Knowledge Exchange

In today’s hyperconnected world, AI has revolutionized the way we work. But as more and more information and data flows seamlessly, cyberthreats are becoming ever-more sophisticated and traditional cybersecurity measures are no longer sufficient.

Cyberattacks are on the rise, and although on one hand, threats have become more sophisticated due to advancements in AI and Machine Learning (ML), AI has also become an indispensable tool in cybersecurity. This is due to its ability to analyse vast amounts of data, detect anomalies, and adapt to evolving threats in real-time.

Benefits of using AI in Cybersecurity:

Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL) have multiple applications in cybersecurity to make threat detection and prevention strategies more robust and effective. Some benefits of their use include:

■ Phishing detection and prevention

AI powered algorithms can detect email phishing by analysing vast amount of data to thwart phishing attacks. ML models can be trained to flag suspicious details of the mail such as the sender’s address, links and attachments and the language used in the message to determine if it is from a trustworthy source or not.

■ Password protection

AI and ML can detect trends in compromised passwords to create rigid password policies and suggest stronger passwords that are harder for hackers to crack. AI-powered systems can also use behavioural biometrics to verify user identities, analysing typing patterns, mouse movements and other cues to detect potential imposters.

■ Network security

By analysing data and patterns, Artificial Intelligence algorithms can learn normal network behaviour and flag any changes that may signal sinister activity. AI can also be used in identifying and moderating Distributed Denial of Service (DDoS) attacks by analysing traffic pattern and blocking untrustworthy IP addresses.

■ Vulnerability Management

With more than 20,000 known vulnerabilities, AI and Machine Learning can be vital tools for detecting anomalies in user accounts, endpoint and servers that can signal a zero-day unknown attack, which can protect companies from vulnerabilities before they have even been reported or patched.

Final Thoughts

While AI has a welcome place in technology, its development should be kept under an ethical watchful eye because as cybersecurity professionals use it to strengthen their defences, cybercriminals also have access to the same technology to create more sophisticated attacks.

However, it cannot be denied that by implementing AI in your cybersecurity strategy, you can significantly improve your defence against and detection of potential threats.

The power and threat of AI powered Large Language Models.

Disinformation is defined as “false information deliberately and often covertly spread (as by the planting of rumors) in order to influence public opinion or obscure the truth”.

While most commonly used in politics and public health discourse, disinformation campaigns can be used to target businesses of all sizes and can have damaging effects on reputation and revenue. And in an age where disinformation can be easily spread via the internet, it is feared that tools such as ChatGPT will make it easier to create and circulate false narratives on a larger scale than ever before. But what threat does AI engineered disinformation pose to businesses’ integrity, reputation and most importantly security?

Concerns over AI:

AI has revolutionized many aspects of human life, both in personal and professional aspects, and as of late, Large Language Models (LLMs) have been one of the main focal points of AI development. With the popularity of OpenAI’s ChatGPT, there has been an arms race between tech companies to develop and launch similar tools. OpenAI, Microsoft and Google are leading the way, but IBM, Amazon and other key players are close on their tails.

Although these advancements in AI are a testament to how technology has evolved since the inauguration of the internet just 50-odd years ago, the question arises – just because you can, does that mean you should?

The power of ChatGPT:

OpenAI’s ChatGPT3, which launched in November 2022, is the most powerful LLM chatbot launched to date, harnessing the power of 570 GB of data. With ChatGPT4’s capabilities being more creative and nuanced than its predecessor, with the ability to process both audio and video as well as text, its potential to generate information is at a level that has been previously unknown.

There has been growing concern amongst high-profile players withing the technology sector , with many calling for legislation on the development of AI. Key figures warning of AI’s power are Elon Musk (Tesla), Steve Wozniak (Apple Co-founder), and Dr. Geoffrey Hinton (Formerly Google).

How AI can be used in Disinformation attacks:

Disinformation attacks differ from typical cyber threats as there is no need to physically, or virtually infiltrate a business or its network. Bad actors can produce and circulate disinformation with relative ease, generating it en masse using chat bots such as ChatGPT and spreading the resulting inauthentic content via social media, blogs, or emails.

