Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label AI Attacks. Show all posts
Risk Management
AI Attacks AI Policy AI Risks Company Security Cyber Safety Cyber Security Cybersecurity Crisis Risk Management

Addressing AI Risks: Best Practices for Proactive Crisis Management

 

An essential element of effective crisis management is preparing for both visible and hidden risks. A recent report by Riskonnect, a risk management software provider, warns that companies often overlook the potential threats associated with AI. Although AI offers tremendous benefits, it also carries significant risks, especially in cybersecurity, which many organizations are not yet prepared to address. The survey conducted by Riskonnect shows that nearly 80% of companies lack specific plans to mitigate AI risks, despite a high awareness of threats like fraud and data misuse. 

Out of 218 surveyed compliance professionals, 24% identified AI-driven cybersecurity threats—like ransomware, phishing, and deepfakes — as significant risks. An alarming 72% of respondents noted that cybersecurity threats now severely impact their companies, up from 47% the previous year. Despite this, 65% of organizations have no guidelines on AI use for third-party partners, often an entry point for hackers, which increases vulnerability to data breaches. Riskonnect’s report highlights growing concerns about AI ethics, privacy, and security. Hackers are exploiting AI’s rapid evolution, posing ever-greater challenges to companies that are unprepared. 

Although awareness has improved, many companies still lag in adapting their risk management strategies, leaving critical gaps that could lead to unmitigated crises. Internal risks can also impact companies, especially when they use generative AI for content creation. Anthony Miyazaki, a marketing professor, emphasizes that while AI-generated content can be useful, it needs oversight to prevent unintended consequences. For example, companies relying on AI alone for SEO-based content could risk penalties if search engines detect attempts to manipulate rankings. 

Recognizing these risks, some companies are implementing strict internal standards. Dell Technologies, for instance, has established AI governance principles prioritizing transparency and accountability. Dell’s governance model includes appointing a chief AI officer and creating an AI review board that evaluates projects for compliance with its principles. This approach is intended to minimize risk while maximizing the benefits of AI. Empathy First Media, a digital marketing agency, has also taken precautions. It prohibits the use of sensitive client data in generative AI tools and requires all AI-generated content to be reviewed by human editors. Such measures help ensure accuracy and alignment with client expectations, building trust and credibility. 

As AI’s influence grows, companies can no longer afford to overlook the risks associated with its adoption. Riskonnect’s report underscores an urgent need for corporate policies that address AI security, privacy, and ethical considerations. In today’s rapidly changing technological landscape, robust preparations are necessary for protecting companies and stakeholders. Developing proactive, comprehensive AI safeguards is not just a best practice but a critical step in avoiding crises that could damage reputations and financial stability.
Read more »
security leaders
AI Attacks AI cybersecurity CISO Cyber Security Cyberattack threats Ransomwares security leaders

The Cybersecurity Burnout Crisis: Why CISOs Are Considering Quitting

 

Cybersecurity leaders are facing unprecedented stress as they battle evolving threats, AI-driven cyberattacks, and ransomware. A recent BlackFog study reveals that 93% of CISOs considering leaving their roles cite overwhelming job demands and mental health challenges. Burnout is driven by long hours, a reactive security environment, and the increasing complexity of threats. Organizations must prioritize support for their security teams through flexible work options, mental health resources, and strategic planning to mitigate burnout and retain talent. 

The Rising Pressure on Cybersecurity Leaders The role of the Chief Information Security Officer (CISO) has drastically evolved. They now manage increasingly sophisticated cyberthreats, such as AI-driven attacks and ransomware, in an era where data security is paramount. The workload has increased to unsustainable levels, with 98% of CISOs working beyond contracted hours. The average CISO adds 9 hours a week, and some are clocking over 16 hours extra. This overwork is contributing to widespread burnout, with 25% of CISOs actively considering leaving their roles due to overwhelming stress. The high turnover in this field exacerbates existing security vulnerabilities, as experienced leaders exit while threats grow more sophisticated. 

CISOs face ever-evolving cyberthreats, such as AI-powered attacks, which are particularly concerning for 42% of respondents. These threats use advanced machine learning algorithms to bypass traditional security measures, making them hard to detect and neutralize. Additionally, ransomware is still a major concern, with 37% of CISOs citing it as a significant stressor. The combination of ransomware and data exfiltration forces organizations to defend against attacks on multiple fronts. These heightened risks contribute to a work environment where cybersecurity teams are continually reactive, always “putting out fires” rather than focusing on long-term security strategies. This cycle of incident response leads to burnout and further stress. 

