The increase in artificial intelligence (AI), large language models (LLM) and IoT solutions have created a new security landscape. Generative AI tools that can be learned to create malicious code Faced with the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly racing to catch up. According to Google Cloud Cybersecurity Forecast 2024 ReportCompanies should expect a surge in attacks powered by generative AI tools and LLMs as these technologies become more widely available.
The result is a hard truth for network protectors: keeping up is not possible. While attackers benefit from a scattershot approach that uses anything and everything to compromise corporate networks, businesses benefit from staying as close as possible to security. This creates an imbalance. Even as bad actors push the boundaries, defenders must stay the course.
But it’s not all bad news. With a back-to-basics approach, businesses can reduce risks, mitigate impacts, and develop better threat intelligence. Here’s how.
What’s new is old again
Attack vectors are evolving. For example, connected IoT environments create new openings for bad actors: if they can infiltrate a single device, they may be able to gain unhindered access to the network. As noted ZDNETMeanwhile, LLMs are now used to enhance phishing campaigns by removing grammatical errors and adding cultural context, while generative AI solutions create legitimate-looking content, such as invoices or mail instructions electronics that inspire business users to take action.
For businesses, it is then easy to neglect the forest for the trees. Legitimate concerns about rising AI threats and expanding IoT risks can create a kind of hyperfocus for security teams that leaves networks unintentionally vulnerable.
Although there may be more attack paths, these paths ultimately lead to the same places: enterprise applications, networks, and databases. Consider a few Predicted Cybersecurity Trends for 2024, which include AI-created phishing emails, “lookalike” users, and convincing deepfakes.
Despite the differences in approach, these new attacks still target familiar targets. As a result, businesses have an interest in getting back to basics.
Focus on what matters
The value for attackers comes from stealing information, compromising operations, or holding data hostage.
This creates a funnel effect. At the top are attack vectors, ranging from AI and scam calls to vulnerability exploits and macro malware. As attacks move toward the network, the funnel begins to narrow. Although there are multiple avenues of compromise, such as public clouds, user devices, and Internet applications, they are far fewer in number than their attack vector counterparts.
At the bottom of the funnel is protected data. This data may exist in on- or off-premises storage databases, in public clouds, or within applications, but again, it represents a narrowing of the overall attack funnel. As a result, businesses are not forced to face every new attack head-on. Instead, security teams should focus on the common end goal of disparate attack vectors: data.
Effectively combating new attack vectors requires prioritizing familiar operations such as identifying critical data, monitoring indicators of attack (IoA), and adopting zero trust models.
Accelerate security defenses with AI
Back to basics
Imagine a company threatened by an AI-assisted attack. Using generative tools and LLM, the hackers created code that was difficult to spot and designed to target specific data sets. At first glance, this scenario may seem insurmountable: how can businesses hope to combat threats they cannot predict?
Simple: start with the basics.
First, identify the key data. Given the amount of information now generated and collected by businesses, it is impossible to protect every piece of data simultaneously. By identifying critical digital assets, such as financial, intellectual property or personal data, businesses can focus their protection efforts.
Next comes IoA monitoring. By implementing processes that help identify common attack characteristics, teams are better prepared to respond when threats emerge. Common IoAs can include sudden increases in access requests to specific data, performance issues in widely used applications without an identifiable cause, or an increased number of failed login attempts. With this information, teams can better predict likely attack paths.
Finally, Zero Trust models can help provide a buffer of protection if attackers manage to compromise login and password data. By adopting an always-on verification approach that uses a combination of behavioral and geographic data coupled with strong authentication processes, businesses thwart attackers at the last hurdle.
Function over form: implementing new tools
By focusing on the outcome rather than providing new attack vectors, businesses can reduce security risks. But it also makes sense to implement new tools like AI and LLMs to help strengthen cybersecurity efforts.
Consider generative AI tools. In the same way that they can help attackers create code that is difficult to detect and counter, GenAI can help cybersecurity teams analyze and identify common attack patterns, helping businesses focus their efforts on probable paths of compromise. However, it should be noted that this identification is not effective if organizations do not have the endpoint visibility to understand where attacks are coming from and which systems are at risk.
In other words, implementing new tools is not a panacea: they are only effective when combined with strong security hygiene.
For better safety, work smarter, not harder
Just as attackers can leverage new technologies to increase the effectiveness of compromises, businesses can leverage AI security to defend against potential threats.
However, malicious actors can act with impunity. If the AI-enhanced malware or phishing emails examined by LLM don’t work, they can simply go back to the drawing board. However, for cybersecurity professionals, an outage means compromised systems at best and stolen or ransomed data at worst.
The result? Safety success depends on working smarter, not harder. It starts by going back to basics: identifying critical data, tracking attacks, and implementing tools that verify all users. This improves with the targeted use of AI. By leveraging solutions such as IBM Security QRadar Suitewhich offers advanced AI threat intelligence, or IBM Security Guardian, which offers integrated AI anomaly detection, businesses are better prepared to counter current threats and reduce the risk of future compromise .