As artificial intelligence (AI) tools advance, so do the risks to cybersecurity, speakers on the “Digital Identity is Driving the Autonomous Revolution” panel at the Consumer Technology Association (CES) Show said Tuesday.
“Everybody, every organization, and every client that we work with is experimenting with AI right now,” said Gillian Crossan, Deloitte principal in cyber and strategic risk. “As are bad actors experimenting with AI.”
AI has made it easier for attackers to build malware code and phishing scams, Crossan said.
“If you think about phishing, often the way that we can identify phishing is with poor grammar or wrong cultural context,” Crossan said. “There are technologies available for $100 a month that will help you with phishing in 27 languages and use AI to really improve that cultural connection. Things like that are impacting the threat landscape, in that it’s getting harder and harder to detect.”
AI also is making it easier to create deepfakes, which is worrying businesses, Crossan said. Deepfakes is content that manipulates facial appearance to appear as someone it is not.
“The threat landscape is definitely getting worse from an AI perspective,” Crossan said. “But of course, AI is that double-edged sword and, yes, it’s getting worse, but leveraging AI in order to be able to improve threat detection is another important aspect of how the landscape is changing and evolving.”
Crossan said while there’s been more focus on cybersecurity in recent years, overall, there’s still an underinvestment in cybersecurity within organizations.
Rex Booth, Sailpoint chief information security officer, said the global threat also is growing as technology advances.
“Ten years ago, we were very focused, at least in the U.S., on about four countries that had what we considered offensive cyber capabilities,” Booth said. “Over time that’s changed. And now there are many more countries that are considered to be capable and have offensive cyber capabilities.”
Organizations sharing information is one key to combatting the acts, Booth said.
Crossan said shared information could help organizations quickly identify hacks and resolve them, lowering the cost of each cyber incident.
Josh Davis, Toyota’s chief cybersecurity officer and Automotive Information Sharing and Analysis Center (Auto-ISAC) chair, said Auto-ISAC is one way those in the automotive industry keep each other informed. The organization shares and analyzes intelligence about emergency cybersecurity risks to the vehicle, according to its website.
However, attackers also organize to share information, Davis said. He said cybersecurity officials will see an uptick of individuals attempting to attack services after such events.
Multiple speakers agreed that government regulation is needed to protect consumers as technology changes.
“I do think that regulation is a very good way to wake up an organization,” Crossan said.
Protecting identity remains the top concern for many partners in Auto-ISAC, Davis said. He said this includes protecting the identities of consumers, employees, partners, and suppliers.
“We regularly benchmark for where we’re spending money, where we’re investing resources, where we’re investing our top talent and thinking about next-generation services and how they impact our products and enterprises,” Davis said. “And I can say, for certain, in the last 10 years, the No. 1 area has been identity.”
When asked if Toyota has plans to protect consumer identity as vehicles pass through the dealership and repair industry by Repairer Driven News, Davis said that is a part of the company’s long-term vision.
“Identity services that we have built and we’re investing in for the future include building a very robust, secure, and reliable identity between OEMs and dealerships or other servicing centers, like repair shops,” Davis said. “We don’t need to have many different identities for the same consumer. I think it’s a long-term vision. I don’t think it’s very achievable in today’s world but that’s our intent, to make it as strong and as positive of an experience as possible.”
Sharon Chand, Rex Booth, Josh Davis, Gillian Crossan, and Venky Rangachari talk during a CES 2024 panel on Jan. 9. (Teresa Moss/Repairer Driven News)