Burnout doesn’t just affect productivity; it also impacts the mental health of CISOs and security teams. According to the study, 45% of security leaders admit to using drugs or alcohol to cope with stress, while 69% report withdrawing from social activities. Although some prioritize physical health—86% allocate time for exercise—many CISOs are still struggling to maintain work-life balance. The emotional toll is immense, with security professionals experiencing the pressure to protect their organizations from increasing cyberthreats while facing a lack of sufficient resources and support. 

To combat the burnout crisis and retain top talent, organizations must rethink their approach to cybersecurity management. Offering flexible work hours, remote work options, and additional mental health resources can alleviate some of the pressure. Companies must also prioritize long-term security planning over constant reactive measures, allowing CISOs the bandwidth to implement proactive strategies. By addressing these critical issues, businesses can protect not only their security infrastructure but also the well-being of the leaders safeguarding it.
Read more »
Singapore
AI Attacks AI technology CSA Cyber Attacks Cyber Phishing Deepfake Singapore

The Rise of AI: New Cybersecurity Threats and Trends in 2023

 

The rise of artificial intelligence (AI) is becoming a critical trend to monitor, with the potential for malicious actors to exploit the technology as it advances, according to the Cyber Security Agency (CSA) on Tuesday (Jul 30). AI is increasingly used to enhance various aspects of cyberattacks, including social engineering and reconnaissance. 

The CSA’s Singapore Cyber Landscape 2023 report, released on Tuesday, highlights that malicious actors are leveraging generative AI for deepfake scams, bypassing biometric authentication, and identifying vulnerabilities in software. Deepfakes, which use AI techniques to alter or manipulate visual and audio content, have been employed for commercial and political purposes. This year, several Members of Parliament received extortion letters featuring manipulated images, and Senior Minister Lee Hsien Loong warned about deepfake videos misrepresenting his statements on international relations.  

Traditional AI typically performs specific tasks based on predefined data, analyzing and predicting outcomes but not creating new content. This technology can generate new images, videos, and audio, exemplified by ChatGPT, OpenAI’s chatbot. AI has also enabled malicious actors to scale up their operations. The CSA and its partners analyzed phishing emails from 2023, finding that about 13 percent contained AI-generated content, which was grammatically superior and more logically structured. These AI-generated emails aimed to reduce logical gaps and enhance legitimacy by adapting to various tones to exploit a wide range of emotions in victims. 

Additionally, AI has been used to scrape personal identification information from social media profiles and websites, increasing the speed and scale of cyberattacks. The CSA cautioned that malicious actors could misuse legitimate research on generative AI’s negative applications, incorporating these findings into their attacks. The use of generative AI adds a new dimension to cyber threats, making it crucial for individuals and organizations to learn how to detect and respond to such threats. Techniques for identifying deepfakes include evaluating the message, analyzing audio-visual elements, and using authentication tools. 

Despite the growing sophistication of cyberattacks, Singapore saw a 52 percent decline in phishing attempts in 2023 compared to the previous year, contrary to the global trend of rising phishing incidents. However, the number of phishing attempts in 2023 remained 30 percent higher than in 2021. Phishing continues to pose a significant threat, with cybercriminals making their attempts appear more legitimate. In 2023, over a third of phishing attempts used the credible-looking domain “.com” instead of “.xyz,” and more than half of the phishing URLs employed the secure “HTTPS protocol,” a significant increase from 9 percent in 2022. 

The banking and financial services, government, and technology sectors were the most targeted industries in phishing attempts, with 63 percent of the spoofed organizations belonging to the banking and financial services sector. This industry is frequently targeted because it holds sensitive and valuable information, such as personal details and login credentials, which are highly attractive to cybercriminals.
Read more »
threat report
AI Attacks AI Phishing Cyber Attacks Cyber Phishing Deepfake Phishing Phishing Attacks SEG threat report

Modern Phishing Attacks: Insights from the Egress Phishing Threat Trends Report

 

Phishing attacks have long been a significant threat in the cybersecurity landscape, but as technology evolves, so do the tactics employed by cybercriminals. The latest insights from the Egress Phishing Threat Trends Report shed light on the sophistication and evolution of these attacks, offering valuable insights into the current threat landscape. 

One notable trend highlighted in the report is the proliferation of QR code payloads in phishing emails. While QR code payloads were relatively rare in previous years, they have seen a significant increase, accounting for 12.4% of attacks in 2023 and remaining at 10.8% in 2024. This shift underscores the adaptability of cybercriminals and their ability to leverage emerging technologies to perpetrate attacks. 

