By Darren Guccione, CEO and Co-founder, Keeper Security
Artificial Intelligence (AI) has ushered in a new era of cyber threats where cybercriminals now use sophisticated AI tools to execute a range of attacks. At the RSA Conference 2024, the FBI San Francisco division warned individuals and businesses to be aware of the burgeoning threat posed by malicious actors using AI tools to execute sophisticated phishing and social engineering attacks and voice/video cloning scams. AI-generated fraudulent material is becoming increasingly “human” and more difficult to identify. In a recent study from Keeper Security, 95% of IT security leaders said that cyber attacks are more sophisticated than ever, with over half (51%) witnessing AI-powered attacks first-hand at their organizations.
The arsenal of AI tools at cybercriminals’ disposal facilitates a seamless convergence for launching cyber attacks. With this increasingly challenging threat landscape to contend with, how can businesses best fortify their defenses?
Prioritize Employee Education and Awareness Training
Employees are the first line of defense, and as cyber threats evolve, so should employee awareness training. Educating staff on emerging cybercriminal tactics, including AI-driven attacks, empowers employees to identify and report suspicious activities. Organizations must complement training initiatives with a comprehensive cybersecurity framework that goes beyond user education alone.
Leverage a Privileged Access Management Solution
Robust privileged access management ensures tight control over sensitive accounts and systems, such as IT admin accounts. Restricting access to these accounts mitigates the risk of unauthorized entry and potential data breaches, thwarting cybercriminals’ attempts to exploit vulnerabilities and limiting the impact if a successful attack does occur.
Organizations must carefully consider who can access which networks and accounts, especially the ones providing the proverbial “keys to the kingdom,” as well as those that contain the most sensitive business information. For instance, a convincing deepfake impersonating a C-suite executive would be far less effective in targeting a mid-level employee if that employee didn’t have access to sensitive data or systems.
Conduct Regular Software Updates and Uphold Secure Account Practices
Consistently updating software and devices bolsters security by promptly addressing vulnerabilities. Timely patching reduces the window of opportunity for hackers to exploit weaknesses and implementing secure backup protocols safeguards data integrity, offering protection against the potential for data loss resulting from cyber attacks.
Exercise Caution with Personal Information
With AI-enabled phishing emails, impersonation and deepfakes on the rise, vigilance is paramount when sharing personal or sensitive information online – particularly as cybercriminals leverage AI to make scams more believable. For example, scammers can use AI algorithms to analyze large amounts of data, generating a fake persona and utilizing a technique referred to as “synthesis,” which can realistically mimic someone’s voice. With these techniques helping cybercriminals look and act more legitimate than ever, verifying the authenticity of requests, using encrypted communication channels and exercising discernment, can all help mitigate the risk of falling victim to AI-driven scams.
One good practice here is asking for a second form of identification or verification before sharing any sensitive information and using an encrypted service to ensure information sent is only viewable by the intended recipient.
Enforce Strong Password Policies
AI-password cracking poses a significant threat to cybersecurity, as it can make this process faster and easier for cybercriminals. Purpose-built password cracking software has the ability to run through reams of known passwords and variations quickly. This is why implementing stringent password practices, including the use of complex and unique passwords, coupled with a secure password management solution, will reduce the likelihood of successful brute force attacks.
While the threat landscape continues to evolve, the core principles of cybersecurity remain steadfast in defending against both traditional and emerging threats like AI-powered cyber attacks. Basic measures such as upholding robust password management, enforcing the use of Multi-Factor Authentication (MFA), conducting ongoing employee training and maintaining software updates, are indispensable defenses against AI-fueled attacks. By prioritizing these fundamental practices, businesses can significantly bolster their resilience in the face of AI-powered cyber threats without the need for radical reinvention.