Cyber resilience through consolidation part 2: Resisting modern attacks
Why awareness of every application, every piece of data it touches and every network connection it conducts is critical to cyber resilience. …
It’s no secret that the cybersecurity industry is growing exponentially in terms of emerging technology – but with new tools come new attack vectors. This also brings streamlined approaches to already implemented tactics. For example, according to Acronis’ recent threat report, the number of email-based attacks seen thus far in 2023 has surged by 464% compared to the first half of 2022.
While AI is not 100% responsible for this jump, we know that ChatGPT has made it easier for ransomware gangs to craft more convincing phishing emails — making email-based attacks more prevalent and easier to initiate.
In this follow up piece to yesterday’s post, Cyber resilience through consolidation part 1: The easiest computer to hack, we’ll discuss some of the latest advancements in AI and other emerging technology, and how to best protect your organization from new threats.
With rapidly developing innovations in the tech field and exponential growth in use cases, 2023 seems to be the year of AI. As ChatGPT and other models dominate global headlines, the average user can access ground-breaking tools that can mimic human speech, crawl through years of human-generated text and learning via sophisticated intelligence models.
Event
VB Transform 2023 On-Demand
Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.
In due time, cybercriminals will also look at ChatGPT and other similar tools to help carry out their attacks. These large language models (LLMs) can help hackers accelerate their attacks and make it easy to generate ever-changing phishing emails with multiple languages and with little to no effort.
AI isn’t only being used to mimic human speech, however; it is automating cyberattacks. Attackers can utilize the technology to automate attacks and analyze their own malicious programs to make them more effective. They can also use these programs to monitor and change malware signatures, ultimately skirting detection. There are automated scripts to create and send phishing emails and to check stolen data for user credentials.
With efficient automation and the help of machine learning (ML), attackers can scale their operations and attack more targets with more individualized payloads, making it harder to defend against such attacks.
One of the more interesting methods of attacks is when attackers try to reverse engineer the actual AI models themselves. Such adversarial AI attacks can help attackers understand weaknesses or biases in certain detection model, then create an attack that is not detected by the model. Ultimately, AI is being used to attack AI.
Business email compromise remains a major challenge
It’s not just AI that’s evolving — new email security controls have the ability to scan links to phishing sites, but not QR codes. This has led to the proliferation of criminals using QR codes to hide malicious links. Similarly, malicious emails are starting to use more legitimate cloud applications such as Google Docs to send fake notifications to users that usually go unblocked. After Microsoft Office began to make it more difficult for malicious macros to be executed, cybercriminals shifted towards link files and Microsoft OneNote files.
The old paradigm of castles with a moat is long gone when it comes to cybersecurity. Many companies have started to move away from virtual private networks (VPNs) towards zero trust access, which requires all access requests to be dynamically authorized without exception. They are also monitoring behavior patterns to detect anomalies and potential threats. This enables access to verified users from anywhere, without opening the floodgates for attackers.
It is, unfortunately, still a fact that most companies will get breached due to simple mistakes. However, the main difference between the companies that get breached and those that don’t is how fast they detect and react to threats.
For example, systems that inform a user that their password was stolen last week are helpful, but it would have been better if the system told the user in real time and even changed the password automatically.
Building a proper defense through simplicity and resiliency
Despite the mounting issues cyberattacks pose to both individuals and businesses alike, it’s still possible to stay ahead of the game and outsmart cyber attackers. Overcomplexity in cybersecurity is one of the biggest issues: Businesses of all sizes install too many tools into their infrastructure and create a large surface area for potential cyber-attacks to infiltrate.
A recent study showed that 76% of companies had at least one production system outage in the last year. Of those, only 36% were attributed to classic cyberattacks, whereas 42% were due to human errors.
Additionally, Microsoft recently found that 80% of ransomware attacks were caused by configuration errors, which could otherwise be mitigated had organizations had fewer protection solutions to configure and manage.
By reducing the number of security vendors involved in infrastructure, organizations also save a substantial amount of training time on the latest versions of each tool. They also save money, freeing up resources for other, more profitable areas of their business. With good integration, tools can work efficiently across silos.
Be aware of every app and data it touches
There have also been effective advances in behavior-based analysis that analyzes and catalogs what individual applications do on a system. This includes endpoint detection and response (EDR) and extended detection and response (XDR) tools, which help tech leaders gather more data and visibility into activity. Awareness of every application on a system, every piece of data it touches and every network connection it conducts is critical.
However, our tools must not burden administrators with thousands of alerts that they need to analyze manually. This can easily cause alert fatigue and result in missed threats. Instead, administrators should leverage AI or ML to automatically close out false alerts to free up security engineers’ time so they can concentrate on critical alerts.
Of course, the use of these technologies should be expanded beyond just typical security data. The field of AIOps and observability increases visibility of the whole infrastructure and uses AI or ML to predict where the next issue will occur and automatically counteract before it’s too late.
AI or ML behavior-based solutions are also especially important, as signature-based detection alone will not protect one against the many new malware samples discovered every day. Additionally, AI can enhance cybersecurity systems if tech leaders feed in the right information and data sets, allowing it to evaluate and detect threats faster and more accurately than a human could.
Taking advantage of AI and ML is essential to staying ahead of the attackers, although it is also important to remember that some processes will always require human involvement. AI or ML is to be used as a tool, never a replacement. Once fine-tuned, such systems can help to save a lot of work and effort and can ultimately preserve resources.
Overall, it’s always important to create comprehensive defenses and stay resilient in your fight against cybercriminals. Organizations need to prepare for attacks and prevent them as early as possible. This includes quickly patching software vulnerabilities using multi-factor authentication (MFA) and having a software and hardware inventory.
Offense, not just defense
Finally, organizations should test their incident response plan. They should perform periodic exercises to verify if they could restore all critical servers in the event of an attack and ensure they are equipped to remove malicious emails from all inboxes.
Being cybersecurity-savvy requires preparation, vigilance and playing offense, not just defense. Even with the mounting sophistication of some attacks, equipping oneself with knowledge of how to spot phishing attempts or keeping credentials unique and safe will help exponentially in the fight against cyber threats.
In short, the key to achieving cyber resilience is through consolidation and eliminating the needless over-complexity that plagues small and large businesses everywhere.
Candid Wüest is VP of Research at Acronis.
DataDecisionMakers
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!