ÀÌ º¸°í¼´Â »çÀ̹ö º¸¾È¿¡¼ ¾ÇÀÇÀûÀÎ ÇàÀ§ÀÚÀÇ ÀÚ¿øÀ¸·Î¼ AIÀÇ ÀáÀçÀû °¡´É¼º°ú ÇöÀç È°¿ëµµ¸¦ »ìÆ캸°í, AI ±â¹Ý °ø°ÝÀÌ ÃÊ·¡ÇÏ´Â ÁÖ¿ä À§Çè À¯ÇüÀ» ½Äº°ÇÏ°í ÀÌ¿¡ ´ëÇÑ ±â¾÷ÀÇ ´ëÀÀ ¹æ¾ÈÀ» ¼³¸íÇÕ´Ï´Ù. À§Çù ÇàÀ§ÀÚÀÇ °üÁ¡¿¡¼ º¼ ¶§, GenAI´Â ¸î °¡Áö »õ·Î¿î ¹®°ú °¡´É¼ºÀ» ¿¾îÁÝ´Ï´Ù. ±×·¯³ª GenAI µµ±¸¿Í ¼ºñ½º°¡ °ø°ÝÀ» °¡¼ÓÈÇϰųª ŽÁö ¹× Â÷´ÜÀ» ¾î·Æ°Ô ¸¸µå´Â ¹üÀ§´Â Àü¹ÝÀûÀ¸·Î Á¦ÇÑÀûÀÔ´Ï´Ù. Çǽ̰ú »ç±â ¿µ¿ªÀ» Á¦¿ÜÇÏ°í, GenAI°¡ ´ë±Ô¸ðÀÇ È®½Å¿¡ Âù ¾Ç¼º ÄÁÅÙÃ÷ Á¦ÀÛÀ» °¡´ÉÇÏ°ÔÇÔÀ¸·Î½á ½É°¢ÇÑ »õ·Î¿î À§ÇèÀ» ÃÊ·¡ÇÒ ¼ö ÀÖÁö¸¸, GenAI°¡ »çÀ̹ö °ø°ÝÀÇ ºóµµ, °µµ, È¿°ú¸¦ Å©°Ô Áõ°¡½ÃÅ°Áö´Â ¾ÊÀ» °ÍÀ¸·Î º¸ÀÔ´Ï´Ù. ±×·³¿¡µµ ºÒ±¸ÇÏ°í ±â¾÷Àº ¸ðµç À¯ÇüÀÇ °ø°Ý¿¡ ´ëÇÑ À§ÇèÀ» ÃÖ¼ÒÈÇÏ´Â ½ÉÃþ ¹æ¾î Àü·«¿¡ °è¼Ó ÅõÀÚÇØ¾ß ÇÕ´Ï´Ù. °æ¿ì¿¡ µû¶ó¼´Â ƯÈ÷ Çǽ̰ú »ç±âÀÇ °æ¿ì ´õ ¸¹Àº ¾çÀÇ °ø°Ý¿¡ ´ëÀÀÇÒ ¼ö ÀÖµµ·Ï ¹æ¾î¸¦ °ÈÇØ¾ß ÇÒ ¼öµµ ÀÖ½À´Ï´Ù. ¶ÇÇÑ ÇÇ½Ì ¹× »ç±â ºÐ¾ß¿¡¼´Â »õ·Î¿î À¯ÇüÀÇ ¹æ¾î°¡ ÇÊ¿äÇÒ ¼öµµ ÀÖ½À´Ï´Ù. ÇÏÁö¸¸ ÀϹÝÀûÀ¸·Î À§Çù ÁÖü°¡ GenAI¸¦ È°¿ëÇÒ ¼ö ÀÖ°Ô µÇ¾ú´Ù°í Çؼ ±â¾÷ º¸¾ÈÀÇ ±âº»ÀÌ ¹Ù²î´Â °ÍÀº ¾Æ´Õ´Ï´Ù. "GenAI°¡ ±â¾÷ À§Çù ȯ°æ¿¡ ¹ÌÄ¡´Â Àü¹ÝÀûÀÎ ¿µÇâÀº Á¦ÇÑÀûÀÏ °ÍÀÌÁö¸¸, »çÀ̹ö º¸¾È ¸®´õµéÀÌ GenAI ½Ã´ë¿¡ µîÀåÇÑ »õ·Î¿î À¯ÇüÀÇ À§ÇèÀ» ¿ÏÈÇϱâ À§ÇØ ÃëÇØ¾ß ÇÒ Á¶Ä¡°¡ ÀÖ½À´Ï´Ù."¶ó°í Å©¸®½º ÅäÄ¡(Chris Tozzi) IDC IEP(IT Executive Programs) ºñ»ó±Ù ¸®¼Ä¡ ¾îµå¹ÙÀÌÀú´Â ¸»Çß½À´Ï´Ù.
This IDC Perspective explores the potential and present use of AI as a resource for bad actors in cybersecurity, identifies the main types of risks raised by AI-powered attacks, and explains what enterprises should do in response. From the perspective of threat actors, generative AI (GenAI) opens some new doors and possibilities. But the extent to which GenAI tools and services can speed up attacks or make them harder to detect and block is, overall, limited. Apart from the realm of phishing and fraud, where GenAI does pose serious new risks by making it possible to create convincing types of malicious content at a large scale, GenAI will not likely lead to a major increase in the frequency, intensity, or effectiveness of cyberattacks.Nonetheless, enterprises should continue to invest in defense-in-depth strategies that minimize their risk of falling victim to attacks of all types. In some cases, they may also need to enhance their protections so that they can deal with higher volumes of attacks, particularly in the case of phishing and fraud. Certain new types of defenses may also be necessary, again in the realm of phishing and fraud. But in general, the ability of threat actors to leverage GenAI does not change the fundamentals of enterprise security."Although GenAI's overall impact on the enterprise threat landscape is likely to be limited, there are steps cybersecurity leaders should take to mitigate the new types of risks that have emerged in the age of GenAI," says Chris Tozzi, adjunct research advisor for IDC's IT Executive Programs (IEP).