The rise of Artificial Intelligence (AI), Large Scale Language Models (LLM) and IoT solutions has created a new security environment. Being taught to write malicious code Enterprise IT teams are constantly on the move as attackers increasingly exploit connected devices as a means to move laterally across networks. According to Google Cloud's 2024 Cybersecurity Predictions report, enterprises should expect a surge in attacks leveraging technologies like generative AI tools and LLM as they become more widely available.
The result is a harsh reality for network guardians: the pace is impossible to keep up. Attackers benefit from a sporadic approach to compromising business networks by any means necessary, but companies are better off keeping their security tight. This creates an imbalance: defenders must stay the course while malicious actors push the envelope.
But it's not all bad news. A back-to-basics approach can help businesses reduce risk, mitigate impact, and improve threat intelligence. Here's how:
What's new becomes old again
Attack vectors are evolving. For example, connected IoT environments create new opportunities for malicious actors: Compromising one device could give them unfettered access to the network. Meanwhile, as ZDNET points out, LLMs are used to improve phishing campaigns by removing grammatical errors and adding cultural context, while generative AI solutions create legitimate content, like invoices and email instructions, that prompt business users to take action.
For enterprises, this can easily lead to missing the bigger picture: legitimate concerns about rising AI threats and expanding IoT risks can leave security teams overwhelmed and unintentionally leaving their networks vulnerable.
There may be other attack vectors, but these ultimately lead to the same places: enterprise applications, networks, and databases. Cybersecurity Trend Predictions for 2024 This includes AI-created phishing emails, doppelganger users, convincing deepfakes, and more.
Though the approaches are different, the targets of these new attacks remain familiar, so businesses are best served by going back to basics.
Focus on what matters
Value to attackers comes from stealing information, compromising operations, and holding data hostage.
This creates a funnel effect. At the top, there are all kinds of attack vectors, from AI to scam calls to vulnerability exploits to macro malware. As the attack moves towards the network, the funnel begins to narrow. There are multiple breach vectors – public cloud, user devices, internet-facing applications – but they number far fewer than the corresponding attack vectors.
At the bottom of the funnel is the protected data. This data may reside in on-site or off-site storage databases, the public cloud, or within applications, but it also represents a shrinking of the overall attack funnel. As a result, companies no longer need to address every new attack head-on. Instead, security teams must focus on the common end goal of various attack vectors: data.
To effectively combat new attack vectors, you must prioritize familiar actions such as identifying critical data, tracking indicators of attack (IoA), and adopting a zero trust model.
Accelerating security defense with AI
Back to Basics
Consider a business under threat from an AI-assisted attack. Hackers have used generative tools and LLMs to create code that is hard to find and designed to target specific data sets. At first glance, this scenario seems insurmountable. How can businesses combat an unpredictable threat?
Simple: Let's start with the basics.
First, identify the data that is important. Today, the amount of information that companies generate and collect is so huge that it is impossible to protect all of the data at the same time. By identifying important digital assets such as financial data, intellectual property data, and human resources data, companies can focus their protection efforts.
Next comes tracking IoAs. By implementing a process that helps identify common attack characteristics, your team will be better prepared to respond when a threat occurs. Common IoAs include a sudden increase in requests to access a specific data, performance issues with a widely used application with no identifiable cause, or an increase in the number of failed login attempts. With this information, your team can better predict possible attack paths.
Finally, the Zero Trust model helps provide a barrier of defense if attackers compromise login and password data. By adopting an always-on verification approach that combines a combination of behavioral and geographic data with a strong authentication process, companies can stop attackers at the last hurdle.
Form over function: Introducing new tools
Companies can mitigate security risks by focusing on outcomes rather than inputs of new attack vectors, but there are also cases where new tools such as AI and LLM are implemented to enhance cybersecurity efforts.
Consider generative AI tools. Just as they help attackers write code that is difficult to detect and counter, GenAI can help cybersecurity teams analyze and identify common attack patterns, allowing companies to focus on possible vectors of compromise. Keep in mind, however, that this identification won't be effective if companies don't have the endpoint visibility to understand the source of the attack and which systems are at risk.
In short, implementing new tools is no panacea; they are only effective when combined with strong security measures.
To improve security, work smarter and harder
Just as attackers can leverage new technologies to increase the effectiveness of their breaches, businesses can leverage AI security to defend against potential threats.
But bad actors can act with impunity: if their AI-enhanced malware or LLM-verified phishing emails don’t work, they simply start over. But for cybersecurity professionals, failure can only mean that at best, their systems are compromised, and at worst, their data is stolen or held for ransom.
As a result, security success is about working smarter, not harder. This starts by going back to basics: identifying critical data, tracking attacks, and implementing tools that validate every user. Security improves with the targeted use of AI. By leveraging solutions such as IBM Security QRadar Suite with advanced AI threat intelligence and IBM Security Guardian with built-in AI anomaly detection, businesses can be better prepared to combat current threats and reduce the risk of future breaches.
