Evolving Cyber Attacks in Today's Gen AI Era

By siliconindia  |  Friday, 23 February 2024, 15:13 IST

Evolving Cyber Attacks in Today's Gen AI Era

A seasoned management professional, Ajay has over 25 years of experience across diverse business functions, especially in the sales vertical. In a recent interaction with Siliconindia, Ajay Gupta, County Manager - India & SAARC, Netskope shared his insights on how recent tech advancements such as Gen AI are reshaping the cybersecurity arena for both organizations as well as cybercriminals. Read on to know more about this interesting topic

Throw some light on the evolution of cyber-attacks in recent times, especially with the emergence of Gen AI.

AI has been a core component of cybersecurity in recent years for security teams to improve the efficiency of their operations across critical functions such as threat detection, data protection or incident response. However, threat actors have also been using AI to improve their attack techniques and evade detection, but to a lesser extent than security professionals due to lack of proper skillset and training data. Generative AI is now changing this balance by making cybercriminals capable of designing more efficient malware, attacks, and more realistic social engineering & phishing campaigns. With organizations rushing to embed Gen AI assistants into their solutions and digital offerings, a whole new ecosystem and supply chain are emerging as potential targets for cyber criminals lately. 

AI-powered attacks are usually traditional attack patterns, but more automated, powerful, and conducted on a larger scale. Thus, it is paramount for organizations to adopt modern security standards across the board, from network monitoring and threat detection, to endpoint security, cloud security, and access control. Additionally, organizations experimenting with or developing Gen AI tools must be aware of the associated threats of threat actors being capable of altering LLMs’ behaviors to their benefits, or injecting malicious packages into supply chain and development environments.

What role do encryption and least privilege approach play in ensuring data security in a corporate environment?

By converting plain information into a coded format, encryption is key to helping protect sensitive data from unauthorized access, interception, and tampering. Not only should it be applied to stored data, but also to data transfer, business applications,  and various software & solutions that may be involved directly or indirectly in data hosting, sharing or management. There are different levels of encryption - some more secure than others - it is important to ensure that the encryption standards of the third-party vendors match with that of the organization while outsourcing any functions to them. Also, environments such as critical infrastructure or operational technology require tighter security standards, in-house data hosting, data centers and data lakes, all of which require proper encryption as well. 

Since most cyber incidents today are still the consequence of human error or malicious intents, organizations are increasingly taking the least privilege approach, which is part of the zero-trust cybersecurity strategy that saw widespread adoption with the onset of remote working practices during covid-19. As per the least privilege approach, employees’ (and their devices’) access to an organization’s resources, systems and information is restricted to only the resources necessary to complete their tasks and daily work, that too only for a limited time period. For example if a long-term employee’s account is compromised, those who took control of the account could access all the documents this employee was granted access to over the years, unless there was a time limit on this access. Additionally, by applying zero trust network access, organizations can manage access to company resources to a granular level, thus keeping the risk of data breaches as low as possible. 

Enlighten us about the importance of regular software updates and patch management in today’s rapidly evolving cybersecurity landscape.

Given the rapid rate at which cyber-attacks are evolving in recent times, timely patch management is critical especially for high-risk vulnerabilities. Since large organizations use thousands of apps, applying patches for all them is a challenging task. Since a few patches are more urgent than others, prioritization is key for such organizations to make sure vulnerabilities with the highest risk profiles are addressed first. May patches are automatically applied via software updates, but may require the user to enable the update or restart their computer, which is not always done in a timely manner. Studies have shown that a large amount of cyber incidents still happen because of such bad patch management practices.

How can organization ensure compliance with relevant cybersecurity regulations and standards?

Establishing a security or data compliance program is a heavy task, especially for multinational companies that need to be aware of all the security and privacy regulations applying to geographies where they operate, or their data or customer data may transit. Thus, enterprises are now relying heavily on technology vendors to design their solutions in a way that ensures compliance when they are implemented and used across different geographies. Furthermore, organizations wanting to shield themselves from non-compliance should identify the toughest privacy & security regulations across the globe and adopt umbrella cybersecurity & data protection standards that match those regulations. When expanding to a new country, chances are they will already be compliant, or if any adjustments are necessary, they will be minimal. Additionally, organizations can also consider hiring compliance experts to facilitate the process.

In your opinion, what are the top cybersecurity challenges organizations are expected to face in the coming days?

Cloud-related threats are widespread and likely to accelerate this year. Today, organizations are using an increasing amount of cloud applications, which is creating complex ecosystems to monitor and manage. Thus, threat actors are targeting such environments to deliver malware and infiltrate systems, as they know that many organizations still don’t have proper capabilities to monitor cloud traffic and detect threats coming from their cloud environments. Also, Generative AI tools are now enabling cybercriminals to craft much more personalized and targeted social engineering campaigns. Thus, it is critical for organizations to double down on education and awareness about social engineering among their staff, as employees are likely to be approached with more realistic and convincing cyber-attack campaigns.

ON THE DECK

siliconindia