Worried about the Cyber Threat from AI? Focus on the basics!

 “Insanity is doing the same thing over and over again and expecting different results" is a quote often attributed to Albert Einstein. 

It actually came from Rita Mae Brown, a novelist.

It applies well to all elements of life and business – and in particular to cyber security.

If you don’t robustly train your people, protect against malware, patch your software, authenticate your users and encrypt your data, don’t be surprised if you remain a target.

What about AI?

There is a question that I have heard at various conferences this year asking about the cyber security threats we are facing from AI.

The answers have included things like deep fake video and audio attacks and sophisticated automated scam targeting individuals.  Nation state actors with big budgets and evil designs will use cutting edge AI to target, access and exploit systems.  Where the purpose is political and espionage, this may be the case.

The Verizon 2024 DBIR 2024 Data Breach Investigations Report | Verizon did keep an eye out for any indications of the use of generative artificial intelligence in attacks and the potential effects of those technologies, but reported nothing significant.

Actors may be researching the use of deep fake video and audio for spear phishing.  There have been reports of a growing problem of fake video in South Korea, although not as cyber-attacks. Some APTs may be planning to use AI to generate mis-information or uncover more zero-day vulnerabilities to exploit, so should not be ignored.

Some things it is being used for now include:

• There is the use of AI or Machine Learning in amplifying existing techniques.
• Phishing attacks seem to be using better spelling and grammar. 
• Scanning and sniffing can be done faster and more often if automated.
• Pouncing on reported CVE can be done faster with the right tools.

These are stronger and faster versions of what has been around for a while.

What about now?

Cyber attackers, particularly criminals, on the other hand will attack where they see the opportunity and the chance of reward.

Verizon’s report has Organised Crime responsible for just under 70% of breaches.  Two of their top “ways-in” in the report are stealing Credentials and Phishing, accounting for 68% of the total.

The OWASP Top 10 from 2021 (due to be updated next year) has Broken Access Control, Cryptographic Failures, Security Misconfiguration and Vulnerable, Outdated Components, and Identification and Authentication Failures in 5 of the top 7 places.

Organised crime is looking for easy rewards where it can.  It is interested in cash out and will not spend more than it has to or make like more complicated that it needs to.

1.    If you train your people well, you will reduce the likelihood of clicking through on Phishing emails – even with better grammar.

2.    If you have robust identity and access management with muti-factor authentication supported by good authorisation controls, you will reduce the likelihood of credential theft and escalation.

3.    If you either patch automatically or have a slick assessment process, you will reduce the likelihood of breaches through vulnerabilities.

4.    If you have Anti-virus / Anti-malware tools checking traffic coming into your systems, you will reduce the likelihood of exploitable tools being inserted.

5.    If you encrypt the data in your database(s) well, and secure it when it’s moving, you will reduce the likelihood of detection and usable extraction.

In fact, in a recent survey from ISC2, AI in Cybersecurity: Is the Profession Ready? | ISC2 Survey Report, 82% of those surveyed believe AI and Machine Learning will improve their job efficiency.

It doesn’t really matter if criminals use AI for acceleration or amplification, doing the basics will reduce your likelihood of harm!