As hackers’ use of generative AI makes cyberthreats more frequent, more sophisticated and harder to detect, many businesses say they are unprepared, according to cybersecurity firm Keeper Security.
However, while organizations will need to improve their defenses, many of the core cybersecurity practices they already have in place remain fundamental even as they combat emerging AI threats, according to the engineered software company. to protect passwords, secrets and information remotely. relationships.
According to a report released this week by Keeper Security, 95% of IT and cybersecurity professionals surveyed said: cyberattacks are more sophisticated than ever – with the top two most serious emerging threats being AI-based attacks and deepfakes – and that they are not ready to fight back.
The growing wave of these more complex attacks is taking a toll, according to the report, based on a survey of more than 800 global IT and cybersecurity leaders. About 92% of respondents said they were seeing a year-over-year increase in cyberattacks perpetrated by what Keeper called “creative and relentless” cybercriminals. Attacks also have a cost: 73% of those surveyed said they had been the victim of an attack that caused them to lose money.
Within businesses, the main target of attacks are IT services groups, at 58%, followed by financial operations, supply chain management, data analysis and reporting, and R&D. Companies in the manufacturing, hospitality and travel sectors are among the most hacked, with attacks occurring weekly, while attacks in financial services occur monthly.
All three industries reported the most common attacks using malware, with those in the hospitality sector also reporting ransomware. The other two sectors say phishing is also common.
AI and phishing
Unsurprisingly, businesses see AI playing a role important role in phishing attackssomething organizations and cybersecurity vendors saw shortly after OpenAI released ChatGPT almost two years ago. Using generative AI tools, threat actors can fix flaws in their phishing emails – such as poor grammar and syntax, awkward wording, and typos – that served as attack signals. alarm to the people who receive them.
About 84% of people surveyed by Keeper said that phishing and smishing (text-based phishing) have become harder to detect due to hackers’ use of AI tools, and 42% said that AI-based phishing attacks are their biggest AI security concern.
Additionally, 51% say they are seeing an increase in phishing attacks. Other attacks on the rise include malware (49% noted this), ransomware (44%) and password attacks (31%).
“Today, 67% of businesses struggle to combat phishing attacks,” the report’s authors write. “The explosion of AI tools has intensified this problem by increasing the credibility of phishing scams and allowing cybercriminals to deploy them at scale. »
Combating AI Threats with AI
In this environment, organizations are turning to AI tools to protect them. According to market research firm Statista, the global AI cybersecurity market was worth $24.3 billion last year, but is expected to reach $24.3 billion. $133.8 billion by 2030.
“Businesses should use AI and ML (machine learning) on the front lines to mitigate attacks,” Harry Keir Hughes, principal consultant at Infosys Knowledge Institute, wrote in a blog post earlier this year. “For example, cybersecurity professionals review logs and events – all the incidents that occur on a daily basis – to sort out the events that are most dangerous to the business. Using AI, they can identify important logs and take action.
He added that “AI can automate threat hunting and improve security execution, including threat and malware detection, vulnerability detection, patch deployment as well as countermeasures and security checks”.
Stick to what works
At the same time, Keeper Security researchers said organizations should also continue to rely on cybersecurity practices already in place, such as data encryption to protect sensitive information from unauthorized access. According to the survey, 51% of respondents plan to increase data protection to combat AI threats.
Additionally, 45% said they plan to increase employee training and awareness, which has for years been a key tool in combating phishing attacks by teaching workers to spot both attempts phishing and smishing. Businesses will need to upgrade their training to handle modern AI-based fake messages.
Forty-one percent said they would invest more in advanced threat detection systems to have early warning systems against AI-based threats.