In addition to QR code payloads, social engineering tactics have also become increasingly prevalent in phishing attacks. These tactics, which involve manipulating individuals into divulging sensitive information, now represent 19% of phishing attacks. 

Moreover, phishing emails have become over three times longer since 2021, likely due to the use of generative AI to craft more convincing messages. Multi-channel attacks have also emerged as a prominent threat, with platforms like Microsoft Teams and Slack being utilized as the second step in these attacks. Microsoft Teams, in particular, has experienced a significant increase in usage, with a 104.4% rise in 2024 compared to the previous year. This trend highlights the importance of securing not just email communications but also other communication channels within organizations. 

Another concerning development is the use of deepfakes in phishing attacks. These AI-generated audio and video manipulations have become increasingly sophisticated and are being used to deceive victims into disclosing sensitive information. The report predicts that the use of deepfakes in cyberattacks will continue to rise in the coming years, posing a significant challenge for defenders. Despite advancements in email security, many phishing attacks still successfully bypass Secure Email Gateways (SEGs). Obfuscation techniques, such as hijacking legitimate hyperlinks and masking phishing URLs within image attachments, are commonly used to evade detection. This highlights the need for organizations to implement robust security measures beyond traditional email filtering solutions. 

Furthermore, the report identifies millennials as the top targets for phishing attacks, receiving 37.5% of phishing emails. Industries such as finance, legal, and healthcare are among the most targeted, with individuals in accounting and finance roles receiving the highest volume of phishing emails. As cybercriminals continue to innovate and adapt their tactics, organizations must remain vigilant and proactive in their approach to cybersecurity. 

This includes implementing comprehensive security awareness training programs, leveraging advanced threat detection technologies, and regularly updating security policies and procedures. 

The Egress Phishing Threat Trends Report provides valuable insights into the evolving nature of phishing attacks and underscores the importance of a multi-layered approach to cybersecurity in today's threat landscape. By staying informed and proactive, organizations can better protect themselves against the growing threat of phishing attacks.
Read more »
Supply Chain
AI Attacks Cyber Security Cyber Security awareness digital safety Information Security Online Privacy Supply Chain

Safeguarding Your Digital Future: Navigating Cybersecurity Challenges

 

In the ever-expanding realm of technology, the omnipresence of cybercrime casts an increasingly ominous shadow. What was once relegated to the realms of imagination has become a stark reality for countless individuals and businesses worldwide. Cyber threats, evolving in sophistication and audacity, have permeated every facet of our digital existence. From cunning phishing scams impersonating trusted contacts to the debilitating effects of ransomware attacks paralyzing entire supply chains, the ramifications of cybercrime reverberate far and wide, leaving destruction and chaos in their wake. 

Perhaps one of the most alarming developments in this digital arms race is the nefarious weaponization of artificial intelligence (AI). With the advent of AI-powered attacks, malevolent actors can orchestrate campaigns of unparalleled scale and complexity. Automated processes streamline malicious activities, while the generation of deceptive content presents a formidable challenge even to the most vigilant defenders. As adversaries leverage the formidable capabilities of AI to exploit vulnerabilities and circumvent traditional security measures, the imperative for proactive cybersecurity measures becomes ever more pressing. 

In this rapidly evolving digital landscape, the adoption of robust cybersecurity measures is not merely advisable; it is indispensable. The paradigm has shifted from reactive defense mechanisms to proactive strategies aimed at cultivating a culture of awareness and preparedness. Comprehensive training and continuous education serve as the cornerstones of effective cybersecurity, empowering individuals and organizations to anticipate and counter emerging threats before they manifest. 

For businesses, the implementation of regular security training programs is essential, complemented by a nuanced understanding of AI's role in cybersecurity. By remaining abreast of the latest developments and adopting proactive measures, organizations can erect formidable barriers against malicious incursions, safeguarding their digital assets and preserving business continuity. Similarly, individuals can play a pivotal role in fortifying our collective cybersecurity posture through adherence to basic cybersecurity practices. 

From practicing stringent password hygiene to exercising discretion when sharing sensitive information online, every individual action contributes to the resilience of the digital ecosystem. However, the battle against cyber threats is not a static endeavor but an ongoing journey fraught with challenges and uncertainties. As adversaries evolve their tactics and exploit emerging technologies, so too must our defenses adapt and evolve. The pursuit of cybersecurity excellence demands perpetual vigilance, relentless innovation, and a steadfast commitment to staying one step ahead of the ever-evolving threat landscape. 

