - Cybercrime Division - Ireland

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

ActZero

ActZero

ActZero’s security platform leverages proprietary AI-based systems and full-stack visibility to detect, analyze, contain, and disrupt threats.

Luxembourg House of Financial Technology (LHoFT)

Luxembourg House of Financial Technology (LHoFT)

Offering start-up incubation, co-working spaces including a soft-landing platform, the LHoFT connects and creates value for the entire Luxembourg FinTech ecosystem.

LANCOM Systems

LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking (WAN, LAN, WLAN) and firewall solutions for the public and private sectors.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.

SecurWeave

SecurWeave

SecurWeave's Configurable Hardware Enforced Safety and Security (CHESS) platform has been designed to meet the security and safety criticality needs of the evolving digital industry.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

SafeAeon

SafeAeon

SafeAeon is a leading Cybersecurity-as-a-Service provider, offering 24x7 premium Managed Security Services with AI-powered and Human-driven 24x7 SOC.

CyberNINES

CyberNINES

CyberNINES is a business specializing in helping US Department of Defense contractors become compliant and attest to federal cybersecurity regulation requirements.