Tracey Gledhill, Chief Customer & Marketing Officer - Cyberon
Artificial intelligence has shifted from buzzword to baseline. More and more it has become embedded in the platforms we use, the decisions we make, and increasingly our business processes, including cyber. As a 35 year veteran of the tech industry, some in my position would be concerned about what this next wave of technology evolution means. As I have shared with many of my friends and coworkers:
On a more serious note, I attended a great event recently in which another greybeard such as myself coined a phrase worth sharing:
Thinking about how this applies to Business and Cybersecurity, my thoughts are about innovation, efficiency and competitive advantage.
Whilst it may be some time before AI can replace the fuzzy logic of a person, I leverage AI daily to save time and do things I would not normally be able to do. Some recent examples include:
1. Image generation - as my visual creative skills are typically restricted (for the safety of everyone) to the use of Visio and Powerpoint shapes, creating interesting images that suit a narrative are eff ortless.
2. Rapid prototyping - the ability to create code in a variety of languages and platforms without detailed knowledge of the environment is an absolute game changer.
3. Research and information gathering - whilst sifting through hundreds of Google searches may be fun, I have coffees to have and lunches to attend.
4. Automation - this is an area which I feel has the greatest upside for any business. Creation of intelligent workflows are in a word - "Amazing"!
A
s
a cybersecurity practitioner, I know that attackers leverage this technology for evil. AI has fundamentally changed the speed, scale, and
sophistication of both cyberattacks and cyber defense. The organisations that understand how to use AI responsibly and strategically, while
being mindful of how it can be abused, will be the ones who thrive in this new digital environment.
AI has dramatically lowered the barriers to launching complex cyberattacks. What used to take teams of skilled hackers now takes minutes using off-the-shelf generative AI tools. Some current real-world examples:
● Phishing as a Service powered by AI: Threat actors are using large language models to craft highly convincing phishing emails in perfect English (or any language), tailored to specific targets.
● Deepfake based social engineering: Audio and video deepfakes are being used to impersonate executives in finance scams and business email compromise attacks.
● AI driven vulnerability scanning: Malicious bots now autonomously crawl the internet and internal networks looking for weaknesses to exploit—far faster than most human defenders can respond.
The results are more targeted, believable, and scalable attacks that are harder to detect using traditional cyber defences.
On
the side of goodness, AI is also revolutionising how we defend our systems; if we embrace it. Here’s how forward-thinking organisations are
leveraging AI today for Cyber:
● Anomaly detection: AI models learn the normal behaviour of your network and flag suspicious events in real time catching threats or exploits much earlier.
● Automated incident response: AI supported networks and platforms can now auto-contain threats or isolate compromised devices within seconds, reducing dwell time and impact.
● Threat intelligence triage: There are better ways to use your expensive cyber people than use them as glorified data filters, sifting through thousands of alerts. Benefits include speed, scale, repeatability and cost. Milliseconds can matter but cash is typically king for most organisations. AI helps level the playing field if you know how to deploy it securely.
No
matter how advanced your technology is, people are your most flexible cyber control.
When schools started allowing students to use calculators, there was a part of the academic community who opposed it. It’s hard to imagine any educational institution today who would take this position.
Organisations that are already using AI tools like ChatGPT, Bard, or Copilot in their daily work are already seeing the benefits. Not just for efficiency but also staff satisfaction.
The last thing a talented, enthusiastic employee wants to do is fall behind in an organisation that is stuck in the dark ages. Moreover, creative and talented people are always looking for ways to push the envelope of personal performance.
Whether drafting emails, analysing data, or troubleshooting code, AI reduces the learning curve and a number of business risks.
Like
any effort or energy, if it is directed appropriately it can be an advantage. If not, much like the early days of unfiltered Internet
browsing in the workplace, it can introduce unexpected risks and disruption. Risks include things such as:
● Loss of productivity through unstructured 'playing' with the technology
● Sensitive data leaks through AI inputs
● Inconsistent or non-compliant outputs from generative tools
● Unknowingly introducing malicious code or recommendations into your systems
● Erosion of accountability where decisions are made based on AI outputs. A knee jerk approach could be to simply ban AI use outright. But
in reality, blocking access rarely eliminates risk, it just pushes it underground. Employees will still find ways to use AI tools if they
believe it helps them do their jobs easier or faster.
Most of humanity's greatest inventions can be harmful if misused. Reducing risk therefore must centre around knowledge and people. Here are some things to consider:
● Embrace the use of AI, but with clear boundaries, training, and oversight
● Develop policies that guide safe, ethical, and compliant AI use
● Equip staff with the skills to spot AI-driven threats and avoid common pitfalls
When governed well, people with AI skills and tools can be your strongest assets. Cybersecurity is about more than tools. It's about
culture, awareness, and shared responsibility across every role.
AI brings new benefits, but also complexities. For both SMBs and large enterprises, here are some
questions to consider:
● How to safely integrate AI to improve eff iciency in our operations including cyber?
● How AI can help us do more with less, especially in understaff ed security and other teams?
● How can we use AI to meet compliance or audit requirements faster and more consistently?
● If we don't embrace AI, will our competitors outcompete us?
● If we don't embrace AI, will we lose our best and brightest?
● Are we exposing sensitive data by feeding it into third-party AI tools?
● Could our own use of AI introduce vulnerabilities or compliance issues?
● Are our employees or partners using AI tools in ways that create unseen risks?
● Do we have the governance in place to adopt AI responsibly?
● Are we prepared for AI-based attacks targeting our brand, executives, or systems?
● Is our supply chain equally prepared, or are we exposed through third parties?
And like any tool, it’s how you use it and secure it that matters.
Whether you're an enterprise building automations, developing an AI governance framework or wondering how to secure AI use among
staff, we bring decades of experience, cross-industry insight, and a pragmatic, strategic approach to cybersecurity to help achieve real
business goals.
