Cyber Shield or Double-Edged Sword? AI’s Role in Cybersecurity

How far AI will go in replacing humans at work and whether it can ever overcome its lack of consciousness, conscience, and intuition remains at question

Published:

2023 was the buzziest year for Artificial Intelligence (AI), and 2024 promises to exceed that.  Media articles have promised both that AI will take our jobs and revolutionize the way we work and no surprise – Large Language Models (LLM) and Generative AI (GenAI) suggests plenty of potential, both good and bad.

The reality, of course, is likely to be somewhere in between.  Neither completely revolutionizing our world, but improving it, nor destroying all jobs, but certainly affecting some.

There is no perfect prediction, either –consider that AI is a science – and like all sciences can be misunderstood in the media and by laypeople and even by the scientists themselves.  That’s why scientists build hypotheses and test them rigorously.  

So, what is the good and bad potential?

The Good

In its current form, AI has the most potential to relieve the need to perform repetitive tasks which require rote decision making.  It does, therefore, have the potential to relieve human capital burden in analyzing threat feeds for trends or potential incoming threats, identifying blind spots in security operations, and quickly sift through data sets and provide insight into vulnerability risks based on the combined organizational attack surface and the global threat landscape.

Prioritization may be simplified, enhancing existing risk calculations with a more dynamic and flexible calculation which considers factors malleable, changing based on threat modeling, organizational priorities, and current events.

With robot processing automation (RPA), there is the potential to automate response in the event of a breach or incident to quickly minimize the blast radius and impact to the organization’s resilience.  Post Incident Reviews may be simplified through the auto summarization of incidents using GenAI.

GenAI may also be used to relieve the burden of creating outage emails and updates, automating the collation of updates to executives to allow your teams to focus on restoring functionality and responding the event, as opposed to providing updates thereof. 

The Bad

Like any technology, AI can be hacked, as evidenced by the ChatGPT hack which resulted in a data breach and allowed bad actors to access information.  AI also poses a risk to organizations in the form of an emerging technology – one which without the proper governance can inadvertently expose information to an LLM that does not include adequate security controls commensurate with the sensitivity of the data – which is particularly true for non-corporate LLMs.  Additionally, bad data can mistrain AI to look at the wrong things and ignore the right things, which if it is too thoroughly trusted could go unnoticed until it’s too late.  

And what’s more, just as cybersecurity professionals can use AI to improve their ability to secure their company, we must imagine the bad actors are doing the same.  Just as a company’s AI can analyze threat feeds to find most likely exposures, a bad actor’s AI can be examining it to find the most likely vulnerability to exploit. Bad actors can identify trends of blind spots within organizations and use those blind spots against them. AI can sift through stolen data for the most useful and sensitive information.  And AI can be used to increase attack speed and increase the blast radius of an attack.

So, organizations must find the right balance – use AI to its fullest extent because its enemies will be doing the same but be careful to walk the line of overusing AI and accidentally exposing themselves by straining AIs capabilities. While AI can automate, it does not replace human intuition, nor can it at this point.

What to do about it

Organizations can take the following steps to approach their AI journey.

Prepare for the future

Even though some of AI is potential versus reality, it’s important to prepare to take the most advantage of AI as you can to make sure your organization is not left behind.

Looking at your data relationships and taxonomy company wide to create a common data model from which AI can learn.  Use products and platforms which centralize your data rather than siloing it, and consider protects like ServiceNow which is investing heavily in AI is currently at the forefront of the wave.

Look past the hype and gain understanding

Skynet is not coming.  At least not yet.  But AI is real and it is here.  It must be clearly understood and its capabilities and risks analyzed and measured, then aligned to the organization’s specific contexts.  We must truly understand what we have to work with to use it effectively.  The story of AI may be what gets you interested, but the reality of AI is what will pay your dividends.

Use AI to enhance your workforce but know where it cannot replace it

AI lacks social context, morality, and intuition.  It makes errors in things we would not expect it to, including answering mathematical questions, software engineering questions, and its hallucinations.  These errors can negatively impact your brand and reputation, as well as have costly mistakes if AI is over-used.

Build governance and security

Once there is an understanding of the products available, their risks and upsides, build an official use policy for AI – which products should be used?  What level of data sensitivity can be entered? If your organization does not have deliberate governance over all emerging technologies, including AI, you will quickly find yourself on the bleeding edge of history, instead of the cutting edge. There is a reason that Gartner has declared AI Trust, Risk, and Security Management the number one technology trend in 2024 (it was number three in 2023).

