The cybersecurity industry is undeniably experiencing exponential growth due to emerging technology. However, with the introduction of new tools, we are witnessing the emergence of new attack vectors and more streamlined approaches to established tactics. For instance, according to Acronis’ recent threat report, the number of email-based attacks in 2023 has skyrocketed by 464% compared to the first half of 2022.
While AI is not solely responsible for this surge, it’s worth noting that ChatGPT and similar models have made it easier for ransomware groups to craft convincing phishing emails, thereby making email-based attacks more prevalent and accessible.
In this follow-up to our previous article, “Cyber Resilience through Consolidation Part 1: The Easiest Computer to Hack,” we will explore the latest advancements in AI and emerging technology. We’ll also delve into strategies for safeguarding your organization against these new threats.
Artificial intelligence presents unprecedented risks. In 2023, AI is taking center stage with rapid technological innovations and widespread adoption. ChatGPT and similar models are making groundbreaking tools accessible to the average user, enabling them to mimic human speech, analyze vast amounts of human-generated text, and learn from sophisticated intelligence models.
Inevitably, cybercriminals will turn to ChatGPT and similar tools to aid their attacks. These large language models (LLMs) empower hackers to accelerate their attacks and effortlessly generate ever-evolving phishing emails in multiple languages.
AI isn’t limited to mimicking human speech; it’s also being used to automate cyberattacks. Attackers can employ AI to automate their operations, enhance the effectiveness of their malicious programs, monitor and alter malware signatures, and even create and send phishing emails and check stolen data for user credentials. This automation, combined with machine learning, allows attackers to scale their operations and target victims with highly customized payloads, making defense against such attacks more challenging.
Another intriguing attack method is when hackers attempt to reverse engineer AI models themselves, enabling them to identify weaknesses or biases in detection models and develop attacks that go unnoticed by these models. Essentially, AI is being used to attack AI.
Business email compromise remains a significant challenge. New email security controls can scan links to phishing sites, but they often fail to scrutinize QR codes. This has led to criminals using QR codes to obscure malicious links. Additionally, malicious emails are increasingly using legitimate cloud applications like Google Docs to send fake notifications, evading detection.
Traditional cybersecurity approaches, such as virtual private networks (VPNs), are no longer sufficient. Many companies are transitioning to zero trust access, which dynamically authorizes all access requests and monitors behavior patterns to detect anomalies and threats, ensuring verified user access without exposing vulnerabilities to attackers.
Most companies will inevitably face breaches, but the key difference lies in how swiftly they detect and respond to threats. Timely notification of a password breach is helpful, but real-time alerts and automated password changes would be even more effective.
Building a robust defense through simplicity and resiliency is crucial. Overly complex cybersecurity infrastructures increase the risk of system outages and human errors. Reducing the number of security vendors simplifies management, saves resources, and allows for efficient integration across silos.
Effective advances in behavior-based analysis, such as endpoint detection and response (EDR) and extended detection and response (XDR) tools, provide visibility into application behavior and network connections. However, AI and ML should automate the handling of alerts to prevent alert fatigue and prioritize critical alerts. Technologies like AIOps and observability can predict and counteract issues before they escalate.
AI and ML behavior-based solutions are vital, as signature-based detection alone cannot protect against the constant influx of new malware samples. These technologies can enhance cybersecurity by evaluating and detecting threats faster and more accurately than humans.
While AI and ML are invaluable tools, they should never replace human oversight. Fine-tuned systems can save time and resources, but humans should always play a role.
To achieve cyber resilience, organizations must consolidate and simplify their defenses, eliminate unnecessary complexity, promptly patch vulnerabilities, and maintain a comprehensive software and hardware inventory.
Lastly, organizations should adopt an offensive stance, testing their incident response plans, and educating users on how to recognize phishing attempts and maintain secure credentials. Cyber resilience hinges on preparedness, vigilance, and a proactive approach to cybersecurity. In a world of evolving threats, simplicity and knowledge are your best allies.