Cybersecurity part2
Cybersecurity part1
February 8, 2023
BYOD (Bring Your Own Device) Policy Considerations
February 24, 2023
Cyberattacks that use AI are currently rare and limited to social engineering applications, (such as impersonating an individual) or used in ways that aren’t directly observable by researchers and analysts. However, the quantity and quality of advances in AI have made more advanced cyberattacks likely in the foreseeable future.
This blog is part 2 of 2 and concludes our posting on the vitally important topic of cybersecurity.
AI-Enabled Cyberattacks
Target identification, social engineering, and impersonation are today’s most imminent AI-enabled threats and are expected to evolve further within the next two years in both number and sophistication. Furthermore, within the next five years, attackers are likely to develop AI capable of autonomously finding vulnerabilities, planning and executing attack campaigns, using stealth to evade defenses, and collecting/mining information from compromised systems or open-source intelligence.
“Although AI-generated content has been used for social engineering purposes, AI techniques designed to direct campaigns, perform attack steps, or control malware logic have still not been observed in the wild. Those techniques will be first developed by well-resourced, highly-skilled adversaries, such as nation-state groups,” said WithSecure Intelligence Researcher Andy Patel. “After new AI techniques are developed by sophisticated adversaries, some will likely trickle down to less-skilled adversaries and become more prevalent in the threat landscape.”
While current defenses can address some of the challenges posed by attackers’ use of AI, the report notes that others require defenders to adapt and evolve. New techniques are needed to counter AI-based phishing that utilizes synthesized content, spoofing biometric authentication systems, and other capabilities on the horizon.
“Security isn’t seeing the same level of investment or advancements as many other AI applications, which could eventually lead to attackers gaining an upper hand,” said WithSecure Senior Data Scientist Samuel Marchal. “You have to remember that while legitimate organizations, developers, and researchers follow privacy regulations and local laws, attackers don’t. If policy makers expect the development of safe, reliable, and ethical AI-based technologies, they’ll need to consider how to secure that vision in relation to AI-enabled threats.”
The topic of AI-enabled cyberattacks surfaced around five years ago with examples of generative AI models able to automate both spear-phishing attacks and vulnerability discovery. Since then, social engineering and impersonation attacks supported by AI have occurred, causing millions of dollars in financial losses. Current rapid progress in AI research, coupled with the numerous new applications it enables, leads us to believe that AI techniques will soon be used to support more steps typically used during cyberattacks. This is the reason why the idea of AI-enabled cyberattacks has recently gained increased attention from both academia and industry, and why we are starting to see more research devoted to the study of how AI might be used to enhance cyberattacks.
AI technology is currently able to enhance only a few attacker tactics, and is likely only used by advanced threat actors such as nation-state attackers. In the near future, fast-paced AI advances will enhance and create a larger range of attack techniques through automation, stealth, social engineering or information gathering. Therefore, AI-enabled attacks are likely to become more widespread among less skilled attackers in the next five years. As conventional cyberattacks become obsolete, AI technologies, skills and tools will become more available and affordable, incentivizing attackers to make use of AI-enabled cyberattacks.
The cybersecurity industry will have to adapt to cope with the emergence of AI-enabled cyberattacks. For instance, biometric authentication methods may become obsolete because of advanced impersonation techniques enabled by AI. New prevention and detection mechanisms will also need to be developed to counter AI-enabled cyberattacks. More automation and AI technology will need to be used in defense solutions to match the speed, scale, and sophistication of AI-enabled attacks. This may lead to an asymmetrical fight between attackers having unrestricted use of AI technologies and defenders being constrained by the upcoming regulation on AI applications.
Looking ahead in 2023, it will be interesting to see if predictions are fulfilled regarding last year’s release of CHATGPT by OpenAI and its potential to unintentionally accelerate the future impact of AI-enabled cyberattacks.
