Select Page

GenAI for security awareness: Can GenAI’s predictive analytics transform tired training?

CYBSAFE-SebDB Webinar-preblog-221011MS-36

4 March 2024

Content creation is just one piece of the puzzle. If you’re using GenAI for security awareness content, you need the adaptive advantage…

Everyone’s talking about GPT (and not much else)

It’s no secret. We’re at the start of a Generative AI (GenAI) revolution. GenAI is—without a doubt—rewriting the security awareness script with a flourish. 

We’re here for it.

Why? For one, many security awareness programs are outdated, ineffective, or both. More and more security teams are recognizing traditional security awareness does little to change behaviors and reduce risk (i.e. the very things the SEC and other regulators are asking of organizations).

The new SEC cybersecurity rules

Second, we can’t ignore the offense side: GenAI and other recent advancements are making it ever easier and quicker to attack. If defense stays still, we fall behind…and fall down.

GenAI’s creative prowess is well known. If you think GenAI’s all about turning your 20-year-old phishing module into a rock ballad, you’d be forgiven.

Because everyone’s transfixed with the way GenAI can reboot famous artworks to feature cats, or create a pizzeria commercial that’s equal parts hilarious and unsettling.

That’s understandable given the hype. 

But it’s also unhelpful. Because it’s all too easy to overlook an OG talent of AI: Data-crunching. 

Data analytics and GenAI have huge potential in the human aspect of managing risk—including security awareness and human risk management.

But truly reducing cyber risk is about so much more than traditional security awareness. (Yawn.)

You need to harness human risk data. It’s not as scary as it sounds. Let’s start with something that’s everywhere—probably on your wrist, in fact.

Time to evolve (and evolve, and evolve again)

The smartwatch is the perfect example of how data analytics can drive better outcomes on an individual level.

True to its name, the smartwatch is already smart the first time you put it on. 

But then it gets smarter. It gathers and crunches data over time, and then it gets even better at its purpose—which is to keep you more healthy, more informed, more connected.

By learning from your behavior over time, the smartwatch can deliver more interventions that can change or influence behavior. 

And it can measure the changes, and demonstrate that it’s got more effective.

Not just a pretty (watch)face.

Sticking with the health theme, AI can crunch medical data to predict people’s individual health risks. This leads to earlier interventions, or straight-up disease prevention. For instance, GenAI data analysis can tell us when someone’s at high risk of conditions like diabetes and heart disease.

Continuous improvement and more influential interventions—what’s not to like? 

But what does this look like when it comes to GenAI for security awareness? 

GenAI report - whitepaper cybsafe

Grabbing GenAI by the crystal balls

GenAI is a prediction pro if it’s got plenty of data. Let’s look at the two main ways security teams can harness that.

Predictive behavior

Every tap, swipe, or click reveals something about our behavioral preferences.

And behavioral preferences play a big part in future behavior.

One of AI’s fortes is analyzing massive datasets to spot trends, patterns, and potential vulnerabilities. 

This means organizations can forecast human behavioral patterns…including potentially risky ones. They  can then focus on the right measures to help at-risk people make more secure choices and actions. 

Crisis = averted. Behavior change = leveled up. Security team = somewhat smug.

In fact, CybSafe has been researching and beta-testing GenAI’s skills when it comes to filling in organizational data gaps. It’s fascinating, and exciting, to say the least. We’ll be sharing more as we progress.

Predictive risk

With a varied and busy threat landscape it’s hard to know where to focus security budgets and resources. GenAI can supercharge the predictive risk process to bolster your security RoI.

The process starts with data collection. The model needs to gather information: people’s activity, network traffic, vulnerabilities, past security incidents—it’s all in the mix.

GenAI fires up advanced algorithms to analyze the data. It looks for patterns and connections between different factors.

Based on those patterns, the system gets to work on predicting a future attack’s likelihood and potential impact. This involves factoring in things like the type of attack, systems targeted, and potential vulnerabilities.

The analysis means teams can mitigate the predicted risk. This could involve strengthening security measures, patching vulnerabilities, and producing incident response plans.

Exciting news: CybSafe is harnessing GenAI to forecast challenges, like organizational unpreparedness. We’re expecting to launch this feature into beta soon.

A word about ethics

There are ethical considerations here. Bias, privacy violations, and prejudice—all have the potential to pop up and cause problems.

CybSafe has always been led by sound ethics and responsible action. Our work is always informed by behavioral science, such as nudge theory and COM-B. It’s all backed up by SebDB, the world’s most comprehensive cyber security behavior database that maps security behaviors to risk outcomes.

Another key point: GenAI cannot replace human judgment. As much as its output mimics human-made output, human oversight will likely always be crucial.

The bottom line: Make sure you—and any security and human risk partners—back up any data handling or interventions with ethics and human oversight.

Almost time to wrap this up. (Our smartwatches said so.)

Effective security interventions are all about pinning down the variables: The right thing, in the right place, at the right time. GenAI data-wrangling skills allow us to fill in those blanks and move forward with confidence.

Yes, navigating ethics is a must. But when done right, GenAI can be a powerful influence on individual security behaviors. That means—click by click, swipe by swipe—your security posture goes from strength to strength.

Just like a GenAI model’s constant self-optimization, security practitioners’ GenAI learning journey will never be done. With that in mind, explore these resources to expand your understanding:

1. Watch this webinar: What (Gen)AI means for security awareness in 2024, with Oz Alashe (CybSafe CEO and Founder), and Jinan Budge (VP, Forrester). Look out for: Deeper insights on how AI turns behavioral indicators into incident forecasts.

GenAI report - whitepaper cybsafe

2. Download our GenAI whitepaper. (Look out for: GenAI’s cross-platform potential.)

GenAI report - whitepaper cybsafe

3. Check out our blogs on GenAI and security awareness content and GenAI and knowledge articulation.

The best positioned organizations in the future will be those that anticipate threats and prioritize where their resources go. Through predicting behavior and risks, GenAI can play an essential part in developing these capabilities. 

So stay informed (heads up, we’ve got lots more to say). But above all, stay curious. We’re all on this adventure together.

    Behave Hub newsletter CybSafe

    Do one more thing right today. Subscribe to the Behave newsletter

    You may also like

    Maximizing security awareness engagement: How the pros do it

    Maximizing security awareness engagement: How the pros do it

    Ditch mandatory training, starting riiiight…now!Want to boost security awareness? Talk about something else entirelyGet serious about funThe top mic-drop insights from our Cybersecurity Awareness Month engagement webinar We know people whose organizations make a big deal of CAM are much more...