The spectrum of cybercrime looms large in our digital age, presenting an existential threat to individuals, businesses, and society at large. By embracing the principles of proactive cybersecurity, fostering a culture of vigilance, and leveraging the latest technological advancements, we can navigate the treacherous waters of the digital domain with confidence and resilience. Together, let us rise to the challenge and secure a safer, more resilient future for all.
Read more »
Nation-State Attacks
AI Attacks business risks Cyber Security Machine learning Nation-State Attacks

How to Shield Businesses from State-Sponsored AI Attacks

 

In cybersecurity, artificial intelligence is becoming more and more significant, both for good and bad. The most recent AI-based tools can help organizations better identify threats and safeguard their systems and data resources. However, hackers can also employ the technology to carry out more complex attacks. 

Hackers have a big advantage over most businesses because they can innovate more quickly than even the most productive enterprise, they can hire talent to develop new malware and test attack techniques, and they can use AI to change attack strategies in real time. 

The market for AI-based security products has also helped malicious hackers to target businesses frequently. According to a report published in July 2022 by Acumen Research and Consulting, the global market had a value of $14.9 billion in 2021 and was expected to grow to $133.8 billion by 2030.

Nation-states and hackers: A lethal combination 

Weaponized AI attacks are inevitable, according to 88% of CISOs and security executives, and for good reason. A recent Gartner survey showed that only 24% of cybersecurity teams are fully equipped to handle an AI-related attack. Nation-states and hackers are aware that many businesses are understaffed and lack the knowledge and resources necessary to defend against such attacks in the form of AI and machine learning. Only 1% of 53,760 cybersecurity applicants in Q3 2022 had AI skills. 

Major corporations are aware of the cybersecurity skills shortage and are working to address it. Microsoft, for example, is currently running a campaign to assist community colleges in expanding the industry's workforce. 

The ability of businesses to recruit and keep cybersecurity experts with AI and ML skills contrasts sharply with how quickly nation-state actors and cybercriminal gangs are expanding their AI and ML teams. According to the New York Times, the Department 121 cyberwarfare unit of the elite Reconnaissance General Bureau of the North Korean Army has about 6,800 members total, including 1,700 hackers spread across seven different units and 5,100 technical support staff. 

According to South Korea's spy agency, North Korea's elite team stole an estimated $1.2 billion in cryptocurrency and other virtual assets over the last five years, with more than half of it stolen this year alone. Since June 2022, North Korea has also weaponized open-source software in its social engineering campaigns aimed at businesses all over the world. 

North Korea's active AI and ML recruitment and training programs aim to develop new techniques and technologies that weaponize AI and ML in order to fund the country's nuclear weapons programs. 

In a recent Economist Intelligence Unit (EIU) survey, nearly half of respondents (48.9%) named AI and machine learning as emerging technologies that would be most effective in countering nation-state cyberattacks on private organizations. 

Cybercriminal gangs pursue their enterprise targets with the same zeal as the North Korean Army's Department 121. Automated phishing email campaigns, malware distribution, AI-powered bots that continuously scan an enterprise's endpoints for vulnerabilities and unprotected servers, credit card fraud, insurance fraud, and generating deepfake identities are all current tools, techniques, and technologies in cybercriminal gangs' AI and ML arsenals. 

Hackers and nation-states are increasingly using this tactic to target the flaws in AI and ML models built to detect and prevent breach attempts. One of the methods used to lessen the effectiveness of AI models created to predict and prevent data exfiltration, malware delivery, and other things is data poisoning. 

How to safeguard your AI 

What can the company do to safeguard itself? The three essential actions to take right away, in the opinion of Great Learning's Akriti Galav and SEO expert Saket Gupta, are: 

  • Maintain the most stringent security procedures possible throughout the entire data environment. 
  • Make sure an audit trail is created with a log of every record related to every AI operation. 
  • Implement reliable authentication and access control. 

Additionally, businesses should pursue longer-term strategic objectives, such as creating a data protection policy specifically for AI training, educating their staff about the dangers of AI and how to spot flawed results, and continuing to operate a dynamic, forward-looking risk assessment mechanism.

No digital system, no matter how intelligent, can be 100% secure. The enterprise needs to update its security policies to reflect this new reality now rather than waiting until the damage is done because the risks associated with compromised AI are more subtle but no less serious than those associated with traditional platforms.
Read more »
Subscribe to: Posts (Atom)