As AI becomes more common as a weapon used by cybercriminals, Flexxon’s Camellia Chan says the industry must fight fire with fire.
Two terms that have become intrinsically linked to the cybersecurity industry and anyone who works within it are burnout and artificial intelligence (AI).
Here at SiliconRepublic.com alone, we have been talking about burnout among cybersecurity worker for years, a problem that was compounded even more during the Covid-19 pandemic and has only continued to worsen due to skills gaps and a rapidly changing threat landscape.
Adding to those struggles the ongoing growth of AI and generative AI (GenAI). This has been signposted by experts for several years as a “double-edged sword” for the industry, with industry professionals focusing on the technology at the Cyber Ireland National Conference in September 2024.
In an interview with SiliconRepublic.com, industry leader Camellia Chan said she believes that where AI creates a problem, it can also become solution. “Any IT professional, no matter how vigilant, can only offer a single pair of eyes at any time,” she told SiliconRepublic.com.
“The need to be constantly alert creates stress, but AI can make up the difference for our limited capacity as human beings.”
Chan is the CEO and co-founder of Flexxon, a next-gen hardware cybersecurity company. Having built her first PC from scratch all the way back in her first year of university studying business management, she fell in love with technology.
“I then began my tech career working in various electronics companies, which gave me hands-on experience building different devices and systems. After a certain time, I realised I wanted to found my own company, and that led me to start Flexxon in 2007 with my co-founder, May Chng.
Flexxon began as an industrial NAND flash storage manufacturer, but soon evolved into a cybersecurity company to address the needs of customers who had suffered ransomware attacks. Its flagship product, X-PHY, is an AI-embedded data security solid-state drive that works at the physical layer of devices.
“Security threats are constantly evolving,” she said. “Software-based cybersecurity by itself is no longer sufficient and single-layer defence systems leave the door wide open for sophisticated hackers to gain access.”
AI versus humans
Staying ahead of cybercriminals is always a difficult race and emerging AI tools mean there are even more ways in which cybercriminals can try and break down the metaphorical door. And when it comes to man versus machine in the cybersecurity world, it could be like bringing a knife to a gun fight.
“Humans struggle to manage security threats generated by other humans; adding AI threats into the mix will exacerbate the situation as fallible human beings are one of the key weaknesses exploited by bad actors,” said Chan.
“For instance, AI can quickly generate believable phishing communications at scale without the tell-tale signs (such as typos) that revealed malicious activity in the past.
“True zero-trust security for data protection can be achieved by building in hardware-enforced security and AI-driven policy engines in place of relying on human judgement.”
Chan also said that every organisation should be using AI, especially to ease the load of decision-making, allowing IT professionals to focus on their most critical tasks. This in turn can help ease the worsening burnout problem within the industry.
“Any IT professional, no matter how vigilant, can only offer a single pair of eyes at any time,” she said. “With the knowledge that a second pair of eyes is actively monitoring and seeking out potential threats, IT managers will have both a lighter workload and much-needed peace of mind.”
Equally, without this additional support, Chan said IT and cybersecurity professionals will find themselves increasingly overworked just to maintain their current baseline of security. “In effect, security teams will have to keep running faster just to stay in the same place.”
Holding us to ransom
While AI remains the most talked about trend across all industries right now, not just in cybersecurity, it doesn’t mean that other threats are becoming less prevalent.
A report from the Barracuda Managed XDR team suggested that ransomware attacks increased four-fold last year and experts have warned that this is set to increase even further this year.
Chan agreed, staying that the threat is far from new but still demands attention. “New ransomware gangs such as RansomHub, Play, and DragonForce increasingly target critical infrastructure, which can be catastrophic for society as a whole. Last year we saw serious attacks on American Water and NHS, and we can expect more on those lines in the year ahead,” she said.
“Following the UK government’s classification of data centres as CNI [critical national infrastructure], we will also likely see an increase in attacks here. CNI cannot afford to rely solely on traditional software security such as firewalls and VPNs. These reactive methods can be too easily manipulated, exploited by zero-day attackers, or weakened by human error.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
