With cybersecurity threats on the rise, it’s harder than ever for organizations to adequately protect themselves, especially since any device connected to the internet poses a security risk. The internet attack surface area continues to expand, cyberattacks have become constant and every organization is a target. Zero-day vulnerabilities have now become zero-day crises. The proliferation of artificial intelligence (AI) has changed the threat landscape. Hackers are using AI to build and automate scripts to launch persistent cyberattacks, far more effective than human attacks.
IT managers and CSOs need to rethink their approach to cybersecurity and protect their organizations from this new breed of AI-powered attacks. Longstanding methods, tactics and thinking must be updated and changed to deal with the new threats made possible by AI technology. Pre-existing assumptions about cybersecurity are becoming outdated in the age of AI, so new defensive techniques are needed.
Just as AI makes business processes more efficient, it’s also making cybercriminals more effective and dangerous. AI is the perfect tool to attack enterprise systems. Digital criminals no longer need a roomful of hackers because AI can build programs that improve their existing capabilities. The danger escalates as AI continuously learns and adapts, becoming smarter and more efficient with each attempt.
Cybercriminals also have almost unlimited cloud computing resources to help them identify potential victims. Most cybercriminals leverage public and private cloud infrastructure providers to use their computing power and help them identify potential victims.
AI is the ideal tool to find potential weaknesses in corporate enterprise networks. Using generative AI, any low-level hacker can create powerful tools that relentlessly probe systems for exploitable vulnerabilities, and these tools keep improving and adapting from their failures until they eventually succeed. AI is also used to match those weaknesses with a target list of potential victims.
Hackers have many strategies, but three forms of attack are most common:
Ransomware: Ransomware has been a problem for years and is one of the most costly and dangerous forms of cyberattack. Once a hacker introduces ransomware into a system, the malware locks up the company’s computer resources and data, holding them hostage until a ransom is paid, typically in Bitcoin. Ransomware is expected to cost victims $265 billion annually by 2031, attacking a business or device every two seconds.
Data breaches: Theft of sensitive data is also rising, with criminals threatening to release or sell company’s data. For many public companies, the theft of sensitive information, such as customer or patient records, is a real concern. Companies in regulated industries must report any data breach, which exposes the organization further beyond having their data exposed. When a company in an unregulated industry has a data breach, it must assess the tradeoff of paying the criminals to erase the data versus having it released and sold on the dark web.
Social engineering: An increasing number of companies are falling victim to phishing attacks and deepfakes. Using AI, criminals can generate realistic-looking emails from banks, insurance companies, executives, and others. Deepfakes are also increasingly used for spoofing, tricking senior managers into transferring large sums of money. For example, in one recent case, cybercriminals tricked a financial worker in Hong Kong into transferring $25 million through a video call with an AI impersonating the company’s UK-based CFO.
Security professionals are working to combat AI-powered attacks, however, it is still an uphill battle, since AI attacks are persistent and machine learning will continually make these attacks smarter.
To defend against AI-driven cyberattacks, IT security teams need to revise their approach to security. The old rules no longer apply.
Traditional methods like firewalls once provided adequate protection, but now virtually any device connected to the network can be compromised, making much of the protection firewalls outdated. The trick is to take control before malware can do any harm.
An example of modern protection would be controlling endpoints within the network, either by blocking or limiting the execution of processes. Authorized processes must also be monitored and blocked when they exhibit malicious behavior. If malware can’t get a foothold, it can’t harm the systems.
Outbound network traffic from internal devices must also be controlled and restricted. Devices that don’t need to generate traffic outside the network should be blocked. Devices that need internet access should be restricted and limited beyond what has been considered the norm.
Zero-day vulnerabilities should be virtually patched by controlling network endpoints and eliminating specific traffic effectively locking them down while still providing services. It doesn’t matter whether the network resides in a data center or the cloud since the approach is the same for all devices.
Rethinking the strategy for defending against cyberthreats will help stop AI-powered attacks as well as other forms of malware. The majority of cyberattacks depend on having outbound Internet access to control endpoints. Restricting outbound traffic has been proven to reduce cyberattacks. Any network that restricts outbound data traffic will significantly decrease its security risks.
Another challenge is that most users need some form of remote access. Remote workers rely on VPN access to reach enterprise resources, and it’s common for IT managers to set up a VPN to handle remote network administration. The problem is that any type of remote network access has the potential for a serious network breach.
The best defense is to be proactive. Rather than relying solely on firewalls, apply a zero-trust approach and assume all data traffic is suspicious. Safelist every vendor and every application. It may take a few weeks to establish a list of approved IP addresses, but once you create a safelist you will have less work maintaining network security. Diligently manage endpoints to prevent malicious code execution, while consistently educating employees about the dangers of phishing scams, deepfakes, and other social engineering threats.
Understand that cybercriminals have found new ways to attack your systems using AI. You must assume that your systems will be breached so in addition to heading off attacks by filtering data traffic and managing firewall ports, be prepared to prevent malware execution and stop attacks as they occur. Managing endpoints, maintaining safelists and ensuring intruders can’t call home to open a foothold into your network is one of the best ways to protect your systems and data.