Are your cyber defenses ready for AI?
By: Jeff Olejnik, Principal at Wipfli LLP – Cybersecurity Services
ChatGPT can prepare comprehensive reports within seconds, eliminating hours of research and writing. And it’s often hard to distinguish between human-made and bot-made work. The potential applications are exhilarating. And terrifying — especially when you start thinking about cybersecurity.
Old tools in new hands
Artificial intelligence (AI) and machine learning aren’t new tools. Companies have used AI for years to make smarter and faster decisions about everything from inventory to finances. Security tools use AI to classify behaviors as “normal” or “unusual,” and to quickly flag potential threats for investigation.
But now, the power of generative AI is accessible to more people. In the wrong hands, it can be used for nefarious purposes. It took ChatGPT about 40 seconds to come up with five ways it could be used to carry out cyberattacks. When asked “How could cybercriminals use ChatGPT?” it suggested:
- Social engineering: Cybercriminals can use ChatGPT to craft convincing messages that appear to be from a legitimate source, such as a bank or a government agency, and use them to trick people into divulging sensitive information such as login credentials or personal identification details.
- Phishing: ChatGPT can be used to generate sophisticated phishing emails that trick recipients into clicking on malicious links or downloading malware.
- Spamming: Cybercriminals can use ChatGPT to generate large volumes of spam messages that are difficult to distinguish from legitimate communications.
- Malware attacks: ChatGPT can be used to generate code that can be used to exploit vulnerabilities in systems and launch malware attacks.
- Fraud: Cybercriminals can use ChatGPT to generate fake documents, such as invoices or receipts, which can be used in fraudulent transactions.
The creators of ChatGPT and similar technologies acknowledge there are potential security risks and have implemented some safeguards to respond negatively to questions about conducting illegal activity.
But crafty individuals many times can bypass the negative response by simply rephrasing the question. In addition, there are no current regulatory boundaries around how the tools are used. That means it’s up to companies to predict and mitigate threats.
AI will exponentially increase the velocity and sophistication of cyberattacks, which could make phishing and social engineering schemes even more convincing.
No wonder CTOs are losing sleep.
Are you ready to protect yourself?
Modern cybersecurity requires a layered approach. Companies need a combination of preventive, detective, and responsive capabilities to thwart criminals.
In this era of AI, companies also need two essential cybersecurity capabilities:
- AI-enabled detection: It’s time to fight fire with fire. Companies need 24/7, AI-enabled security monitoring to spot indicators of compromise. AI can analyze traffic patterns and identify suspicious activities such as large data transfers or atypical login attempts.
For some companies, building out the tools and staffing for 24/7 monitoring isn’t practical. But they can’t afford the fallout from a cyberattack, either. In these situations, companies can get affordable security capabilities through a service provider.
Security as a service (SECaaS) partners use AI to continuously look for threats. They see vulnerabilities internal teams tend to overlook, and they have deeper insight into best practices and emerging threats. Security partners can tap into global threat intelligence sources, so their detection models are up to date and ready for new threats.
- Advanced attack simulation: How do you know if your detection and response capabilities are working? You have to test them. Companies need to simulate sophisticated attacks to protect against potential threats.
Simple IT audits and vulnerability scans aren’t enough anymore. Companies need hired testers to simulate real-world attacks, including social engineering schemes and automated external authentication attempts.
See how your IT team, security tools and partners fare against different types of cyberattacks. Identify whether attacks were blocked, detected, or missed entirely. Then, fine-tune your detection and response capabilities. It’s better to discover weaknesses during a simulation than after a data breach.
These capabilities are essential to combat AI-driven attacks, but they’re not a silver bullet. The threat landscape is evolving rapidly, so companies need layers of protection and support to fight back.
How Wipfli can help
Is your company ready? Wipfli can help you find out. Our cybersecurity team can assess your risk and response plans. We can also create a managed security package to maximize protection within your budget. Learn more about our cybersecurity services.