General Cyber Tips & Best Practice Recommendations
Adopting a more proactive approach to cyber security can seem daunting at first. However, following a pragmatic and structured roadmap with clearly defined steps can not only enhance security but also deliver peace of mind. Taking a longer-term perspective also reduces the financial and reputational risks of responding to cyberattacks without effective prior planning. Key recommendations to enhance cyber resilience include:
- Leverage Managed Detection and Response – Organizations can significantly strengthen their cyber security posture by deploying managed detection and response (MDR) service, which combines technology and specialist expertise to monitor for and respond to threats on a 7x24x365 basis. MDR gives organizations the capacity to detect and contain them before they have a greater impact.
- Implement Incident Response Planning – A critical aspect of boosting cyber resilience is to establish a clear, measurable incident response playbook that sets out clear and specific steps to follow in the event of an attack. Incident response planning provides businesses with a roadmap for effective and timely action, as well as reduces the risks created by damaging delays or missteps in the response process.
- Undertake Tabletop Exercises – As part of incident response planning, organizations benefit from gaining a detailed understanding of their security vulnerabilities and potential adversaries. This can be achieved through incident response tabletop exercise scenarios customized to test the organization’s response plan and its stakeholders and help improve and evolve a security program. Tabletop exercises provide valuable insights into a company’s level of preparedness, the steps it will need to take in the event of a real-world attack, and any remediation of the plan stemming from the tabletop exercise.
- Commission Assessments and Penetration Testing – Regular penetration testing and assessments allow businesses to identify and address undiscovered or under-prioritized vulnerabilities in their security, and mitigate them before they can be maliciously exploited. Companies should carefully consider which type of testing or assessments will be most appropriate for their requirements and ensure that the proposed process will conclude with strategic recommendations and remediation advice.
- Embed Key Controls - Organizations should aim to move beyond security silos to embed cyber security centrally within their business practices and processes. This is achievable when undertaken in small incremental steps via a number of key controls. From enabling multifactor authentication (MFA) to managing the risks of virtual private networks (VPNs), companies can benefit significantly by employing the gamut of measures to strengthen their security and reduce the likelihood of cyberattacks.
- Cyber Awareness Training : Frequent cybersecurity awareness training is crucial to protecting the organization against ransomware. This training should instruct employees to do the following:
- Not click on malicious links
- Never open unexpected or untrusted attachments
- Avoid revealing personal or sensitive data to phishers
- Verify software legitimacy before downloading it
- Never plug an unknown USB into their computer
- Use a VPN when connecting via untrusted or public Wi-Fi
It is critical now more than ever for businesses to invest in securing their organizations against cyber related threats as incidents continue to grow worldwide and savvy cyber criminals begin to exploit new methods of infiltration. It is encouraging to learn that many more companies have begun to prioritize the importance of establishing a formidable cyber security strategy that includes the adoption of a pragmatic, proactive approach that delivers the required cybersecurity and cyber resiliency.
Sources:
- Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks
https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/ - New Report from Proofpoint and Cybersecurity at MIT Sloan Reveals Almost Half of Board Members Globally Feel Unprepared for a Cyber Attack, Despite Viewing Cybersecurity as a High Priority
https://www.proofpoint.com/us/newsroom/press-releases/new-report-proofpoint-and-cybersecurity-mit-sloan-reveals-almost-half-board - The Dark Side of the Force? A New Report on AI-Enabled Cyberattacks
https://complexdiscovery.com/the-dark-side-of-the-force-a-new-report-on-ai-enabled-cyberattacks/ - Kroll, State of Incident Response: Asia Pacific, October 2022
https://www.kroll.com/en/insights/publications/cyber/apac-state-incident-response
サイバー犯罪の新たな侵入方法が開発され始めています。企業はサイバー関連の脅威から組織を守るために投資をすることが必要です。それには実用的、プロアクティブかつ強力なサイバーセキュリティ戦略の確立が重要となります。
