AI and the Changing Cybersecurity Landscape in 2024
Expect to see the cybersecurity landscape continue to change throughout 2024. There will likely be increased regulatory scrutiny at the federal and state levels over the coming year as government authorities seek to encourage prompt, accurate, and complete disclosure of security threats and management-level preparedness. The tech industry will take more steps to embed security as a core feature of the development lifecycle.
The biggest changes, however, may occur due to technology. Unsurprisingly, as technologies evolve and new ones emerge, the cybersecurity landscape is affected — both on the cyber threat and defense sides. Artificial intelligence (AI), in particular, has a significant impact.
AI and Cybercrime
Cybercriminals are embracing and leveraging AI, including its’ subset machine learning (ML), much faster than most commercial and in-house cybersecurity teams. (They don’t have to go through all the red tape associated with implementing new technologies and are not opposed to sharing tools on the Dark Web.)
These malicious actors have discovered that technology makes it easier for them to launch attacks with fewer resources and skills, enhance their capabilities, and make their attacks more stealthy, sophisticated, and adaptive. Armed with the possibilities that AI offers, cybercriminals aren’t holding back.
A 2023 cybersecurity report by Sapio Research and Deep Instinct reported that 75% of the security professionals surveyed said they had seen an increase in attacks over the past year. The use of generative AI by bad actors was noted by 85% of them.
75% of security professionals saw an increase in cyberattacks over the previous 12 months…, and 85% attributed the rise to generative AI.
In their efforts to access networks, systems, and valuable personal and corporate information, cyber thieves and hackers use AI for everything from phishing emails to keystroke monitoring malware. They’re employing it to create deep fakes, mimicking human interactions in email, voice generation, and chat conversations as a means to con people. They’re also using it to hide “intelligent” malware — malware that’s capable of learning and adapting — in commonly downloaded programs.
Generative AI, a subset of ML, is particularly interesting to cybercriminals in terms of its use to help deceive their targets. Using text, images, sound, and other inputs, along with deep neural networks and machine learning algorithms, bad actors can create realistic outputs (voices, images, etc.) that mimic respected individuals such as a company CEO or trusted advisor. These outputs can then be used to con individuals — or even organizations — into turning over personal, financial, proprietary, or other types of information.
Intelligent malware is also becoming a common cyber threat tool among nation-states and nefarious organizations. AI-driven technologies are being used to conceal “intelligent” malware. Once the malware is downloaded via commonly downloaded programs, it’s triggered by one or more factors. These delayed self-executing attacks enable the malware to collect user information, such as authentication and identity management processes.
In addition, intelligent malware can learn from unsuccessful and successful attacks. The malware self-propagates by detecting and exploiting system vulnerabilities, adapting to mitigation measures, and launching new attack types. ML also enables the malware to learn from system maintenance and blend into an organization’s security environment. And that’s just the tip of the proverbial iceberg regarding the current and potential uses of AI-related technologies in cybercrime.
AI and Cyber Defenses
Fortunately, the same AI-powered tools and technologies that equip cybercriminals with advanced capabilities are also proving useful for cybersecurity.
Case in point: AI can provide a faster, automated means for detecting and identifying cyber threats. Integrated into security solutions, AI can monitor network and system activities in real time. It can help identify false positives, which is a major challenge for human analysts. It can be used to strengthen access control measures.
AI-driven Cybersecurity Opportunities
Unauthorized connections, abnormal credential usage, and other anomalies can be immediately detected and analyzed. The use of AI also enables cybersecurity teams to draw statistical inferences and protect against anomalies before they are reported and fixed.
These AI-powered tools can be used across multiple IT environments and devices, including the cloud, data center, enterprise networks, and IoT devices. The tools allow for automatic updating and threat vetting of network, server, payload, endpoint, firewalls, and anti-virus, as well as diagnostic and forensics analysis for cybersecurity.
AI also enables network surveillance and threat detection tools to support cybersecurity professionals by reducing noise, providing priority alerts, employing contextual data supported by evidence, and through automated analyses based on correlation indexes from cyber threat intelligence reports.
In terms of incident response, AI-powered software applications and platforms can examine older data sets and study anomalies in network activities to find incident root causes. If the incident analysis discovers a system vulnerability (instead of malicious exploitation), predictive analysis can provide insights into the consequences of the exposure. Once the causes of an incident are identified, prescriptive analytics can be leveraged to respond to the incident based on recommendations to contain and eradicate the causes of the incident permanently.
AI and ML can also help Security Orchestration Automation and Response (SOAR) products by integrating automation, incident management, orchestration, visualization, and reporting in a single interface. In addition, SOAR can give security operations center (SoC) teams a quicker, more accurate means of managing the massive amounts of data generated by cybersecurity systems and assist them in identifying and resolving potential or active attacks.
As with the threat side of the cybersecurity landscape, this is all just scratching the surface of what AI can do for cyber defenses.
What Does It Mean for You
With cybercriminals armed with AI technologies, it will be all the more important for organizations to employ AI to combat them. Look for cybersecurity solutions incorporating AI and ML. Be aware of the emerging and evolving threats spurred by AI and other technologies. Don’t hesitate to reach out to third-party companies that specialize in cybersecurity and stay on top of the latest threats and solutions.
AI has the potential to make cybercriminals smarter and more dangerous. But it also can help strengthen cybersecurity to defend against and mitigate the threats. Learn how US Signal can help. For information, contact us.