Artificial intelligence (AI) is already changing the digital world, with Internet of Things (IoT) and operational technology (OT) devices flooding homes, workplaces, and nearly every aspect of daily life. Along with many benefits, including greatly improved cybersecurity [link to the previous post about AI as a security tool], AI has a dark side. Cybercriminals are employing AI tactics and automation, machine learning, and agile software development to more quickly and effectively discover and exploit security vulnerabilities.
How Cybercriminals Are Using AI
Cybersecurity professionals are harnessing the power of AI employing, for example, AI-based advanced analytics solutions to protect their organizations. At the same time, cybercriminals are using AI-based counterattack solutions that are capable of bypassing, say, advanced anti-phishing URL blockers. It’s basically an arms race.
A recent report developed by 26 academic experts from 14 bodies ranging from academic institutions to industry and civil society organizations documented the threatscape created by malicious use of AI:
The increased capabilities of AI mean that existing attacks will be expanded, bypassing the current manual level of intelligence and experience required of successful attackers.
Cybercriminals will use AI for undertakings that are, literally, not humanly possible, introducing attack tactics that have not yet been attempted. New attacks will be very difficult to detect, expertly targeted, and dangerously effective.
AI-based attacks will take advantage of advanced techniques such as speech impersonation, automated hacking, and data poisoning of cybersecurity AI-based systems to threaten digital security.
And these are just a few of the many ways cybercriminals are arming themselves with the power of AI. So what can any security-conscious organization do to protect themselves?
Keeping One Step Ahead
Although the outlook seems bleak when faced with the potential dangers introduced by nefarious AI applications, it is important to remember that the good guys have the same access to AI tools and functionality as the bad guys. And one of the best ways to stay one step ahead is to attack like you’re one of them. Well done, penetration testing can identify exploitable vulnerabilities and provide clear guidance on how to improve your company’s security posture. The predicted AI threats are just the beginning, but with an attack-minded approach, companies can use similar tactics to keep their data secure.