How AI is super-charging hackers (and what you can do to reduce the risk of attack) 

((synopsis)) We sit down with Dominic List, CEO & Founder of Cyber One, to talk AI, Polymorphic attack, and the return of tape air gapping.  

 

We know that AI, as a concept and practical technology, has been around for a long time. But what’s really propelling the treacherous security landscape we find ourselves in today and is it realistic to think that as IT professionals we can defend against AI powered attack? 

In this blog Dominic List, CEO & Founder of Cyber One joins Peter Stroud, CEO of FGS in conversation.  Read on for expert insight, as Dominic and Peter discuss the effects of AI in the world of information security and the steps enterprise organisations can take to stay ahead of the hackers. 

Watch the full interview on FGS TV >> 

 

AI: A growing threat? 

Dominic List considers AI’s most impactful role in cyber-crime to be amplification.  He describes this as more volume, more availability, 24/7, relentless. 

Dominic says: 

“Over the past 17 or so years, the technology innovation timeline has been matched virtually step for step by criminal gangs.  In this time, criminality has amplified from ‘local’ to ‘international’, with well organisations criminal gangs and terrorist organisations embracing hacking as a way to generate revenue.  We now see downloadable service attacks from the dark web, SaaS attack platforms.   

This makes the threat posed by AI very real and only getting bigger.  It is not a case of ‘if’ organisations will be attacked, it is a case of ‘when’. 

It can feel like we’ve been talking about AI for ever.  The difference now, however, is that the very large technology firms – IBM, Microsoft, Google – are spending billions using the large language model combined with massive cloud computing and storage.   And added to this, malicious actors – organised criminal gangs, terrorist organisations – are starting to use AI tools to facilitate attacks.  It’s this convergence that is really propelling what we see coming to life now as AI. 

Powered by AI, cyber-attack volume has increased exponentially.  Now, the work of one hacker, becomes 100 hackers, 24/7.  Malicious actors are using AI as a powerful tool in the cybercrime kitbag.  For phishing, penetration testing … AI requires no sleep, no rest, it is relentless.   

 

So how can you mitigate against the risk of AI powered cyber-attack?  

Peter Stroud sees much value in a return to tape air gapping – a longtime trusted tool in data backup.  The tape air gap is an electronically disconnected or isolated copy of data in a robotic library or tape rack that prevents cybercriminals from attacking. 

Peter says: 

“With AI in the mix you are never going to eliminate the risk of cyber-attack entirely, but you can mitigate against it.  You can do other things, air gapping on the backups for example.  At FGS, we’ve sold more big tape libraries in the past 6 months than we have in the past 30 years.  In my view tape storage is far from extinct and will play an important role in enterprise data security as we defend against AI powered hackers.” 

 

Are there certain industries at greater risk from AI in cybercrime? 

In August 2023, the Government, Technology, Healthcare, Education and Financial Services sectors emerged as the top five most targeted domains for cyber-attacks.  Dominic and Peter consider this and dig deeper. 

Dominic says: 

“In my opinion, the UK construction sector is also at increasing risk when we consider the sector’s infrastructure immaturity and the data requirements of the new Building Act.  Contractors will be required to maintain their supply chain records for 30 years.  That’s more data, more risk, more data that can be lost.” 

Peter agrees: 

“Construction supply chains collaborating and accessing data opens huge cyber security risk. It is similar in iGaming, one of the industries we specialise in.  You might be aggregating games and onboarding them into your platform, you want to be agile and be at the front of the market.  But who is testing these games to ensure that the back doors have been firmly bolted?  If you’re aggregating 30 games in one hit, how can you be certain that each one is doing enough from a security perspective?” 

“It’s not just enterprise scale organisations either.  Powered by AI, cyber criminals have amplified their availability.  The have the time and resource to target any business.  This could be a small chain of newsagents, just as much as an international corporation.” 

Dominic adds: 

“That’s right.  Because of AI cybercrime volume is immense now.  North Korea has a state-owned hacking programme that has trained 1million people.  Add to this, China is developing its own version of ChatGPT.  If we consider that North Korea may utilise China’s AI we very quickly find ourselves in a world where 1million hackers now have the through put of 100million.  If you own a business, with money, you are absolutely at risk.  You are not ‘under the radar’ or ‘too small to be of interest’. “ 

   

How is an AI powered cyber-attack different and what to expect? 

IT professionals have been defending against cybercrime for years, but hackers are finding new ways to breach the security of corporations, using AI to carry out attacks more efficiently and effectively. What can you expect?  Peter asked Dominic to share his insight. 

