The use of artificial intelligence (AI) and machine learning (ML) by hackers has ushered in a new era of sophistication in cyber attacks, prompting organisations to transcend traditional defense methods and embrace extraordinary measures.
As the intensity of cyber threats escalates, it becomes increasingly evident that AI and ML play integral roles in the arsenal of modern hackers. However, Martin Potgieter, CIO at Nclose, advises against getting swept up in the hype and emphasises the importance of discerning fact from fiction.
“There’s undoubtedly a place for AI in cybercrime,” says Potgieter. “ChatGPT, despite its flaws and limitations, can be utilised by attackers for shrewd social engineering. Its ingenuity is sufficient to support such an attack vector, and I believe this will be one of the initial domains where AI truly gains traction in this field. Nevertheless, we still have a considerable way to go before witnessing undetectable, full-fledged attacks powered by super-intelligence.”
This is because highly advanced managed detection and response (MDR) systems possess the capability to identify sophisticated threats. AI remains akin to a less astute relative, unable to match the resourcefulness of human hackers. However, this limitation doesn’t undermine its ability to infuse natural language into social engineering attacks. The technology is more than capable of facilitating the orchestration of truly malevolent attacks that bypass human defenses. People still expect dubious emails to exhibit correspondingly dubious writing. This represents the weakest link in any security system and where AI truly excels.
“At present, AI is proving itself as another valuable tool in the hacker’s arsenal,” asserts Potgieter. “It will introduce a whole new level of phishing and is likely to advance from this foundation into more intricate and intelligent attacks. Security teams and companies should focus their attention on defenses that curtail or hinder the success of social engineering attacks.”
In today’s digital landscape, combatting cyber threats necessitates a human touch. Organisations must ensure their employees are aware of the risks and engage in continuous training to foster the ability to identify and report potential threats, rather than inadvertently clicking on malicious links. Ongoing education has never been more crucial. As threats become increasingly sophisticated, training and awareness must keep pace.
However, it’s not only hackers who can harness AI to their advantage. As organisations strive to fortify their security postures, it is vital to invest in tools and technologies that possess the capacity to enhance their defense and detection capabilities.
“AI is equally capable of providing defenders with intuitive and intelligent functionalities, and the solutions being implemented today are already utilising AI and ML to augment their capabilities,” explains Potgieter. “It’s important not to be excessively preoccupied with the buzzwords surrounding AI and ML and succumb to panic. The way forward lies in security solutions and teams that possess an innate comprehension of how to strike a balance between technology and reality.”
Traditional security is not about to be overrun by machines. AI will not infiltrate systems and dismantle them, leaving organisations in disarray. The present reality is that AI and ML capabilities remain limited, constrained by their inherent complexity. They serve as tools, at best, aiding hackers in their attacks.
“To safeguard your business, there is no need to dismantle existing systems or invest exorbitant sums in various AI defense mechanisms; you simply need to ensure that your security service provider is informed, adaptable, and prepared,” concludes Potgieter. “Attacks leveraging AI and ML represent a progression in cyber attacks, but they are defensible. All it takes is skill, expertise, and a hefty dose of reality.”
Featured image by kjpargeter on Freepik