Human brainpower is no match for hackers unleashing digital smash-and-grab attacks powered by artificial intelligence using email hoaxes. As a result, cyber security protection must be guided by AI solutions that know hackers’ strategies better than they do.

This approach to fighting AI with better AI emerged as an ideal strategy in research conducted in March by cyber firm Darktrace to sniff out insights into human behavior around email. The survey reaffirmed the need for new cyber tools to combat AI-driven hacker threats targeting businesses.

The study sought a better understanding of how employees react to potential security threats globally. It also underscored their growing knowledge of the need for better email security.

Darktrace’s global survey of 6,711 employees in the US, UK, France, Germany, Australia and the Netherlands found respondents experienced a 135% increase in “new social engineering attacks” across thousands of active Darktrace email subscribers from January to February 2023 . The results were consistent with the widespread adoption of ChatGPT.

These novel social engineering attacks use sophisticated linguistic techniques, including increasing the amount of text, punctuation, and sentence length without any links or enclosures. The trend suggests that generative AI, such as ChatGPT, is providing an opportunity for threat actors to devise sophisticated and targeted attacks at speed and scale, according to the researchers.

According to Max Heinemeier, Chief Product Officer of Darktrace, one of the three most important findings from the research is that most employees are concerned about the threat of AI-generated emails.

“This is not surprising, as these emails are often indistinguishable from legitimate communications and some of the signs that employees commonly look for a ‘fake’ include signs such as poor spelling and grammar, which may be helpful in bypassing chatbots. Proving to be extremely efficient.” told TechNewsWorld.

Research Highlights

Darktrace asked retail, catering and leisure companies how concerned they are if hackers could use generative AI to create scam emails that are indistinguishable from real communications. Eighty-two percent said they are worried.

More than half of all respondents indicated their awareness of what employees think is an email that is a phishing attack. The top three included invitations to click on a link or open an attachment (68%), unknown senders or unexpected content (61%), and poor use of spelling and grammar (61%).

This is significant and troubling, as 45% of Americans surveyed noted that they had been the victim of a fraudulent email, according to Heinemeyer.

“It is unsurprising that employees are concerned about their ability to verify the legitimacy of email communications in a world where AI chatbots are increasingly able to mimic real-world conversations and generate emails that contain phishing attack information.” All the usual signs are lacking, such as malicious links or attachments,” he said.

Other key results of the survey include the following:

  • 70% of global employees have seen an increase in the frequency of scam emails and texts over the past six months
  • 87% of global workers are concerned about the amount of personal information about themselves available online that could be used in phishing and other email scams
  • 35% of respondents have tried ChatGPT or other general AI chatbots

human error guardrail

The wider reach of generative AI tools like ChatGPT and the increasing sophistication of nation-state actors means email scams are more credible than ever, noted Heinemeyer.

Innocent human error and threats from within remain an issue. Misdirecting an email is a risk for every employee and every organization. Nearly two out of five people have sent an important email to the wrong recipient with a similar-looking surname, either by mistake or because of autocomplete. This error rises to more than half (51%) in the financial services industry and 41% in the legal sector.

Regardless of the fault, such human errors add another layer of security risk that is not malicious. A self-learning system can spot this error before sensitive information is shared incorrectly.

In response, Darktrace unveiled a significant update to its globally deployed email solution. This helps strengthen email security tools as organizations continue to rely on email as their primary collaboration and communication tool.

“Email security tools that rely on knowledge of past threats are failing to future-proof organizations and their people against email threats,” he said.

Darktrace’s latest email capability includes behavioral detection for misdirected emails that prevent intellectual property or confidential information from being sent to the wrong recipient, according to Heinemeyer.

AI Cyber ​​Security Initiative

By understanding what’s normal, AI security can determine what doesn’t belong in a particular person’s inbox. Email protection systems often get it wrong, with 79% of respondents saying their company’s spam/security filters wrongfully block important legitimate email from reaching their inboxes.

With a deep understanding of the organization and how the individuals within it interact with their inbox, AI can determine for each email whether it is suspicious and should be acted upon or if it is legitimate and should be left untouched.

“Tools that work from knowledge of historical attacks will be no match for AI-generated attacks,” Heinemeyer offered.

Analysis of the attack shows significant linguistic deviations – both semantically and syntactically – compared to other phishing emails. This leaves little doubt that traditional email security tools, which operate from knowledge of historical threats, will fall short in picking up on the subtle indicators of these attacks, he explained.