■ Manipulated audio and video

A deepfake refers to an AI generated video used to spread a fake narrative. They are often hyper-realistic in appearance. A falsified video of illegal activity, or business leaders making incendiary comments can erode public trust and can be used for extortion. They can also increase the effectiveness of phishing attacks, make identity theft easier and manipulate and severely damage a company’s reputation.
AI systems can also be trained to impersonate a real person, to generate speech that mimics a particular style, and language patterns, lending more credibility to scam attempts.

■ Fraud

Fraud is often motivated by a desire to obtain financial gain. AI can be used to create forged documents with fake letterheads, copied and pasted signatures, or even business contracts and invoices that can be used to deceive and mislead people.

■ Proxy websites

Proxy websites are used as fronts by malicious actors to host their fraudulent content. They are disguised as a legitimate site in order to launder fake news and divisive content and drive page views. Often times the only way they can be detected is by spotting a slight misspelling in the URL or cross referencing the site’s information with verifiable sources.

■ Disinformation-as-a-Service

Disinformation-as-a-Service is nightmare fuel for information warfare where anyone can buy fake news and misinformation campaigns powered by a network of professional trolls, bots, and other manipulation tools. Be it a competitor, a disgruntled client or ex-employee, anyone with bad intentions can engage an incendiary service to damage a business or individuals’ reputation with falsified information.

How Disinformation attacks threaten businesses:

Fake news is more than a catchy phrase, disinformation poses serious harm to individuals and businesses alike and can result in:

■ Reputational damage:

False information can be spread quickly and easily on the internet, and despite best efforts and rebuttals with the truth, once trust is lost it can be greatly difficult to build this back with the public. This can result in a loss of sales and being unable to attract new customers.

■ Financial loss:

Disinformation can be used to inflate and manipulate stock market prices or to deceive investors, which can lead to significant financial losses for both the company and investors when the truth comes to light.  

■ Cybersecurity breach

AI can be used to generate more sophisticated phishing attacks that appear to be from legitimate sources which can then be used to install malware on business systems, giving hackers access to confidential company information or customer data.

■ Business disruption

Disinformation can be used to spread false rumours about business operations or product availability which may cause customers to cancel their orders or avoid doing business with the company in the first place.

Final Thoughts

As Artificial Intelligence continues to develop, its power needs to be looked at through an ethical lens. With every benefit it brings, those with bad intentions also have access to use its power for evil rather than good. It will be interesting to see how global governments decide to handle it and how legislation will be put in place to regulate its advancement.

The development of AI legislation is already underway within the European Union. The European Parliament is looking to introduce the AI Act to ensure a human-centric and ethical development of Artificial Intelligence (AI) in Europe, MEPs endorsed new transparency and risk-management rules for Artificial Intelligence systems.

Although AI can be used to improve work processes, it can also be used to optimise output of defamatory and dangerous mistruths. We are in an age where fake news and disinformation is no longer limited to the political sphere, and companies are also at risk of disinformation attacks. There is no doubt that AI powered Large Language Models (LLMs) such as Chat GPT have the power to increase the frequency, intensity, and consequences of disinformation attacks against businesses.

Companies need to put precautions in place to detect and defend themselves from AI powered attacks, but only time will tell the true power of AI for better or worse.

Part 2: The future is hybrid

Not all cloud storage solutions are created equal. In an ever-evolving digital landscape, it is crucial for SMBs to asses which cloud infrastructure is properly suited to their needs and digital transformation objectives. Small businesses should plan ahead and implement modern digital strategies from the beginning to set up an agile environment for growth. 

Cloud storage is key as businesses store more data online, and there are different types of cloud solutions available. Public cloud solutions are more affordable and easier to manage for small companies, while private cloud is more secure but limited in scalability and more expensive to maintain. 

What is hybrid cloud?

Hybrid cloud is a computing environment that combines both public and private cloud infrastructures. Public cloud refers to services provided by third-party cloud service providers, while private cloud is a cloud computing infrastructure dedicated solely to a single organization. Hybrid cloud allows organizations to run their critical workloads on a private cloud, while still benefiting from the cost savings and scalability of public cloud services.

