
From typos to deepfakes: the new AI cybersecurity battleground
“Don’t open suspicious emails.”
This used to be the baseline mantra with cybersecurity training. Spotting a counterfeit data request was once simple: poor spelling, questionable email addresses, or a direct request for cash accompanied by an incredible story of a prince or ageing millionaire. But those days are over.
Head of Inside Sales, Northern Europe at Hornetsecurity by Proofpoint.
Generative artificial intelligence (AI) makes prepping sophisticated attack flows (which would have taken months to code) available with just a few keystrokes: as a result, spoofing or phishing emails today are often compelling, topical and personalized, making them hard to spot.
With widely available phishing kits (like Evilginx), threat actors can create fake login pages or even CAPTCHA pages with a planted JavaScript injection attack with ease. In other words, there are now even more intelligent ways for threat actors to penetrate a system and steal data quickly, all with the help of AI.
What types of AI-enabled attacks are on the market?
Many AI-powered attacks aim to trick people into revealing sensitive information. The top three types of AI attacks that business leaders in the UK are concerned about are AI-generated phishing, business email compromise, and malicious AI agents. Of these, AI-generated phishing is one of the most concerning, and with good reason.
There are multiple types of phishing, including deepfake video calls and vishing (voice phishing), a tactic that uses phone calls or other voice messages to impersonate a person or organization.
In recent years, there have been high-profile successful deepfake attacks like the $25 million heist on the engineering firm, Arup, where an employee was tricked into giving away millions of dollars via a fake internal meeting that seemed real.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If a business’s infrastructure simply relies on an employee’s ability to spot a fake without proper training, this opens it to the inevitable reputational damage and financial loss resulting from an attack.
Cybersecurity skill gaps need to be addressed: Security teams need to train their workforce on why phishing continues to be a serious threat and how AI is being used by threat actors to enhance those attacks, because even with AI-driven defenses, employees who are poorly or inconsistently trained could unwittingly lead to devastating outcomes.
The future of cyber resilience with AI: Fighting AI with AI
Despite the malicious use of AI, AI is an excellent ally in combating cyber-attacks. Next-gen data security and cybersecurity solutions use AI to process large amounts of logging and monitoring data to find anomalies and outliers, block threats, and make recommendations or adjustments to security controls.
AI is also very good at spotting behavioral indicators of compromise (IoC) and correlating seemingly unrelated security activities, making it a must-have capability in the AI era.
The message has never been clearer: today, businesses need to embrace product offerings that apply AI in cybersecurity because the attackers already have.
Additionally, to achieve strong cyber resilience, cyber awareness must be a top priority. AI-powered training solutions can further enhance this by automating, adapting and personalizing the experience for employees, based on their role and their response to ongoing phishing simulations, making it more engaging, efficient and effective.
The double-edged sword of AI presents a conundrum for professionals across sectors. AI is a good investment for security, but a majority of businesses are not deploying it effectively enough yet, which allows attackers to gain an advantage.
AI is here to stay and will continue to impact cybersecurity for the foreseeable future. As organizations embrace the benefits of AI in their day-to-day operations, it becomes even more imperative for them to safeguard against malicious exploits to ensure the integrity and reliability of their business systems in an increasingly interconnected world.
We've featured the best firewall software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
Head of Inside Sales, Northern Europe at Hornetsecurity by Proofpoint.
View original source — TechRadar ↗
Related stories

Zoom will let you add an AI receptionist at work, as 'businesses shouldn’t have to replace their phone system to…

What is the release date for X-Men 97 season 2 episode 5 on Disney+?

The Westies stars J.K. Simmons and Tom Brittney clap back at fan complaints that new MGM+ mob crime thriller is 'too…
