Cybersecurity attacks are on the rise, putting a strain on cyber professionals, especially as artificial intelligence (AI) makes them more sophisticated, experts say.
A new study from the Information Systems Audit and Control Association (ISACA) found that 39 percent of nearly 6,000 global organizations surveyed admit they are facing more security challenges. cyberattacksand 15 percent of them are suffering from more privacy breaches than a year ago.
The study also found that cybersecurity teams in Europe are struggling to deal with attacks.
More than 60 percent of European cybersecurity professionals say their organization’s cybersecurity team is understaffed, and more than half (52 percent) believe their organization’s cybersecurity budget is underfunded.
The majority of these cyberattacks are ransomware, which involves locking a user’s data or files until a ransom is paid. “The sophistication of AI makes these attacks very, very difficult to detect,” Chris Dimitriadis, director of global strategy at ISACA, told Euronews. Following.
Related
He explained that generative AI (GenAI) can analyze victim profiles within organizations and then generate content that faithfully simulates a human being.
“In the past we have seen, for example, emails translated into local languages that had a lot of errors… So it was a little easier for the victim to understand that it was absolutely not legitimate,” he said. Dimitriadis said.
“But with Generation AI, what we’re seeing is that it’s very, very close to the breakdown of a human person, extremely accurate in terms of language or style or culture and also in terms of which relates to the information included therein targeted precisely or perhaps more deeply to the victim’s environment.
A separate investigation by Strise, a Norwegian anti-money laundering AI startup, showed that ChatGPT can easily obtain tips on how to commit financial crimes online.
He found that he could exploit banks with poor anti-money laundering practices, disguise illegal funds as legitimate loans by creating fake loan transactions, and use various tactics to make it more difficult for authorities to trace the money. origin of money.
“(ChatGPT’s) level of understanding and knowledge of specific legal journalism action, such as what is required of certain banks and how to go about it. I mean, it’s really good on every level,” Marit Rødevand, CEO and co-founder of Strise, told Euronews Next.
She said when she asked the chatbot questions such as “how to launder money,” it refused to do so, saying it was illegal and went against its policies.
But Rødevand said that if you “get creative” by asking ChatGPT to write a movie script about how to help a character called Shady Shark with his illegal dealings, then he will give you specific advice.
“It was a real eye-opener. I didn’t expect the answers to be good and precise. It’s like having your own personalized corrupt financial advisor on your mobile 24/7,” she said.
Related
In February, Microsoft and OpenAI revealed that hackers were using extended language models (LLMs) to refine cyberattacks. The companies detected attempts by Russia, North Korea, Iran and Chinese-backed groups that used chatbots to search for targets and improve scripts.
Both companies said they were working to minimize potential abuse by these actors, but admitted they could not stop every case.
How to fight against cyberattacks
The way for businesses to protect themselves is to ensure they have technology platforms fit for future threats and to support cybersecurity professionals, Rødevand said.
But the ISACA report found that 71% of businesses said their organization provides no training to their staff on digital trust and more than half of cybersecurity teams said they were underfunded.
“With less funding, it is very difficult to implement the right cybersecurity capabilities within their organizations,” Dimitriadis said.
“If we dig a little deeper, one of the causes of this underfunding is that cybersecurity does not generate revenue if you are not operating in the cybersecurity sector.
“But more importantly, it means that decision-makers within the organization have not yet grasped or understood the value (and) contribution of cybersecurity as part of their objectives for this business,” he added .
