{"id":252406,"date":"2024-05-22T15:29:51","date_gmt":"2024-05-22T15:29:51","guid":{"rendered":"https:\/\/aijourn.com\/?p=252406"},"modified":"2024-05-22T15:56:33","modified_gmt":"2024-05-22T15:56:33","slug":"ai-cybersecurity-how-prepared-should-we-be","status":"publish","type":"post","link":"https:\/\/aijourn.com\/ai-cybersecurity-how-prepared-should-we-be\/","title":{"rendered":"AI &amp; Cybersecurity \u2013 how prepared should we be?"},"content":{"rendered":"\n<p>Policymakers, business executives and cybersecurity professionals are all feeling the pressure to adopt AI within their operations. With this, comes the threat of generative AI adoption outpacing the industry\u2019s ability to understand the security risks that these new capabilities will introduce.<\/p>\n\n\n\n<p>For IBM X-Force, IBM Consulting\u2019s security services arm, the expectation is that a universal AI attack surface will materialize once AI adoption reaches a critical mass. This will force organisations to prioritise security defenses that can adapt to these threats at scale.<\/p>\n\n\n\n<p>For the attackers, their best tool for compromising these networks may well be generative AI too, which is already emerging as a supplementary tool in the cyberattacker arsenal.<\/p>\n\n\n\n<p>Despite these looming generative AI-enabled threats, however, X-Force hasn\u2019t observed any concrete evidence of such cyberattacks being used directly to date or a rapid shift in attackers\u2019 goals and objectives from previous years.<\/p>\n\n\n\n<p>The risk remains, however, of other methods of cyberattack being enhanced by AI. In 2023, the IBM X-Force team discovered that many cybercriminals could wreak havoc on corporate networks by simply logging in through valid accounts\u2014and as bad actors begin investing in AI to help them identify priority targets, this problem is only expected to worsen.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>A Growing Identity Crisis<\/strong><\/h2>\n\n\n\n<p>According to <a href=\"https:\/\/www.ibm.com\/reports\/threat-intelligence\" target=\"_blank\" rel=\"noopener\">IBM\u2019s 2024 X-Force Threat Intelligence Index report<\/a>, cyberattacks caused by exploited user identities rose by 71% in the past year globally and represented 50% of all security incidents in the UK.<\/p>\n\n\n\n<p>Cybercriminals are increasingly seeking the path of least resistance to get through organisations\u2019 security measures. Chief among these inroads is the practice of exploiting valid accounts, which enables attackers to bypass initial security checks by simply logging in to an organisation\u2019s network.<\/p>\n\n\n\n<p>Given the ease and effectiveness of these attacks, criminal operations to gain access to users\u2019 identities have risen sharply over the past year. In addition to accessing compromised credentials from the Dark Web, attackers are innovating and investing in infostealing malware, designed to obtain personally identifiable information like emails, social media and messaging app credentials, and banking details. In 2023, X-Force witnessed a 266% rise in this type of malware.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What Now?<\/strong><\/h2>\n\n\n\n<p>With at-scale attacks harnessing generative AI looming on the horizon, it\u2019s never been more critical for organisations to carefully examine their networks and user access structure to ensure they\u2019re operating with sound security fundamentals.<\/p>\n\n\n\n<p>Just as businesses seek to leverage generative AI to summarise and prioritise data, cybercriminals may turn to it for data distillation: putting AI to work with the troves of compromised data they\u2019ve collected to identify the best targets for an attack. The interest is there\u2014in 2023 alone, X-Force observed more than 800,000 posts about AI and GPT on Dark Web forums.<\/p>\n\n\n\n<p>While these threats are poised to worsen as cybercriminals continue to innovate ways to expedite their attacks or improve their stealth, it\u2019s not a problem without a solution. There are actions organisations can take to better safeguard their networks from identity-based attacks.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Test &amp; Stress Test:<\/strong> Organisations should frequently stress test environments for potential exposures and develop incident response plans for when\u2014not if\u2014a security breach occurs. The stress tests that X-Force conducted in 2023 for clients revealed that identification and authentication failures (e.g. weak password policies) were the second-most observed security risk.<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Leverage Intuitive Tools: <\/strong>When it comes to securing users\u2019 access to networks, not only is it important to ensure a users are who they say they are, but they need to act like it too. It\u2019s paramount in today\u2019s environment to leverage behavioral analytics and biometrics as a form of verification. Habits, typing speed, and keystrokes are just a few examples of behavioural analytics that can verify a unique user is legitimate. AI-enabled tools can help detect and block anomalous behaviors before they achieve impact.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enforce Multi-Factor Authentication (MFA) for Users:<\/strong> Organisations can strengthen their credential management practices to protect system or domain credentials by implementing MFA and strong password policies to include the use of passkeys and leverage hardened system configurations that make accessing credentials more difficult.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What Next?<\/strong><\/h2>\n\n\n\n<p>For those in the process of exploring AI and defining their AI strategies, it\u2019s important to consider that securing AI is broader than AI itself. Organisations can leverage existing guardrails to help secure the AI pipeline. The key tenets to focus on are securing the AI underlying training data, the models, and the use and inferencing of the models, but also the broader infrastructure surrounding the models. <\/p>\n\n\n\n<p>The same access points that cybercriminals leverage to compromise enterprises pose the same risk to AI. And as organisations offload operational business processes to AI, they also need to establish governance and make operational guardrails central to their AI strategy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Policymakers, business executives and cybersecurity professionals are all feeling the pressure to adopt AI within their operations. With this, comes the threat of generative AI adoption outpacing the industry\u2019s ability to understand the security risks that these new capabilities will introduce. For IBM X-Force, IBM Consulting\u2019s security services arm, the expectation is that a universal &hellip;<\/p>\n","protected":false},"author":7150,"featured_media":252414,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"_glsr_average":0,"_glsr_ranking":0,"_glsr_reviews":0,"footnotes":""},"categories":[203],"tags":[],"ppma_author":[1424],"class_list":["post-252406","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","author-martinborrett"],"authors":[{"term_id":1424,"user_id":7150,"is_guest":0,"slug":"martinborrett","display_name":"Martin Borrett","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/672d630ad034e865f5b4a5013f41fd39?s=96&d=mm&r=g","last_name":"Borrett","first_name":"Martin","job_title":"","user_url":"https:\/\/www.ibm.com\/uk-en","description":""}],"_links":{"self":[{"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/posts\/252406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/users\/7150"}],"replies":[{"embeddable":true,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/comments?post=252406"}],"version-history":[{"count":2,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/posts\/252406\/revisions"}],"predecessor-version":[{"id":252436,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/posts\/252406\/revisions\/252436"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/media\/252414"}],"wp:attachment":[{"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/media?parent=252406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/categories?post=252406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/tags?post=252406"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/aijourn.com\/wp-json\/wp\/v2\/ppma_author?post=252406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}