Reinforcing this, research from Darktrace has shown that email security solutions, which include native, cloud and static AI tools, take an average of 13 days from the time a victim is attacked until the breach is detected.

“That leaves defenders vulnerable for about two weeks if they rely solely on these tools. AI defense that understands the business will be critical to detecting these attacks,” he said.

Need for AI-Human Partnership

Heinemeyer believes that the future of email security lies in a partnership between AI and humans. In this arrangement, algorithms are responsible for determining whether a communication is malicious or benign, thereby shifting the burden of responsibility away from humans.

“Training on good email security practices is important, but will not be enough to stop AI-generated threats that look like perfectly benign communications,” he warned.

One of the revolutions AI is enabling in the email space is a deeper understanding of “you”. Rather than trying to predict attacks, your understanding of employees’ behavior should be determined based on their email inbox, their relationships, tone of voice, emotions and hundreds of other data points, he argued.

“By leveraging AI to address email security threats, we not only mitigate risk but revitalize organizational trust and contribute to business outcomes. In this scenario, humans are freed up to operate at higher level, more strategic practices,” he said.

Not an insurmountable cyber security problem

The threat of offensive AI on the defensive side has been researched for a decade. Attackers will inevitably use AI to enhance their operations and maximize ROI, noted Heinemeyer.

“But it’s not something we would consider impossible from a defense perspective. The irony is that generative AI may screw up the social engineering challenge, but AI that knows you can parry,” he predicted.

Darktrace tests aggressive AI prototypes against the company’s technology to continually test the efficacy of its defenses in advance of this inevitable evolution in the attack landscape. The company is confident that AI coupled with deep business understanding will be the most powerful way to combat these threats as they continue to evolve.

According to Forrester Research, the global rising tide of cyber threats from nation-states should be a red flag for private sector security leaders across all industries to prepare for more frequent and brazen attacks in the future.

To help companies prepare for the changing nation-state attack landscape, Forrester unveiled a new model on March 2 that will defend itself and prepare for an expected attack to comply with regulations.

Ellie Mellon, Forrester senior analyst and lead author of the report, pointed out that 40% of cyber operations reported by country target the private sector. State-sponsored attacks have increased by nearly 100% between 2019 and 2022, and their nature has changed – with more being carried out for data destruction, denial of service and financial theft than in previous years.

The Forester model is built on three stages.

First, understand how nation-states attack organizations. A good starting point is the nation-state escalation ladder available in the model.

“It’s a wise approach,” said Erich Krone, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.

“Ultimately, for the victim, does it really matter which actor is responsible for the attack that steals money or sensitive information?” He asked.

Crone told TechNewsWorld, “Focusing on how these attacks are being carried out, especially as cybercrime groups mature, is more important for most organizations than worrying about the source. “

“Being aware that you may be a target is important, however, and planning should be a part of the threat model,” he added.

threat modeling

Second, build threat models based on organization-specific nation-state threats.

“Threat models for geopolitical actors are the living context of who, what, where, when, why and how nation-state attackers target your organization,” the report said. “They help predict future attacker activity, close visibility and detection intervals, plan for future market moves, and provide a solid context for executive discussions.”

“Proper threat modeling is absolutely critical when talking about nation-state actors,” said Alexis Dorais-Jonkas, senior manager of threat research at Proofpoint, an enterprise security company in Sunnyvale, California.

“An organization that wants to enhance its defense must determine that hundreds of state-sponsored actors are targeting them. Then it must prioritize measures to counter those threats,” Dorais-Jonkas told TechNewsWorld.

The third step is to get involved in influencing the narrative around cyber security. To do this, security leaders need to know what the security requirements of the government jurisdiction for their business are; managing its relationship with the government through means such as information sharing; be prepared for geopolitical events ahead of time; and influence legislative proposals before they become rules.

Report joining forces with others in the industry to gain some power in the legislative process and inform board members of what is being done about threats to the nation-state before asking about the situation Also recommend doing.

need a strong foundation

“I think the Forrester approach is headed in a good direction,” said James Lively, an endpoint security research specialist at Tanium, an endpoint management provider in Kirkland, Wash.

However, he added that for the model to be effective, it must be built on top of an already strong foundation. “If your company is facing challenges maintaining compliance or patch efficacy schedules, most models are already ineffective,” Lively told TechNewsWorld.

Morgan Dembowski, a cyber threat intelligence analyst with IronNet, a network security company in McLean, Va., called Forrester’s model a “smart approach” to tackling the nation-state problem.

