凯捷：2024年AI与生成式AI对网络安全的双重影响研究报告

New defenses, new threats: What AI and Gen AI bring to cybersecurity#GetTheFutureYouWantNew defenses, new threats What AI and Gen AI bring to cybersecurity2Capgemini Research Institute 2024New defenses, new threats: What AI and Gen AI bring to cybersecurityTable of contentsExecutive summary04Cybersecurity to the fore10The AI and Gen AI risk landscape18We rely on AI28Gen AI will reinforce cybersecurity363Capgemini Research Institute 2024New defenses, new threats: What AI and Gen AI bring to cybersecurityExploring AI and Gen AI use cases42Recommendations: Using AI and Gen AI to strengthen your cyber defenses50Conclusion 66Research methodology674Capgemini Research Institute 2024New defenses, new threats: What AI and Gen AI bring to cybersecurityExecutive summary Cybersecurity incidents on the rise: As the number of cybersecurity incidents rises and the threats – including phishing, spear phishing, ransomware, deepfakes, and fraud schemes – grow in sophistication, organizations must enhance their cyber defenses. Our research indicates that 92% of organizations experienced a breach last year, a significant rise from 51% in 2021. The repercussions of these are frequently highly damaging, with around half of organizations reporting estimated direct and indirect losses in excess of $50 million over the past three years. It is clear that new cybersecurity risks are emerging due to AI and Gen AI. At the same time, the use of these technologies presents an opportunity to enhance an organization’s cybersecurity. This represents a transformative shift in how security professionals predict, detect, and respond to threats. 1. More sophisticated attacks and more adversaries: Threat actors are exploiting AI, including Gen AI, in various ways. Gen AI lowers barriers for these actors, enabling more sophisticated attacks. Typical uses of Gen AI by cybercriminals include phishing, social engineering, deepfakes, malware development, bypassing security controls, exploiting vulnerabilities, automated hacking, creation of malicious GPTs (Generative Pre-trained Transformers), bypassing security controls by mimicking real user behavior. 2. Expansion of the cyber-attack surface: With 97% of surveyed organizations reporting security incidents related to Gen AI in the past year, organizations must contend with an expanded attack surface. “Prompt injection” attacks manipulate Gen AI models and compromise the integrity of their model outputs. 97%of organizations reported security incidents related to Gen AI in the past year.Three ways in which AI and Gen AI can pose risks:5Capgemini Research Institute 2024New defenses, new threats: What AI and Gen AI bring to cybersecurityExecutive summary The external attack surface is becoming increasingly complex and multifaceted with the increasing use of AI and Gen AI across various industries. In addition to the traditional attack surfaces that organizations need to protect such as networks, endpoints, data platforms and applications, n