by How to defeat evil with evil.
By Rupal Hollenbeck, President of Check Point Software Technologies
It is a fact that artificial intelligence has already changed our relationship with technology. It is not easy to determine with precision the areas where AI has the most impact. Although it can be applied in many contexts, it stands out particularly when it assists human teams in specific missions. For many companies, one of the most decisive AI investments concerns cybersecurity.
For modern businesses, regardless of their size, cyberattacks represent a major risk. According to our research, the number of weekly cyberattacks worldwide increased by 8% in the first six months of 2023. These attacks can have serious consequences, ranging from ransom payments to the shutdown of essential services in key economic sectors, as was the case with the Colonial Pipeline breach.
Threat actors are quickly turning to new technologies, including artificial intelligence, to target their attacks more effectively. In 2021, at the time of the Colonial Pipeline attack, cybersecurity incidents resulted in a successful breach in 18% of cases according to the Verizon Data Breach Investigations Report. Since then, the success rate has exceeded 30%. As threat actors turn to AI to gain efficiency, companies worldwide must evolve in tandem, not only to respond to these threats, but also to prevent them.
Threat Actors and AI
Cyber threat actors extensively use artificial intelligence to make a significant impact, especially in the cloud. Social engineering attacks are probably the most obvious manifestation of this trend.
According to KnowBe4, social engineering attacks, including those carried out through phishing, account for at least 70% of malicious breaches. Attackers do not necessarily exploit technical vulnerabilities, but rather persuade users to disclose their login credentials. To do this, they generally send emails containing malicious attachments and impersonate legitimate senders. Since the emergence of generative AI models in 2022, this attack vector has become considerably more dangerous.
Threat actors are experts in finding malicious applications related to technological advances, and ChatGPT is no exception. They have found that despite safeguards in place, it is easy for them to use this tool to write malicious emails for phishing campaigns. In the past, the majority of phishing emails had obvious indicators such as grammar errors, unusual word choices, typos, and other anomalies that raised suspicion. This fundamental barrier has disappeared as threat actors now use generative AI to create perfectly formulated and often personalized phishing lures. These engines are generally equipped with natural language encoding and can be used to create malicious files for deployment.
Generative AI lowers the entry barriers throughout the attack lifecycle. The effects of this generative AI boom may already be noticeable: our research shows that email-based attacks peaked in 2023 and represent 86% of all file-based attacks we recorded. Other forms of AI also strengthen the capability of threat actors as it allows for automating attacks, identifying vulnerabilities, managing botnets, and carrying out other malicious activities. They use artificial intelligence as a force multiplier.
Reducing your risks is optimizing your cyber resilience
In recent years, attacks have targeted various entities, including multinational corporations, regional public services, as well as schools and hospitals. The majority of these organizations have very limited expertise in cybersecurity. It is therefore not surprising that threat actors take advantage. During the first half of 2023, companies in the healthcare sector experienced 1,634 cyberattacks per week, an 18% increase compared to the previous year.
The financial consequences of an attack can be severe and varied: ranging from ransom demands to the leakage of commercially sensitive information, to the costs related to business interruptions and many other implications. In some cases, they lead to legal proceedings and transactions that amount to hundreds of millions of dollars. Faced with increasing indemnity demands and the growing awareness of insurance companies regarding the extent of risks related to cybercrime, the insurance industry has raised premiums to levels that are prohibitive for most companies.
Furthermore, even the best-funded companies may not necessarily anticipate the deployment of adequate human security personnel and expertise to face all modern threats without using a force multiplier. This is where defensive AI comes into play. Regardless of the other technologies or innovations you implement, they will always be exposed to the risk of a cyberattack capable of blocking your activities or engaging the company’s liability in a potentially catastrophic situation.
On the other hand, new technologies provide new entry points for malicious actors. This phenomenon is particularly evident with Internet of Things (IoT) devices. As cybercriminals adapt and become more effective when using AI in their attacks, companies must use AI to combat this threat with a prevention mindset. Current point solutions have significant and avoidable gaps as well as limited interoperability. Implementing a consolidated cybersecurity platform that integrates AI for better proactive detection and continuous remediation exponentially strengthens cyber resilience. This approach allows for the identification of abnormal behaviors according to strictly defined Zero Trust policies and offers robust protection against various forms of attacks.
AI has brought about real advances in the fields of commerce, health, education, logistics, and other essential sectors for our society. Let us not forget that these advances are not guaranteed and must be protected. Prevention-focused cybersecurity is within reach of all companies, regardless of their size, through AI-based solutions. This type of consolidated security posture then constitutes the next generation of protection.