How is hybrid cloud driving digital transformation?

With the advent of hybrid cloud technology, organizations are now able to leverage the benefits of both public and private cloud environments to drive innovation and streamline operations.  Hybrid cloud, which combines public and private cloud infrastructures, is a popular solution for small businesses as it simplifies management, improves speed and innovation, and optimizes costs while providing flexibility and security. A recent survey found that 75% of respondents in the Netherlands have opted for a hybrid cloud solution, up from 66% in 2020.

Both public and private cloud solutions have their benefits, a hybrid cloud environment offers the best of both options, allowing businesses to take full advantage of its features such as:

Scalability and Flexibility

One of the primary benefits of hybrid cloud is the ability to scale resources up or down as needed. This allows organizations to easily accommodate fluctuating demands for computing resources without incurring the costs of maintaining an on-premise data center. Additionally, hybrid cloud provides flexibility for organizations to choose which workloads should be run on private cloud and which should be run on public cloud, based on their individual needs.

Data Security and Compliance

Data security and compliance are top priorities for organizations. With hybrid cloud, organizations can keep sensitive data on-premise while still utilizing public cloud resources for less sensitive data. This allows organizations to maintain control over their critical data, while still benefiting from the agility and cost savings of public cloud services.

Cost Savings

Hybrid cloud allows organizations to optimize their computing resources and save costs by leveraging public cloud services for non-critical workloads. Additionally, the ability to scale up or down resources as needed means that organizations only pay for what they use, rather than investing in costly on-premise infrastructure that may go underutilized.

Innovation

Hybrid cloud provides organizations with the flexibility to experiment and innovate with new technologies and services. With public cloud services, organizations can easily test and deploy new applications, without the need to invest in costly infrastructure or worry about capacity constraints.

Final Thoughts

Hybrid cloud is driving digital transformation by providing organizations with the scalability, flexibility, data security, compliance, cost savings, and innovation they need to compete in today's digital landscape. As more and more organizations adopt hybrid cloud technology, it is clear that it is the future of cloud computing. Whether you are a small business or a large enterprise, hybrid cloud can help you stay competitive and agile in an ever-changing business environment.

Don´t miss: Part 1: The future is hybrid

This month’s Knowledge Exchange white paper on emerging and existing Cyber Security threats will examine why ITDMs and Business Leaders are extremely worried about a ‘catastrophic cyber event’ that could have more of a societal impact than Covid-19 in next few years, and what ITDMs can do today and longer term to mitigate those risks. 

It may be pure co-incidence, but it was certainly chilling to see that in a matter of weeks after the World Economic Forum’s (WEF) 2023 annual summit in Davos, Switzerland that warned of a total “grid down” scenario caused by a ‘catastrophic cyber event;’ a mysterious high-altitude balloon was seen floating across America. 

And while many in the mainstream media have quickly judged this and subsequent other balloons to be a surveillance or spy balloons, other commentators claim that most state sponsored espionage is done via satellites¹ and that this vehicle has potentially a more sinister capability: The ability to activate an electromagnetic pulse or EMP at high altitude (HEMP) using a smaller lighter nuclear payload. 

Therefore, if the balloon was carrying an EMP device or was just a drill to test the detection and response time of such devices, at the sort of altitude the vehicle was flying it would have a greater geographical reach than a ground detonated device and could have knocked out a big chunk of the infrastructure it was flying over.  

A grid down scenario would make Covid’s impact seem like, ‘a small disturbance’

Klaus Schwab, founder of the WEF. 

he result would be an instant shut down of power, communication, finance, and business systems that would have a devastating effect to emergency services and supply chains that could tip society into chaos in a matter of days. 

A grid down scenario would make Covid’s impact seem like, ‘a small disturbance,’ according to Klaus Schwab, founder of the WEF.  

President of the Centre for American Defence Studies, Paul Crespo also confirmed the high-altitude vehicles could be a trial run for a cyber-attack using a balloon-mounted weapon.  

Speaking in the Epoch Times Crespo said: 

“While China has tested hypersonic missiles launched from balloons in the past, that isn’t a likely use for these airships."

