Daniel Cabrera: "AI defines the digital arms race that we are in"
Generative artificial intelligence radically transforms today's cybersecurity landscape, driving a surge of new incidents. Daniel Cabrera Armenteros, Professor at Inesem Business School and CIO of EducaEdtech SLU, states
"We are in a digital arms race where AI is the main battleground. Organisations failing to adapt quickly to this reality become vulnerable to adversaries already exploiting these technologies.”
Why is cybersecurity a high-demand sector?
Hyper-connectivity is driving unprecedented demand Every connected device represents a potential attack surface, including smart garden sprinklers, automated pet feeding systems, autonomous vehicles, industrial air conditioning and IoT infrastructure. Virtually any device can connect to the internet, creating new gateways for cybercriminals. The talent gap arises because technological progress outpaces traditional training programmes. Fortunately, the education industry is responding with specialised degrees and courses designed to fill this gap.
This endemic shortage is primarily because the speed of technological progress exceeds the capacity of traditional training programmes to prepare sufficiently skilled professionals. Fortunately, the education industry is responding specialised cybersecurity degrees are now available in Spain, and new courses designed specifically to fill this gap are gaining ground daily.
What mechanisms detect and analyse cybersecurity threats?
The most effective security strategy starts with Security by Design. This approach significantly reduces personnel and equipment costs, as integrating security from the outset proves far more economical than retroactive additions.
Where this is impossible, a multi-layered security architecture must include these critical components: Strong Authentication and Secure Access: Teleworking expands corporate network boundaries, creating new attack vectors that require specific protection. Advanced Detection Systems: Technological evolution drives the shift from traditional anti-virus to sophisticated solutions like EDR, XDR, and SIEM.
Artificial Intelligence and Machine Learning: AI serves as a fundamental defence and attack tool. Models learn from data volumes to detect subtle patterns and atypical behaviours indicating threats. This technology’s ability for constant self-updates significantly improves effectiveness against unknown malware.
Behavioural Analysis and Event Correlation: Monitoring usage patterns detects anomalous deviations related to malicious activity. Threat Intelligence and Continuous Monitoring: Maintaining currency with vulnerabilities and warnings from organisations like MITRE or INCIBE is crucial.
How important are computer audits in preventing cybercrime?
Cybersecurity audits are undeniably one of the most effective tools for the early detection of vulnerabilities and the continuous improvement of an organisation's security posture. Regarding the proactive identification of vulnerabilities, audits reveal established workflows within companies that conceal serious vulnerabilities and hinder incident response. For example, they may expose issues with backup management (3-2-1 rule) or the improper use of security analysis tools during software development.
Concerning the assessment of technological status, they facilitate a comprehensive review of the current state of software versions, services, and domain configurations, as well as the identification of obsolete or inefficient configurations. This is particularly critical given that many securities breaches stem from outdated or misconfigured systems.
Regarding compliance, audits help ensure adherence to regulations such as ISO 27001, GDPR, PCI DSS or HIPAA. Failure to comply with these regulations can result not only in significant penalties but also in irreparable damage to corporate reputation.
Regarding continuous improvement and security culture, it is essential to change the perception of audits as "merely another administrative burden" and view them as opportunities for improvement. A well-executed audit not only identifies problems but also provides a clear roadmap for strengthening defences.
Audits are particularly valuable because prevention is always less costly in terms of reputation and legalities than dealing with the consequences of a data breach or ransomware incident.
What factors must any company consider ensuring the security of its information?
Firstly, staff training and awareness. This is undeniably the most critical aspect. Employees represent both the weakest link and the first line of defence against cyber threats. Statistics indicate that the human factor is involved in most security incidents. Secondly, leadership commitment. It is critical that middle and senior management recognise the need for investment in cybersecurity. Without the support and commitment of senior management, any security initiative is destined to fail. Cybersecurity should be viewed as a strategic investment, not an operational cost.
Thirdly, adapting to new threats. We must prepare for emerging threats driven by artificial intelligence, including deepfakes and phishing. AI enables the creation of extremely convincing video, audio and synthetic images. Attackers can visually impersonate executives, employees or customers to carry out sophisticated fraud. Furthermore, regarding evolving ransomware attacks: cybercriminals are using AI to automate and personalise their attacks. Additionally, supply chain attacks are becoming increasingly sophisticated and targeted.
Fourthly, security in remote working environments. Remote working has created new security challenges that require special attention: insecure home networks that lack traditional business protections; personal devices that may not have adequate security updates or software; access from unsupervised locations such as public Wi-Fi and co-working spaces; and increased exposure to phishing attacks, where remote workers are frequent targets.
The fifth challenge is the shortage of qualified professionals. "Insider threats" and the exfiltration of industrial and intellectual property represent one of the biggest risks. They can be mitigated by implementing the following actions: access controls based on principles of least privilege; monitoring of privileged user activities; data loss prevention (DLP) systems; and secure offboarding processes.
How is artificial intelligence affecting cybersecurity?
Generative AI and the exponential advancement of automated code generation tools are radically transforming the current cybersecurity landscape, introducing an influx of new scenarios and incidents. We now confront a reality in which cybercriminals utilise AI tools to automatically generate malicious code; create large-scale, personalised phishing campaigns; automate vulnerability discovery; and develop malware that evolves and adapts in real time.
Furthermore, traditional security models reliant on signatures and static rules are insufficient to counter these adaptive threats. We must develop highly dynamic models that incorporate real-time behavioural analysis; machine learning for anomaly detection; automated response systems; and defensive AI capable of competing with offensive AI.
We are engaged in a digital arms race where artificial intelligence is the primary battleground. Organisations that fail to adapt swiftly to this new reality will remain vulnerable to adversaries who are already exploiting these technologies.