Corporations and small businesses are overwhelminglytargeted by threat actors who are motivated by money: Money is the motive inmore than 9 out of 10 incidents. Profit-based cyberattacks tend to end in somekind of negotiation. Nation-state cyberattacks want to quietly stealintelligence or cause damage. But here’s a key point: We often seeorganizations underestimate their value as a target to a foreign nation-stateand not realize that they can be used to reach the real target, a governmentagency. We see far more attacks on private entities that serve as part of thesupply chain of critical infrastructure and governments. Significantinterruption to one player in the chain can cause a domino effect. We also seemore and more overlap between different categories of attackers in terms ofattack vectors, tactics, and techniques. This means more risk, even for smallorganizations.
With AI grabbing everyone’s attention, cybercriminals andstate-associated threat actors are constantly looking for ways to utilize AI intheir attacks. In the short term, attackers with AI have an advantage. They canquickly leverage the strengths of Generative AI (GenAI), such as creatingmalware or automating better phishing copy. Plus, they don’t have to worryabout the things that defenders worry about. More than that, the bad guy’s AIimplementation doesn’t have to be perfect – they just have to get it right andsucceed in an attack once, while defenders have to get it right all and everysingle time. In the longer term, the picture is less clear, but historysuggests that it will largely even out.
Most attackers are not developing their own AI systems butare relying on third-party AI tools, some of them widely available, that offerguidance on how to do things. These tools have limited use for attackers, butthey can leverage these tools more aggressively and negligently – than softwarevendors, which gives them an advantage. Criminal attackers will not developtheir own AI systems but will rely on off-the-shelf solutions. The winner willbe the one who invests more in training the AI models.
Most cybersecurity teams are just getting started with their AI journey. For the majority of cybersecurity vendors, it’s mostly a marketingtool for now, but we’re starting to see how AI can deliver benefits incybersecurity. We see the implementation of AI in advanced email security andspam filtering platforms, Endpoint Detection and Response (EDR), SecurityInformation and Event Management (SIEM), and User and Entity Behavior Analytics (UEBA) solutions. Ultimately, organizations are looking for real AI systemsthat can think and make decisions for themselves. No doubt, AI will take on anincreasingly important role in cybersecurity.
It’s more important to stay focused on your cyber defenses,make sure your team is properly trained and has the resources to make the mostof your security tools, and then identify and close the gaps in your defenses.That’s how you build cyber resilience for your organization.
