The cybersecurity paradigm shift: AI is necessitating the need to fight fire with fire

The cybersecurity landscape in the Asia Pacific is one of the worst globally. The region leads the world with 31% of cyber-attacks suffered globally in 2022, according to IBM’s Security X-Force Threat Intelligence Index. Within the region, a Sophos study last year found that nearly two in three (64%) Indian organisations had a cyber-attack last year, experiencing greater ransom demands and recovery costs. 

Given that cyber-attacks are now a 'when' and not 'if' reality for businesses, the impact and risk of having business operations significantly disrupted, reputation damaged, and a collapse in customers’ trust is significant. In fact, the financial toll of a successful cyber-attack has the potential to reach over INR 179 million. 

For example, in 2022, the All India Institute of Medical Sciences (AIIMS), one of India’s largest hospital and medical research facilities, was hit by a ransomware attack. Attackers encrypted patient data and demanded a ransom payment of more than INR 83 million. This resulted in a delay in treatments and access to critical patient data.

Therefore, organisations need to not only place the highest importance on cybersecurity but aim higher to achieve cyber resilience: the ability to maintain business operations despite an adverse cyber event. Organisations need to prioritise their ability to rapidly respond and recover to mitigate the costly consequences of cyber incidents. 

AI has made threat actors more menacing

Cybersecurity experts face ever greater challenges as hackers exploit artificial intelligence (AI) to outsmart traditional cyber defences. The democratisation of AI through the widespread availability of large language models (LLMs) such as ChatGPT has lowered barriers to entry for cybercriminals by removing the need for technical expertise to launch cyberattacks. 

AI and machine learning (ML) also enable cybercriminals to create more sophisticated malware and automate cyber-attacks, which allows them to probe technology and IT infrastructure continuously until a vulnerability is found. Unlike a human, AI is relentless as it does not require time away from a computer or to be paid for delivering outcomes.

Two examples of LLM-based attack tools include WormGPT and FraudGPT, which have been advertised on dark web forums for less than INR50,000 annually. These tools have been used to produce malicious code at speed and to develop sophisticated phishing attack attempts, for malicious actors to trigger financial transactions or gain access to sensitive data.   

No alternative to cyber resilience

Organisations should be prepared for the worst-case scenario of a cyber-attack to establish cyber resilience. This involves being able to protect and secure data, detect cyber threats and attacks, and respond with automated data recovery processes. Each element is critical to ensuring an organization can maintain operational integrity under attack. 

However, the reality is that many organisations are unable to keep up. From the company's recent survey released in late January 2024, 79% of IT and security decision-makers said they did not have full confidence in their company’s cyber resilience strategy. Just 12% said their data security, management, and recovery capabilities had been stress tested in the six months prior to being surveyed. Meanwhile, 94% of respondents said their company would pay the ransom to recover data and restore business processes, despite 84% saying their company had a 'do not pay' policy.

To bolster cyber resilience, companies must integrate a robust combination of people, processes, and technology. Fostering a skilled workforce equipped to detect and respond to threats effectively starts with having employee education and training in place to keep pace with the rising sophistication of AI-driven phishing attacks. Streamlined processes allow consistent adherence to security regulations and enable prompt incident resolution. Companies must embrace AI and ML technologies to defend against increasingly automated and intelligent threats. These include:

• AI-enabled multifactor authentication (MFA): With MFA, organisations can protect themselves against password cracking or guessing attacks. When enhanced by AI, the protection offered by MFA can adjust authentication requirements or outright block a user’s access based on perceived risk levels such as changes in a user’s typing speed or if a user’s access strays beyond normal boundaries. 
• AI-enabled activity and behaviour tracking and systems monitoring: Through continuous analysis of activity logs, AI and ML can establish norms for both user and application behaviour. Against those established norms, both technologies can provide near real-time monitoring and identify suspicious activity such as failed login attempts, excessive file access, or other activities that indicate anomalous activity. 
• AI-enabled ransomware detection: AI and ML can run in the background and comb through vast amounts of data, analyse network traffic or file access, allowing organisations to spot the signs of an imminent attack - or even one in progress - and neutralise malware.
• AI-enabled backup data management: AI and ML optimise backup schedules based on critical data needs, usage patterns and seasonality. This includes identifying and retiring inactive data during the backup process. By discerning dormant data suitable for archiving, AI reduces recovery time, eliminates the unnecessary retrieval of unused information, and concurrently enhances efficiency while reducing storage costs.
• AI-Powered Search Assistants: When combined with the company’s backup data, AI can be used to assess an organisation’s cyber resilience. When planning for long-term strategies, it helps businesses overcome the manual task of data retrieval; instead, one question is enough to pull up insights from your stored data, analyse it, and identify vulnerabilities and the corresponding mitigation methods. 

With threat actors now being turbocharged by AI and ML, to more effectively and creatively collect ransom payments, organisations need to similarly bolster their data security capabilities and cyber resilience with AI and ML. In an era where technology is stretching beyond the capabilities of human speed, AI & ML-based technology helps empower organisations to counter evolving threats effectively and ensure they are well equipped to defend against malicious activities.

Authored by Sathish Murthy, Senior Systems Engineering Lead, Cohesity ASEAN & India