As technology keeps expanding exponentially, cybersecurity keeps growing more complex—and AI is no exception. Without a doubt, AI is already increasing cybersecurity risks and has been for several years.
Sometime last year, one of our customers was hit hard by a cyberattack that was enhanced by AI (artificial intelligence). This customer is international, with teams and equipment spread across several continents, and their systems were accessed in a country where they were still using what we call a “legacy” system.
When we say they were hit hard, here’s what we mean:
They had to send every employee home; nobody could log on and work. They didn’t have functional systems or the ability to even log in and access company resources for weeks. Employees’ personal lives were impacted, as employees were pulled into manage the crisis.
Our customer first reported the attack to us in the middle of the month and after six weeks, the crisis finally started to settle down a bit.
Nothing could be remediated in the short term and instead, it required a massive effort to not only get their business back up and running, but to also ensure the attack wasn’t still active and present somewhere. Multiple, different components were impacted. We had to be certain that this attack wasn’t just the first wave of a multi-phase attack.
Cyberattacks already—unaided by AI—can be devastating to businesses and have been. So, what about AI is making them even more tricky and dangerous?
There are—as was even referenced in a recent episode of the show Billions—two ways for cybercriminals to attack: they can attack a system, or they can attack people. Sometimes they may attack people to gain access to a system, but these are the two essential vectors of a cybercriminal attack.
When cybercriminals attack your systems, they’re going after vulnerabilities within the system—often known ones. One of the most common ways companies get hacked this way is by not running software updates. Software companies release updates for multiple reasons, but often they include patches and fixes for different bugs, errors, and vulnerabilities in their code. When you don’t run these updates, or don’t run them in a timely fashion, it’s easy for cybercriminals to seek out those openings and attack.
The official term for these types of attacks is social engineering: when cybercriminals target people through phishing, baiting, etc. To trick and manipulate them into giving up some critical information, access, or even money. As we mentioned above, they can also manipulate them into giving them entry into your systems, without their knowledge, so they can then find a vulnerability in the system that’s further downstream.
The simplest way to think about AI is as a general-purpose tool that can be applied to just about any task. Artificial Intelligence at its core implies “a machine’s ability to combine computers, datasets, and sets of instructions to perform tasks that usually require human intelligence, such as reasoning, learning, decision-making, and problem-solving.”
Which means that while there are a multitude of exciting possibilities for AI in business—including in cybersecurity—it also means that cybercriminals are excited about its uses too. Cybercriminals can now use AI to be faster and more efficient in their attacks and go deeper—just like what happened to our customer. They’re using AI to:
Enhance attacks: by making it harder for cyber-defenses such as spam filters and antivirus software to detect a threat.
Create better manipulations: AI can be used to create even more realistic impersonations and fake data that can confuse and trick employees.
Automate and scale attacks: Just as you may be excited at AI’s potential to automate simple tasks and help you go faster at scale, so are cybercriminals. Cybercriminals can use AI to run and automate very large attacks with little to no extra effort.