Houston, Texas, United States – May 29, 2024 – 84% of critical infrastructure organizations in the United States identified the use of AI to drive cyber threats as a current security issue.
This dramatic increase in concerns about how cybercriminals are using AI is revealed in a new study conducted by Bridewell, a leading cybersecurity services company, among 519 cybersecurity employees at critical infrastructure organizations in the United States. United States, in sectors such as civil aviation, telecommunications, energy, transport, media, finance. services and water supply.
The study finds that 87% of respondents are concerned about AI-based phishing attacks, in which criminals use AI to radically improve the accuracy and wording of their emails at scale. Criminals can also use AI to complement their basic coding skills, lowering the barriers to entry for exploits and improving the sophistication of their malware.
These developments also explain why 86% of respondents expressed concerns about automated hacking. Meanwhile, 84% of respondents say they fear cyberattacks based on adaptive AI, which are constantly evolving their tactics, and 85% expressed concerns about the development of AI-based exploits.
All AI-based threats listed in the study are of concern to more than three-quarters (75%) of respondents, including polymorphic malware that mules with every infection. 80% say they fear this emerging threat.
The research also explored how critical infrastructure organizations are using AI to combat the growing use of AI by cybercriminal groups. AI-based exploits or techniques are not yet as effective as conventional cyber tactics, and companies can use AI-driven tools to protect their systems and infrastructure. With its ability to quickly analyze large data sets, AI can be a useful tool for detecting malicious activity in a system or network, as well as spotting anomalies and suspicious behavior.
The study reveals that the current deployment of AI in cyber defenses is still in its infancy. Fewer than three in ten organizations surveyed use AI-enhanced endpoint protection (29%), AI-based data loss prevention (28%), or AI-based phishing detection and prevention. AI (27%). However, almost all organizations (98%) use some AI tools – a trend that is sure to increase as cyber threats intensify and become even more sophisticated.
“While we are still in the early stages of AI-based cyberattacks, organizations’ concerns are not unfounded as the technology presents itself as a future threat,” said Chase Richardson, vice president of the advice at Bridewell. “Businesses can prepare for the looming AI arms race by integrating the technology into their cyber defense strategies. AI can be a positive force in helping critical infrastructure organizations improve their threat intelligence capabilities and accelerate their detection and response strategies.