Governance should include explicability and transparency of the use of AI, should include data protection, application security and content anomaly detection, and should have controls in place to protect privacy, ensure fairness and minimize bias in the data sets.

Conclusion

Much like the telephone, the car, the airplane, the computer, and the smartphone, AI has the potential to affect our lives for reasons both good and bad.   It is, in fact, already doing so.  For cybersecurity, it offers equal measures of help and hurt, both enabling cybersecurity teams to be more effective, and opening the potential for bad actors to perform harm.

How far AI will go in replacing humans at work and whether it can ever overcome its lack of consciousness, conscience, and intuition (and there are certainly scientists out there trying) remains at question. In the meantime – understand how AI can help and hurt your business today, use it to enhance and further enable your teams to work more efficiently, and build governance to minimize the potential pitfalls and risks.

Want to Learn More? Talk to an Expert
Contact Us

Cyber Shield or Double-Edged Sword? AI’s Role in Cybersecurity

How far AI will go in replacing humans at work and whether it can ever overcome its lack of consciousness, conscience, and intuition remains at question

Knowledge Wrap Video

The event provided a vibrant platform for reconnecting with peers, delving into AI transformation, and driving innovation with purpose. Read on to discover how NewRocket made its mark at Knowledge 2024.

What We Learned

From recent insights gathered, we learned that ServiceNow customers are increasingly receptive to adopting AI solutions and ServiceNow has the tools to embrace that head on. However, there's a gap in AI use-cases for more mature users, highlighting the need for a creative approach to accommodate their business needs.

In navigating AI adoption, organizations are challenged to find the delicate balance between embracing innovation and avoiding dependency on emerging technologies. Advisory consulting and trusted guidance beyond initial queries spark interest, particularly around AI's impact on operations. Read our AI blog series to learn more about our approach.

Excitement around GenAI is apparent, with most users eager to explore its potential benefits and invest in quick wins. Notably, advanced use cases like process mining are gaining traction. Key solution themes include interest in native mobile applications, Employee Center migration, and the urgent need for enhanced data capabilities.

Recognitions and Awards

ServiceNow Americas Employee Workflow Partner of the Year

The ServiceNow Americas Employee Workflow Partner of the Year award celebrates Partners' exceptional efforts in enhancing employee experiences through innovative collaborations and technology solutions. Learn More.

UK Public Sector Partner of the Year Award

The ServiceNow UK Public Sector Partner of the Year underscores  Partners' dedication to driving digital transformation and delivering exceptional outcomes for public sector organizations in the UK.

ServiceNow.org Partnership for Good Grant

The ServiceNow.org Partnership for Good Grant highlights Partners' commitment to leveraging technology for social impact and driving positive change in communities around the world. Learn More.

Top 10 Finalist for ServiceNow Best Employee Portal of the Year

ServiceNow's Best Employee Portal of the Year award recognizing Partners' dedication to creating innovative solutions that empower employees and enhance workplace experiences. Learn More.

NewRocket Booth

At ServiceNow's Knowledge 24 event, we connected with 350+ attendees at our booth, showcasing how NewRocket supports organizations on their ServiceNow journey. AI emerged as a key topic, reflecting the growing interest in its potential across businesses. Our strategic advisory approach, FlightPath, aligns technology with business objectives, drawing on our expertise in customer, employee, technology, and security transformation. Plus, we captivated attendees by transforming them into astronauts using AI. See the photo booth results here!

Workshops and Speaking Sessions

Beyond Personas: Developing Holistic Frameworks to Personalize User Solutions

Industry innovation: Consilio’s Transformation Journey on ServiceNow

Dive Into Prototyping to Accelerate Validation With Design Libraries

Make Better Business Decisions by Integrating Risk and Compliance

Participating in ServiceNow's Knowledge sessions and workshops this year was truly enriching. Interacting with customers and partners provided invaluable insights into the future state of ServiceNow and allowed us to have in-depth discussions on how we can collectively offer better experiences across various facets of the platform. From exploring advanced AI integrations to optimizing workflow processes, the conversations were not only enlightening but also inspiring, fueling our commitment to innovation and excellence in the ServiceNow ecosystem. We can't wait to see you next year!

NewRocket Party

Our poolside event at the Capri restaurant in Las Vegas provided a refreshing break from the conference hustle, allowing us to unwind and connect with friends, colleagues, partners, and customers in the cool open air. As the night progressed, we loved creating unforgettable memories and strengthening our bonds within the ServiceNow community.