Together with Chester Wisniewski, Director, Global Field CISO at Sophos, we discussed various aspects of the use of artificial intelligence (AI) in both cybersecurity and cybercriminals. It's a fact that both sides are using AI. But which has the greater advantage?
B2B Cyber Security: Why is AI essential for today's cybersecurity?
Chester Wisniewski, Sophos: AI offers a variety of benefits for cybersecurity: automation, speed, scalability, and improved detection. Rule-based systems would require immense manual effort to handle the scale of modern threats. AI models can generalize by learning relationships between any number of features, whereas human analysts cannot write such complex rules.
B2B Cyber Security: What potential risks does generative AI pose for cybersecurity?
Chester Wisniewski, Director, Global Field CISO Sophos (Image: Sophos).
Chester Wisniewski, Sophos: In most cases, criminals use AI for social scams and the social aspects of traditional attacks. AI enables accurate translation at scale, dramatically increasing the quality of social scams. It can also be used to create high-quality phishing emails that are indistinguishable from genuine emails. AI chatbots are also very useful for engaging with potential victims and laying out the bait.
B2B Cyber Security: Headlines are increasingly claiming that criminals are using AI on a massive scale. What do you think about this perception?
Chester Wisniewski, Sophos: I don't think so. I've seen very little evidence of AI misuse outside of social engineering. My instincts and years of experience tell me that a large portion of emails, social media, and text messages are generated by LLM models, but very little malware is used for exploitation.
B2B Cyber Security: When do you expect traditional or normal hackers to start using their own AI models on a larger scale?
Chester Wisniewski, Sophos: Only when they have to. Criminals are lazy and do what's most effective to extort money or disrupt operations. We've observed ransomware groups copying each other's best techniques for over 10 years, gradually improving their ransomware extortion tactics to achieve higher ransom amounts. So why would they invest time and money in developing advanced techniques like LLMs when they can easily exploit unpatched firewalls or steal a user's password and log into a system? The AI advantage currently goes exclusively to the defenders, as we have the resources and data scientists to develop efficient models for cyber defense. Criminals will only do this when it's either cheap and easy enough (as with audio defakes) or when it's more effective than traditional methods (which seems to be the case with phishing and spam today).
B2B Cyber Security: Are there regional differences between Europe and the rest of the world when it comes to dealing with AI in relation to cybercrime?
Chester Wisniewski, Sophos: Difficult to say. Anecdotally, I'd say that using LLMs to generate text in the many European languages is a greater advantage for making their phishing methods more sophisticated than in English, which has many more native speakers. In conversations with people I know in Portugal, for example, the prevailing feeling seems to be that there are increasingly more phishing emails written correctly for that market and containing correct Portuguese (not Brazilian) than before.
B2B Cyber Security: Quantum computers are repeatedly linked to the next major evolutionary step in AI. Will quantum computers truly revolutionize AI, and will this bring us a big step closer to a true AI that can think for itself? What impact would this have on cybercrime?
Chester Wisniewski, Sophos: That won't happen anytime soon. We haven't yet built a quantum computer that can perform even a single practical task reliably and at scale. However, we should already be thinking about introducing post-quantum encryption, because sensitive data needs to be protected over longer periods of time. But we're still a long way from AI with quantum computing.
B2B Cyber Security: On another platform: Where do you see the role of open-source AI and does it even have a chance alongside the big providers with products like Deepk Seek or GROK 3?
Chester Wisniewski, Sophos: Open-source AI weightings are an interesting topic. I think they make it easier for many people who want to work with GenAI models to get started because they require less money and resources to get started. I'm from Canada, and we didn't have the resources to invest hundreds of millions of dollars into building an OpenAI competitor. But by leveraging these open models, there are tech startups across the country experimenting with new applications. While these models also carry risks, as we don't know exactly what they were trained on or whether the data has been manipulated, they open the playing field in a positive way.
B2B Cyber Security: Do you see any particular dangers with generative AI tools that could pose a problem for companies – apart from the criminals who use them to create threats?
Chester Wisniewski, Sophos: As I said, we don't know exactly what the AI tools were trained on. I certainly wouldn't upload sensitive data to models in countries that don't respect our local data protection laws and regulations. But I think they're safe if they're run locally or on a trusted cloud computing infrastructure. What concerns me more is the fact that these tools can be integrated into other products and services without properly disclosing where our data is being processed.
B2B Cyber Security: Could open-source AI models be an interesting approach for cybercriminals to create their own models?
Chester Wisniewski, Sophos: In principle, criminals could abuse these models for their own purposes. They're most likely already doing so, although currently only experimentally. The question is whether it's worth the effort. If they can use publicly hosted models and their existing tools and techniques work, they won't bother. Only if it's easier, cheaper, and more effective will they bother. Today, they simply abuse the major providers with stolen accounts or credit cards and use them for social engineering purposes. This is much easier than training or running their own model. Tomorrow… who knows?
Thank you for the interesting conversation, Mr. Wisniewski!
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.