Redefining business innovation with AI

According to recent reports, 75 per cent of cyber security professionals have seen an increase in AI-powered cyber attacks over the past year, with 85 per cent attributing it to threat actors weaponising AI.

When large language models (LLMs) are given access to proprietary corporate data and equipped with the ability to make decisions and take actions, new attack surfaces are introduced that enable surprising new attack techniques. And oftentimes, cyber security defences become an afterthought.

As businesses continue to digitise their operations, traditional security measures may no longer suffice and the need for more robust cyber security measures become more pressing. How does digital innovation leave businesses susceptible to cyber attacks?

Third-party access leads to rapid rise in identity-based attacks

As enterprises modernise their IT infrastructure with GenAI technologies and methodologies, they are integrating not just AI and machine learning (ML) but also with third-party applications, contractors and outside services. Maintaining strict access control to sensitive networks, services, and applications becomes more challenging as more third-party partners, contractors and suppliers are used, increasing the risk of identity-based attacks. For example, attackers can use Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications like Microsoft Entra ID (formerly Azure ID).

Despite the estimated AU$7.3 billion spent on security and risk management products this year, 90 per cent of organisations have experienced identity attacks. With GenAI further providing new opportunities for adversaries to exploit vulnerabilities in identity-related systems to perpetrate ransomware, scams and business email compromise (BEC), organisations will continue to be targeted. It’s clear that current preventive security controls are not enough to fight GenAI-driven attacks. Companies need to consider alternate options like threat detection and response to close the widening exposure gap.

Lateral movement exposes hybrid cloud vulnerabilities

With hybrid attacks on the rise, the complexity of managing security in hybrid environments is daunting. Malicious actors are not just looking at social engineering traps but also vulnerabilities and misconfigurations. The biggest issue in the cloud is credential theft through repositories like GitHub or Bitbucket – when a developer mistakenly uploads the credentials, or if the cloud’s complexity leads to misconfigurations being used or abused.

VIEW ALL

Lateral movement in the hybrid world further amplifies the problem as threat actors “live off the land” using available tools and infrastructure to disguise themselves as legitimate users to obtain the necessary credentials to access sensitive data. Identity-based attacks correlate with lateral movement when new identities continue to be compromised as the attacker moves around a network. Monitoring how an identity has been compromised and maintaining visibility and a consistency of risk and control is critical. More so when most identities are contained in federated domains that don’t fully integrate with one another, creating blind spots for attackers to hide. GenAI tools can be abused to increase the speed of lateral movements. In the past, ransomware attacks used to take between eight to 14 days, but with Microsoft Copilot, this reconnaissance could take minutes instead of days.

Fighting AI threats with AI

Despite these challenges, GenAI presents an exciting opportunity to use AI technology to aid in the fight against cyber attacks. If businesses go back to basics, leverage proven security expertise, and create a robust foundation of security measures, they are well placed for innovation without the potential fallout. Key factors to consider include:

• Focus on basic TTPs: While cyber crime continues to grow, the threat vectors – potential pathways into the system – remain the same. Organisations should apply the same defence mechanisms while expanding their digital footprint and focus on basic techniques and tactics, procedures and protocols (TTPs) that can help prevent and remediate security incidents.
• Invest in security controls: A recent Proofpoint 2024 Voice of the CISO report cited human error topping cyber vulnerability threats. Social engineering is further used to exploit employees to hand over credentials to bad actors. Aside from up-to-date security training, organisations must tighten protocols for privilege control – ensuring users only have access to the data and functionality that they need to perform their roles to limit opportunities for leaks.
• Find solutions that leverage AI the right way: Defending against the unknown today requires a security solution that combines both security research and data science. Instant AI-driven remediation enables security teams to stop unauthorised behaviour, eliminate access and prevent breaches, application abuse, exfiltration and other damage, within minutes not months.
• Build out visibility, awareness and insights: Security teams need quick visibility and situational awareness across their environments to stay ahead of unusual activity they might not have noticed without enriched security insights. As we move into a cloud-native world, frameworks that deliver cloud telemetry specific to your cloud infrastructure are ideal. The MITRE ATT&CK framework uses patented AI to learn the behaviour of privileged users. By identifying what is normal and what isn’t, analysts have real-time visibility into their hybrid environments. This stops lateral movement and ransomware by detecting attackers before they do any damage.

As organisations get more innovative, so do attackers

The potential of GenAI to transform workforce productivity and boost innovation is more than just hype. As GenAI capabilities continue to evolve, it will advance security tools, improve threat intelligence and transform security operations centres. Security leaders must adopt AI as part of their defence and response strategies to ensure they remain resilient, agile and one step ahead of cyber attackers.

About the author: Chris Fisher is the regional director for Australia and New Zealand at Vectra AI.

Responsible for leading business growth for Vectra AI across Australia and New Zealand, Chris is focused on ensuring Vectra’s customers have the security foundation required to embrace new technology and lines of business, allowing them to digitally transform while reducing business risk and improving their security posture. Chris has more than 20 years of cyber security experience from practitioner through to strategic adviser for large organisations.