“It’s important to take a strategic and informed approach when defending against country-state attacks,” Demboski told TechNewsWorld.

He further added, “Cyber ​​activity and strategic objectives of nation-state threat actors continue to demonstrate the interconnection between the geopolitical and cyber threat landscape, requiring governmental actions and policies to assess their potential impacts in the cyber domain.” highlights the importance of tracking international relations.”

“It is important to prepare for organization-specific activity because the threats faced by different businesses are multidimensional and differ between sectors and regions,” he added.

the attacks don’t go away

Robert Hughes, chief information security officer at RSA, a cybersecurity company in Bedford, Mass., said the Forrester model appears to be very prudent advice.

“It comes down to knowing the risk level of your business,” Hughes told TechNewsWorld. “While on some level this is like trying to protect your home from a missile attack, a solid framework to start thinking through is the questions and discussion points you need to consider as a business to consider your risks. should be aware of and begin to address them using a multi-pronged strategy.”

“The nation-state attacks are not stopping,” he continued. “They are increasing in volume and capacity, and we should expect to see more of this over the next few years.”

While Forrester’s approach is good, it’s nothing new, said Mike Parkin, a senior technical engineer at Vulkan Cyber, a provider of SaaS for enterprise cyber risk remediation in Tel Aviv, Israel.

“It’s a very similar idea the cybersecurity community and businesses, in general, have been pursuing over the years, with added awareness of state-level threat actors,” Parkin told TechNewsWorld.

“It reinforces those ideas, though, and that’s a good thing,” he said.

unnecessary distraction

While agreeing that organizations need to protect themselves from all attacks and aware of how and to whom reports of attacks should be submitted, the scope of threats to the nation-state can be enormous, said Todd Carroll, senior vice president of cyber operations at SiebelAngel, a threat intelligence company in Paris.

“You’ll be going around in circles trying to think of every nation-state and organized team and method of attack,” Carroll told TechNewsWorld. “China alone has dozens of state-sponsored teams attacking verticals in various ways and for various reasons.”

“You don’t have time to figure out ‘why,’ but you need to spend your limited resources on protecting access, knowing your attack surface, and tracking your critical data,” he said.

Claude Mandy, chief evangelist for data security at Symmetry Systems in San Francisco, a provider of hybrid cloud data security solutions, however, was skeptical of the Forrester model.

Mandy told TechNewsWorld, “In an industry struggling to deal with less sophisticated attackers and basic attacks, a nation-state-specific threat model can be perceived as an unnecessary distraction for organizations most vulnerable to threats.” Would benefit from getting the basics down first.”

“Rather than investing in cyber security controls to attempt to thwart a sophisticated attacker like a nation-state, we prefer to encourage organizations to prioritize their cyber security on what matters most to them – their data – rather than starting with the threats and trying to guess the attackers,” he said.

A recent gathering of global cybersecurity professionals has unearthed the latest attack scenarios that hackers use to infiltrate corporate networks. But contrary to the hopes of misguided potential victims, no silver bullet or software guarantee will completely protect them.

RSA Conference (RSAC) presenters focused on increasing demand for implementing the zero-trust philosophy. Presenters urged network managers to educate their employees about digital identity proofing. This includes securing the data points needed to practically spread digital ID proofing solutions.

Another major cause of network breaches is organizations integrating their on-premises environments into their cloud environments. This makes the cloud prone to various on-premise generated attacks.

“The RSA Conference plays a vital role in bringing the cyber security industry closer together. As cyber attacks grow in frequency and sophistication, it is imperative that public and private sector practitioners and experts are able to address today’s greatest challenges. Be called upon to hear unique perspectives to help,” commented RSA Conference Vice President Linda Gray Martin.

RSAC provides a year-round platform for the community to engage with, learn from and access cyber security content. That process is available online and at in-person events.

According to the RSAC, better cyber security will come only with a greater focus on threat hunting activities along with authentication, identity and access management.

head in charge

RSA Federal President Kevin Orr oversees the deployment of security, specifically identity access management tools, for federal and commercial customers. His company has its roots in the early days of cybersecurity security.

At this year’s RSA conference and related Public Sector Day, he had the opportunity to speak with leaders in the government and enterprise cybersecurity sector. He discussed his comments on the state of cyber security with TechNewsWorld.

RSA Federal is an identity and access management (IAM) solutions firm that began as a cybersecurity section within Dell Computer Company. Today, it has contracts with some of the most security-sensitive organizations in the world.