Dominic explains: 

“Cyber criminals are using AI to automate their attacks on companies.  This includes automated attacks and exploits, advanced phishing and social engineering, malware, biometric bypass, and targeted attacks to exploit identified weaknesses. 

Historically, an organisation might have faced a reasonable attack once every few years.  Today, you are likely to be attacked multiple times within a matter of months.  

AI powered cyber-attacks are different, more rapid.  Nowadays, within hours of a critical vulnerability that needs patching coming out, you’ll find someone is all over your infrastructure, traversing your network.   

Problems arise when you rely solely on inhouse personnel, and they’re on call.  By the time they receive the call it’s too late for them to put the patch on.  The hackers are already inside the system for weeks, months, years, without you knowing.   

Often, we are drafted in during the negotiation phase of a ransom ware attack.  Or, when an organisation has tried and failed, and all machines are fully encrypted.  Even today people don’t realise how devastating that is.  The entire organisation is locked out and time to recover is often months.  The reason its months is that very few organisations have air gaps and often data is not properly synchronised.  They might think it is properly synchronised, but when you come to restore the whole lot in one go, it fails.” 

 

What steps can you take to reduce the risk? 

Dominic and Peter agree, enterprise clients are focusing more and more on cyber security.  This is backed up by Gartner’s 2024 Forecast Analysis: Information Security and Risk Management Worldwide report which identifies that security services are expected to represent 42% of total security and risk management end-user spending in 2024, and to remain the largest area of security and risk management spending in 2024. 

Dominic says: 

“Gartner has identified that, considering cyber risks increasing, cyberthreats proliferating and a changing operating environment, it will be more critical than ever for organisations to build and optimise a cybersecurity programme.  It also predicts that application security – the challenge of keeping across the code base, challenges around the multi-jurisdictional nature, API integration – will be the most pressing concern. 

My view is that the type of 24/7/365 managed Security Operations Centre (SOC) services CyberOne delivers in partnership with FGS should form the cornerstone of a cybersecurity programme capable of contending with the challenges of 2024 and beyond.  With the sheer volume of cyber-attacks enabled by AI, a ‘working hours security operation centre’ manned by an ‘on-call’ in house team will be unable to respond swiftly enough. 

Ultimately – just like radar – the FGS & CyberOne SOC service gives you horizon visibility.  It gives you the chance to get in front of the enemy and respond at speed, not wait for them to be on top of you.” 

Peter says: 

“When FGS first started it was mostly financial service firms and legal firms who had an idea about the value of a managed SOC.  Now, we’re seeing far more industry sectors prioritising this approach primarily because of the ability to reduce risk.   

Historically, we saw many organisations relying on insurance to provide a sense of security.  Now, that’s a false sense of security.  Policies have been revised and, for example, if your team haven’t done critical patching in 14 days, and you’re breached, insurance won’t pay out. 

FGS and Cyber One are absolutely on the same page here.  Security in the age of AI comes from a hybrid managed SOC and upskilled team approach.  This combined approach to cybersecurity strategy succeeds in reducing risk and lowering costs but also prioritises the ongoing real-world training of human personnel so that they can keep pace with threats and technologies. 

No matter how proficient your ‘working hours security operation centre’ or end point protection, in isolation they will not spot hackers and respond in timeframe required in this new AI frontier.” 

 

Explore FGS Information Security Solutions: Having successfully guided 300+ companies through ISO27001 certification, we understand the foundations of InfoSec policy creation and implementation of systems to mitigate risks. Our 24/7/365 Managed SOC offering reduces risk, whilst lowering costs. Learn more >> 

 

What’s next in offensive AI? 

With many of the most notable cybersecurity threats stemming from quickly maturing and increasingly more sophisticated AI, we need to be prepared now so that hackers are unable to outpace enterprise technology teams. 

Dominic says: 

Back in 2019 a Forester Report predicted an increase in the scale and speed of attacks and expected AI “to conduct attacks that no human could conceive of.” 

We see that emerging now in the form of Polymorphic Attack.  Think of this offensive AI like a one-man army.  Polymorphic Attack is not common pace, yet.  But it is coming.  The virus knows everything about the target and how the network can be defeated.  It looks for how you are trying to defend against it, and adapts, relentlessly to counter-attack.  There is nothing at the moment that can defend against this right now.” 

 

Join Dominic List, CEO & Founder of Cyber One and Peter Stroud, CEO of FGS on FGS TV where the full interview is available to watch again on-demand. 

Watch the full interview on FGS TV >>