From airport shutdowns to retailers being forced to go offline, the heightened threat of cybercriminals is once again firmly in the spotlight. These malicious actors have been emboldened in recent times by the advent of generative artificial intelligence (AI).
“Generative AI has the capacity to be a force used for both good and bad,” says Puneet Kukreja, technology consulting partner and head of cyber at EY Ireland. “It has changed the nature of cyber risk. It is being utilised by both attackers and the cybersecurity professionals who are navigating the threat landscape.
“Attackers can now use AI to write code, create fake voices and produce convincing phishing messages in seconds – what once required technical skill now takes only a few prompts. AI has lowered the barrier to entry for criminals and increased the pressure on cybersecurity professionals to keep pace.”
It’s not just that AI is a new tool, it has opened up areas of attack that were previously ignored.
RM Block
“AI has also created new attack surfaces, as algorithms can be manipulated, data can be poisoned, and models can be exploited. Those defending against cyber threats are using AI to detect anomalies and automate responses,” says Kukreja.
“The future of defence will be a partnership between machine precision and human judgment. AI can see patterns faster than any analyst, but people must decide what those patterns mean. The challenge for leadership is to make AI both trusted and transparent so that in leveraging it for defence purposes, organisations do not lose accountability or control.”
With AI’s uses for both cybercriminals and cybersecurity professionals evolving all the time, there are gaps in defence that companies need to be mindful of.
“The biggest gaps are often around identity, access control and supply-chain dependencies, the latter increasingly as many organisations outsource more and more services to third parties,” says Brian Honan, chief executive of BH Consulting.
“Criminals realise this and know that targeting the supply chain can lead to breaching the security of the ultimate target organisation or indeed multiple organisations. As organisations connect more systems and share data across partners, a single weak link can compromise the whole chain.”
There’s an element of going back to basics, in Honan’s view, as businesses need to be aware of the most likely ways for incidents to occur.
“Many incidents still trace back to poor configuration, unpatched systems or inadequate vendor-risk management. The technology may be becoming more and more advanced, but the basics remain critical.”
Fortunately, while the volume and variety of threats increase, so too do the means to mitigate for them.
“Security by design should be one of the key priorities prior to digital transformation to ensure an organisation’s security controls are sufficient to protect against future threats,” says Len McAuliffe, partner in the cybersecurity practice at PwC Ireland.
“Due to the importance of cybersecurity to an organisation, we are continuously seeing frameworks and enhanced regulations being put in place to ensure organisations are held accountable for the implementation and maintenance of sufficient cybersecurity. Regulations like Dora and NIS2 have given roadmaps of sorts to businesses in order to adapt. More importantly, the regulatory environment has made it so companies realise that security is tied to growth.”
“The most forward-thinking organisations are realising that security and innovation are no longer competing priorities; they are complementary and must evolve together,” says Mark Hopkins, general manager at Dell Technologies Ireland.
“Innovation and security must now move in lockstep. Businesses can’t afford to choose between the two. The most effective strategies that we are seeing are those that embed cybersecurity into the fabric of digital transformation, rather than treat it as an afterthought.”
In order for all of this to work, it is imperative that businesses learn to balance the usefulness of AI with the ingenuity of their people.
“The future of cybersecurity lies in a hybrid model where automation and AI handle scale and speed, while human expertise provides judgment and strategic oversight,” says David Keddy, national security officer at Microsoft Ireland.
“Human analysts remain essential for interpreting complex scenarios, ethical decision making and adapting strategies to evolving threats. In Ireland, where talent shortages mirror global trends, augmenting human teams with AI-driven tools will be critical to maintaining resilience without burning out scarce expertise.”
