Cyber Talk – The Threats of AI

Summary

The cybersecurity landscape is marked by emerging threats that pose significant challenges to organisations and critical infrastructure. While offering transformative benefits in cybersecurity, Artificial Intelligence (AI) and Machine Learning (ML) are also being exploited by threat actors to automate sophisticated attacks. AI-powered threats such as phishing campaigns and deepfakes have surged to unprecedented levels, making them difficult to detect and mitigate effectively. Moreover, the use of AI tools by malicious actors, including the generation of malicious code, has contributed to the proliferation of cyber threats.

Introduction

As we navigate through 2024, the cybersecurity landscape continues to evolve at an unprecedented pace. This article aims to shed light on the emerging cybersecurity threats of this year and their implications on critical infrastructure and new developments.

AI-Powered Threats

AI has seeped into organisations looking to improve and accelerate their business processes. This is problematic because of the nature of AI and ML and its advanced ability to learn and adapt according to human input. On one hand, it can be used as a tool to transform organisational cybersecurity, with the ability to provide cybersecurity recommendations and data analysis and insights which organisations can change use as actionable insights. On the other hand, AI and ML are being leveraged by threat actors to automate attacks on a frighteningly efficient rate.

AI is capable of task automation, data analysis, image generation, text generation and pattern recognition, naming a few of its capabilities. In 2024, sophisticated AI techniques such as phishing campaigns and deepfakes have risen to unprecedented levels. It is difficult to detect and mitigate these risks. Certain AI tools have also given rise to script kiddies due to AI’s ability to generate malicious code. These have created new challenges to organisational cybersecurity.

Surge in Third-Part Data Breaches

Beyond AI, data breaches will only increase moving forward. There have already been nine major data breaches this year. Many of these breaches came from third party vendors and backdoors into internal systems, commonly referred to as supply chain attacks. Due to the general nature of most organisations utilising external software vendors to assist in operations, it is difficult for most CIOs to track and manage large SaaS portfolios. If a core third-party vendor is compromised, any unprepared company can suffer major financial, operational, regulatory, and reputational damage.

The third-party breaches from MOVEit and Okta in 2023 had crippling effects on all clients using their software. It is projected that the previous increase of 72% of global data breaches from 2022 to 2023 will be exceeded in 2024.

Conclusions

In conclusion, the cybersecurity landscape in 2024 is characterised by dynamic and evolving threats, driven in part by the proliferation of AI-powered attacks and the surge in third-party data breaches. While AI and ML technologies offer promising solutions for cybersecurity enhancement, they are also leveraged by malicious actors to automate and intensify cyber threats. The prevalence of sophisticated AI techniques like phishing campaigns and deepfakes underscores the challenges organisations face in detecting and mitigating these risks effectively. Furthermore, the rise in third-party data breaches highlights the interconnected nature of cybersecurity vulnerabilities, especially with the reliance on external software vendors.