According to Check Point Research, the average weekly cyberattacks per organization increased by 38% in 2022 compared to the previous year. Plus, even more attacks are predicted in the future, with the maturity of AI technology said to play a major role. What should organizations make of this reality?
‘Reality’ because we are already dipping our toes into what a future fraught with AI-driven cyber attacks will be like. And the major lesson cybersecurity has taught us in the past couple of decades is the importance of being proactive. How can you proactively respond to the pernicious promise of AI cyberattacks?
How AI-Enabled Attacks are Launched
One of the key trends shaping the cyber threat environment is the adoption of AI to launch attacks, a method that rapidly developed in 2022 and portends greater danger in 2023 and beyond.
Like every other general-purpose tool, AI can be utilized by well-intentioned people and malicious actors alike. And that’s besides considering all the ways in which AI on its own can be harmful, particularly in the areas of hallucinations and ethical concerns. That said, the following are examples of how threat actors can incorporate AI into their strategy, to create, enhance, automate, and scale attacks:
- Since generative AI chatbots such as ChatGPT, Google Bard, and Bing Chat launched a few months ago, they have fooled several people with their incredible ability to generate human-like text in a way never seen before. Imagine what an opportunity threat actors are handed by using these tools to automate phishing attacks at scale. Indeed, AI-generated phishing emails have higher open rates compared to manually crafted ones.
Source: MIT Technology Review
- Machine learning models are trained to be adaptive and self-improve. An AI-powered malware would be able to learn the target’s environment and, via contextualization, automatically adapt to changes in the system, giving it more time to implement deadlier damage, faster. It is no surprise, then, that the combination of machine learning and malware is described as a match made in hell.
- Conventional attackers typically need to maintain communication (often remotely) with the target system after launching an attack. However, AI-enabled attacks are designed to run autonomously, thereby making themselves more difficult to detect. The sophisticated stealth capabilities of AI are a major reason organizations must take such attacks more seriously.
- Embedded AI attacks can remain within the system for up to 5 years, especially in the case of malware used for large-scale information gathering. Unlike traditional attacks, AI mechanisms can be used to collect huge amounts of information in a very short time. This is, in fact, the idea behind advanced persistent threats (APT) and why they are so intractable to resolve.
- Other major issues with AI-advanced threats that may not be fully explored here include deepfakes, password cracking, supply chain attacks, payment gateway fraud, Distributed Denial of Service (DDoS) attacks, IP theft, and a lot more.
How Businesses are Responding (or Should Respond)
According to a survey of IT leaders, their organizations were planning to drive up their investment in AI-driven cybersecurity within the next two years, with almost half determining to have implemented changes by the end of 2023.
Source: Statista
If this is so, what areas should IT and business leaders focus on as they try to mitigate AI-advanced threats by opening up their purses to benefit from more sophisticated AI-powered defenses?
First of all, AI-powered attacks can’t be mitigated simply by throwing money at the problem. To start with, there’s an asymmetry in how attackers and defenders can utilize AI tools. The latter is often bound by emerging regulations heavily restricting how much they can manipulate AI models for their purposes in light of issues such as bias, ethics, and the like. On the other hand, attackers seem to have a freer rein to wreak havoc and they will stop at nothing to do so.
Therefore, businesses that want to get ahead of the future of AI-enabled attacks need to prioritize developing the technical capability and sophistication to erect defenses against such attacks without crossing any regulatory lines. And, although it is understandable that companies are banning or restricting their employees’ use of LLM-based chatbots, it is not a sustainable strategy in the long run.
Provide Continuous Security Awareness Training
Often, there is a deadly information gap between the IT security team and the rest of the employees. Understandably, one side should be more concerned about the intricacies of the technical details, but as much as possible, employees should be made aware of emerging threats, especially the signs to look out for in order to prevent an attack. Your remote employees should already be familiar with anti-virus software and web browser VPN extensions, but they should also be adept at recognizing phishing messages, even when generated using tools like ChatGPT.
Expand Your Security Operations Center
SoCs need to be expanded to properly cater to the new needs imposed upon organizational systems through the threat of AI-advanced attacks. In fact, AI is the best defense against AI, when it comes to cybersecurity. Beef up your SoC with AI and ML tools that can observe, detect, identify, and respond to threats at scale. Then human responders can focus on configuring systems, enforcing policies, and implementing solutions that enhance security.
Adopt a Multi-layered Security Approach
Even before the advent of AI cyberattacks, it was no longer sufficient to only have a single layer of security. Cybersecurity is ongoing and as long as you are doing business, you are bound to experience cyberattacks; it’s only a matter of when and how. Therefore, with only a single layer, your organization is at greater risk. When you combine this risk with the possibility of stealthier and deadlier AI attacks, the vulnerability status is through the roof. Adding more layers to your security framework is the way to go.
Enable Real-time Behavioral Analytics
Monitoring user behavior continuously right from all endpoint users and devices helps to mitigate several cyber attacks. Since many organizations now have a dispersed workforce, attackers do not need to gain access to the central location of data to wreak havoc. They simply need to exploit one vulnerable endpoint. That’s why there is a need for enhanced analytics based on telemetry data captured in real-time from diverse systems.
Final Thoughts
AI-advanced cyberattacks are not a reality far into the future. We have started experiencing them and there is still a lot more harm that malicious actors can commit, at a scale and speed they had never had access to before now. A proactive approach to cybersecurity will help you remain on top of any negative development before your business suffers loss.
The post How to Prepare for a Future of Al-Advanced Cyberattacks appeared first on Datafloq.
