Mitigate AI-driven cyber threats from an Olympic perspective

Opinion piece: Zero trust in the age of AI: strengthening security frameworks

Opinion: The next Olympic and Paralympic Games will showcase the best athletes in the world; However, these highly anticipated sporting events are also expected to become a focal point for another reason. An increase in cybercrimes, writes Sharat Nautiyal, director of APJ security engineering at Vectra AI.

People and organizations continue to increase their adoption of artificial intelligence, and this has been further boosted by the arrival of generative AI (GenAI) tools such as ChatGPT and MS Co-Pilot. In fact, these tools are best described as “search engines on steroids” because of the speed at which they can process large volumes of data. It is not surprising that youThreat actors are now targeting the new attack surfaces created by the adoption of GenAI, which is giving More ways to infiltrate an organization and extract data.

A not-so-fun fact: the number of incidents reported during the upcoming Paris Olympics could be as many as 10 times bigger than previously observed at the Tokyo event, where a staggering 450 million individual cyberattacks were reported. Based on these figures, we should anticipate around 3.5 billion individual cyber attacks during the Paris event. A global cybersecurity risk that will be unprecedented in terms of magnitude and scale. As technology and security leaders, we must be prepared.

Understanding Olympic cybersecurity risk and why it is important

Identity-based threats and email compromise are already pressing concerns for security professionals; However, at the Paris Olympic Games these threats will reach new levels. Cybercriminals are expected to use GenAI to create everything from fake travel documents and event tickets to accommodation and vacation offers to lure unsuspecting people.

Since many employees use their work devices to manage personal tasks, such as booking a flight or a ticket to an event, they could be unknowingly putting their organization’s security at risk. To further complicate matters, many employees use Microsoft 365 collaborative tools on their mobile devices, so any threat from a business email breach (BEC) or phishing has the potential to impact the entire business ecosystem.

What makes detecting these Olympic-branded attacks more challenging is that GenAI tools for malicious cyber attacks are widely available to hackers on the dark web. Users do not need to have the ability to create a macro in Microsoft Word or even register and log in to produce and polish phishing emails at scale. These GenAI criminal tools will provide step-by-step instructions with multiple combinations of AI suggestions and large language models (LLM) to create compelling business email compromises (BEC) that look compelling and authentic. The impact on the Games will be widespread unless properly contained.

Using behavior-based AI threat detection to protect against lateral movement

Despite advances in technologies and artificial intelligence, one thing remains constant: the human element. Humans are fallible and threat actors know this, often exploiting their vulnerabilities through phishing and social engineering campaigns to gain a foothold in their victims’ networks.

While many breaches can be prevented with basic cyber hygiene tactics, most organizations continue to invest in protecting the perimeter of their network rather than focusing on much-needed security controls that can effect positive changes to protect against the primary vector of breaches. attack: lateral movement.

Chief information security officers (CISOs) should consider investing in creating a layered approach that not only includes preventative controls or looking at known behaviors, but also understanding and mitigating unknown threats. These threats require visibility, content and controls, with strategic security partners able to provide significant support in these areas. AI-powered behavior-based detection is the key to detecting unknown threats and allowing attackers to implement new and evasive methods.

Promote safer employee behavior using identifiable threat scenarios

Effective cybersecurity awareness campaigns consider the psychological aspect of human behavior. It aims to engage users by addressing cognitive biases, employing principles from behavioral psychology, and using relatable examples to promote safer online practices.

For example, simply reminding employees about GenAI threats may not have enough impact on its own to create the desired awareness and necessary behavior change. However, if you provide context and real-life examples, things change quickly. For example: “There have been many cases recently where people have been caught for Olympics-related scams, such as phishing emails or other fraudulent activities. Often when they use their work devices, they have exposed their workplace to a cyber threat. It could be you next time, so be aware and take preventative measures.”

By training employees, users and customers to be aware of these biases while developing strategies to mitigate their effects, cybersecurity professionals can make more accurate decisions and judgments and ultimately improve security and the resilience of your digital assets.

The path to success: Fighting AI-powered cyber threats in the GenAI era

The Paris Olympics may be a battle for sporting dominance, but it is AI that will be at the center of the battle for security this Olympic season. We now live in a world where GenAI tools are widely available. Cyber ​​attackers are working to develop AI-based capabilities to commit crimes faster, smarter, cheaper, and with very little skill required.

Taking the necessary steps to defend against the growing threat of AI-powered attacks within your organization can help protect against costly long-term security breaches, protect organizations from evolving attacks, and ensure we can enjoy and celebrate events. important like the Olympic Games. Games.

About the author:

Sharat Nautiyal is the dDirector of security engineering at Vectra AI.a cybersecurity company specializing in AI-based threat detection and response solutions. With several certifications, including CISSP, CISM, CRISC, and GCIH, Sharat is a respected figure in the cybersecurity community and shares his expertise through industry events and podcasts. Sharat’s contributions to cybersecurity are recognized in various media outlets, highlighting his expertise in AI-powered threat detection, XDR, zero trust, cloud security, and incident management.

Leave a Reply

Your email address will not be published. Required fields are marked *