Hackers are using generative AI and ChatGPT to fine-tune ransomware and social engineering email-based attacks, leading to an increasing number of breaches. AI-enhanced threat actors are also exploiting unsecured gaps between endpoints and identity protection, showing that CISOs and other enterprise security experts are underprepared for cybersecurity in the age of artificial intelligence. These are among the conclusions of a new report from Forrester on the top cybersecurity threats in 2023. The report suggests that augmented by AI, threat actors will be able to attack any sector and any business with a speed, scale, and complexity of attack not previously possible.1
And Forrester wasn’t alone in sounding the alarm in May about the increasing weaponization of AI by would-be hackers.
Security firm Zscaler (held by the Fund) recently averted a social engineering attack from hackers who had used recordings of CEO Jay Chaudhry’s voice from talks available on the internet to synthesize a soundalike using AI. This soundalike tried via phone to get a Zscaler sales director in India to transfer funds to a bank in Singapore. Zscaler cited the availability of AI as part of the 47% rise the company has seen in phishing attacks over the last year.2
And CISOs are being warned about the security implications of generative AI use by employees. As not every company has its own large language model (LLM), employees are going outside the organization to use public LLMs like ChatGPT, Microsoft’s Bing AI, or Google’s Bard to help make their everyday work tasks easier. As a result, many CISOs are playing catch-up on monitoring how employees are using this technology and assessing what kind of privacy and data security challenges the use of external generative AI poses.3
Industry Updates on Specific Companies
Zscaler announced new AI-powered monitoring capabilities in its Zscaler Digital ExperienceTM (ZDX). The upgraded ZDX platform can provide end-to-end visibility into the user experience, offer intelligent solutions for user issues, and allows troubleshooting through the Zscaler security cloud.
Thanks to the integration of AI, troubleshooting can be reduced from hours or days to mere minutes. This capability is increasingly important with today’s workforce dispersed geographically, which poses challenges for IT and helpdesk teams. According to Zscaler, by using this digital experience monitoring and AI-powered troubleshooting, IT Ops productivity increased 70% within environments secured by Zscaler.4
To help combat the growing risks posed by AI-enabled hackers, CrowdStrike unveiled its new Charlotte AI, a generative AI cybersecurity analyst meant to help users of the CrowdStrike Falcon platform stay ahead of threats, regardless of their cybersecurity skill level. Charlotte AI lets users as questions in natural language (including English and dozens of other languages) and receive intuitive, plain-language answers in real-time. According to CrowdStrike, the ability for even junior members of a security team to access Charlotte AI and benefit from its insights while hunting threats will mean that more members of an organization’s IT or cybersecurity team will be able to be as effective as a senior member.5
Diversified Investing in Cybersecurity with CYBR ETF
A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.
Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry.
Portfolio Strategy and Activity
For the month, Zscaler Inc made the largest contribution to the Fund, followed by Okta Inc and CrowdStrike Holdings Inc. The largest detractors to performance for the month were GDS Holdings Ltd, followed by CACI International Inc and Check Point Software Tech Ltd.
For more information, visit the fund page here: https://evolveetfs.com/cybr/.
- Columbus, L., “Forrester predicts 2023’s top cybersecurity threats: From generative AI to geopolitical tensions,” VentureBeat, May 22, 2023; https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/
- Menn, J., “Cybersecurity faces a challenge from artificial intelligence’s rise,” The Washington Post, May 11, 2023; https://www.washingtonpost.com/technology/2023/05/11/hacking-ai-cybersecurity-future/
- Cohen, M., “Workers are secretly using ChatGPT, AI and it will pose big risks for tech leaders,” CNBC, April 30, 2023; https://www.cnbc.com/2023/04/30/the-big-cyber-risks-when-chatgpt-and-ai-are-secretly-used-by-employees.html
- “Zscaler Expands Digital Experience Monitoring with New AI-Powered Insights and Analysis to Support Employee Productivity,” Zscaler, May 9, 2023; https://www.zscaler.com/press/zscaler-expands-digital-experience-monitoring-new-ai-powered-insights-and-analysis-support
- “CrowdStrike Introduces Charlotte AI to Deliver Generative AI-Powered Cybersecurity,” CrowdStrike, May 30, 2023; https://www.crowdstrike.com/press-releases/crowdstrike-introduces-charlotte-ai-to-deliver-generative-ai-powered-cybersecurity/