Important among the tech firm now known as RSA Federal LLC and the name of one of the leading encryption technology algorithms. RSA provides security services and solutions to customers throughout the federal public sector ecosystem.

RSA is a public-key encryption technology developed by RSA Data Security, which was founded in 1982 to commercialize the technology. The acronym Rivest stands for Shamir and Edelman, the three MIT cryptographers who developed RSA public key cryptography.

long-standing convention roots

A series of RSA company sales have positioned it to capitalize on a growing need for cybersecurity specialists. Security Dynamics bought the company in 1982. Dell later acquired RSA from EMC in 2006. A consortium of private equity investors led by Symphony Technology Group bought RSA from Dell in 2020.

The sales reflected both RSA’s and Dell’s corporate strategies. This allowed RSA to focus on security-first organizations, while Dell pursued its product strategy, according to Orr.

The annual RSAC event is an important gathering for the computer security community. It is considered the world’s leading information security conference and exhibition. Originally scheduled for February 7–10, world events led to it being rescheduled for June 6–9 at The Moscone Center in San Francisco.

RSA Federal is not a conference sponsor. However, its representatives participate in panels, showcases and speeches throughout the event.

This year’s 31st annual conference was the first to be held as a standalone, independent business since the investment from Crosspoint Capital Partners in March. The event was attended by over 26,000 attendees, including over 26,000 speakers, 400 exhibitors and over 400 members of the media.

notable takeaway

According to Orr, the biggest takeaways for cybersecurity were placed in key addresses. Security was impacted by a rapid digital transformation.

This change happened rapidly due to the pandemic. This forced it to accelerate partnerships with people working away from home.

The disruption of change in the physical world is now creating a digital ripple across the entire supply chain. Better supply chain security is needed to prevent tampering within its technology.

“Another major theme was the role played by massive propaganda. We are in a hyper-connected world. The propaganda blurs how people separate fact from fiction,” Orr said. This continues to influence the use of technology.

Perhaps one of the most damaging effects is a lack of deteriorating talent. He said that not enough people are skilled to deal with cyber security threats and what needs to be done within the cyber security domain.

Attacks are on the rise now with many different factors. In a previous world, we were all sitting behind a firewall in a corporation, Orr noted. Security teams can keep tabs on the good guys and the bad guys, except maybe insiders.

“The firewalls disappeared as soon as we went mobile from the pandemic. Your personal limit of security has disappeared. Some of that boundary needs to be built around identity,” he urged.

Identity border protection

From Orr’s catbird seat in the world of cybersecurity, he sees how preventing identity breaches is now necessary. Organizations must know who is connecting to their network. Security teams need to know what the detection does, where they are in the network, and what access they should have to see. In this globalized world, those derailments really changed things.

“The attack vectors also became realised. The attack vectors have really changed,” Orr said.

Network managers must now look at the danger areas and figure out how and where to spend the money. They also need to learn the techniques available and more importantly know that the attack surface is large.

“That means they need additional sets of people or different sets of skills to come across these open issues and address them,” Orr said.

Those decisions also include ROI factors. He further added that what is really driving the security question is that generally a corporate expense should have a return on investment.

Ransomware Gone Rogue

The rise of ransomware attacks sucks money from businesses. Initially the strategy was not to pay the ransom demand. From Orr’s point of view the better strategy now depends on the circumstances.

Either way, the victims of the ransom pay and hope for the best. Or they refuse to pay and still hope for the best. There must be a plan for the worst in the game.

“I think it is a personal decision depending on the situation. Now one size does not fit all. You have to see what the bad guys have and what they value. The big question is how to stop it from happening all the time,” he said.

lack of software options

The cyber security industry is not only facing a shortage of talent. Advanced equipment may be lacking.

“I think there’s a lot of basic technologies. I’ll start with the stuff first. Take a look at the truth. For some types of organizations cybersecurity products aren’t really something you can buy. First Step Click on Phishing Attempts Have to learn not to do,” Orr advised.

The solution starts with education. Then it continues with placing some parameters. Determine what your most valuable data is. Next research how to keep it safe. How do you monitor it?

“Cyber ​​security is really a layered approach,” Orr warned.

never trust, always challenge

That was a big topic of the security conference, he continued. Part of the big change is not being able to trust network visitors.

“It was the kind of thing that has really changed now, not to be trusted. There is always the essential approach to verify. Now you are looking at things differently,” he observed.

We are making good progress. The difference is that we are now preparing for a cyberattack, he concluded.