“The biggest threat is sending one or more of these high-altitude balloons over the US with a small nuclear EMP device.” 

While we hope the vehicle may be nothing more than a ‘weather balloon,’ with rising geopolitical tension between the US with China², over Taiwan, tensions with Russia, over Ukraine; an increasingly unstable regime in Iran and a reescalation of tension with North Korea, the usage of EMP enabled weapons for a global pre-emptive strike seems alarmingly possible.  

Military strategists at these countries may be in favour of a high-altitude pre-emptive HEMP strike over a conventional full blown nuclear attack as it limits immediate death, radiation fall out and keeps the infrastructure intact, albeit broken, that can be repaired in time.

Research Round Up

THIS MONTH'S LATEST CYBER SECURITY RESEARCH From security vendors, bloggers, and analysts

Checkpoint Security: Cyber Security Report 2023

Author: Maya Horowitz, VP Research at Check Point Software Technologies

• “In 2022, the proportion of email-delivered-attacks has increased, reaching a staggering record of 86% of all file-based attacks in-the-wild.”
• “The Russia-Ukraine war demonstrated how traditional, kinetic war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.
• The war has also seen enhanced usage of wiper malware, malware that intends to erase or wipe data of the drive it infects, and this trend has been adopted by several actors, reaching a point where 2022 has seen more wiper attacks globally, than in the previous decade altogether.”

IBM Security Report: Cost of a Data Breach Hits Record High During Pandemic

• In 2021 systems and software giant, IBM Security found that over half of SMBs had experienced a cyber-attack largely as the result of the pandemic where new hybrid working models were introduced or with the increased migrations to cloud infrastructure.
• IBM notes that 40% of SMBs do not have comprehensive and updated cyber-security incident plan. Other findings of the IBM research found that or companies with less that 500 employees the cost of an average Cyber breach was around $3m per incident.

Venture Beat/ Forrester 2023 Cyber Security Predictions

• More than 50% of chief risk officers (CROs) will report directly to the CEO.
• A C-level executive will be fired for their firm’s use of employee monitoring.
• A Global 500 firm will be exposed for burning out its cybersecurity employees 

SecureList by Kaspersky: What your SOC will be facing in 2023

Authors: Sergey Solatov, Roman Nazarov

• Ransomware will increasingly destroy data instead of encrypting it
• Public-facing applications will continue to be exploited for initial access
• More supply chain attacks via telecom
• More reoccurring targeted attacks by state-sponsored actors
• Rise in attacks on Media outlets

EMP Research

• Future-proof: bunkered data centres and the selling of ultra-secure cloud storage
• Challenges in Protecting Cyber Critical Infrastructure-GOA
• North Korea’s Satellites Could Unleash Electromagnetic Pulse Attack
• Critical Infrastructure Cyber Recommendations Go Largely Unaddressed-Nextgov
• EMP/Solar flare-Grid Down Consulting
• Infrastructure Security-CISA

Cyber Security Podcasts-Compiled by Fabian Weber

• Darknet Diaries
• Security Weekly
• Simply Cyber
• 7 Minutes Security
• 2 Cyber Chicks
• The Hacker Factory
• Securing Bridges
• Security Now
• Malicious Life
• Human Factor Security
• Unsupervised Learning
• Hacking Humans
• The Privacy, Security & OSINT Show
• Smashing Security
• CyberWire Daily
• Risky Business

Summary

The first three blogs of our cybersecurity and digital transformation series focused on the threats and security challenges faced by businesses when implementing a digital transformation strategy. In this concluding installment we will lay out the steps you can take to protect your company from potential attacks.

How can businesses reduce the risks of cyber-attacks?

SMBs face a significant risk of cyber-attacks and security breaches. Businesses can take this steps to improve cybersecurity practices. A single attack can cause irreparable damage to the business. Therefore, it's essential for businesses to establish robust security practices to mitigate security threats to their infrastructure and organization. In this fourth and final installment of our cybersecurity series, we will lay out the best ways to tackle these challenges and threats.

Preparing your business for potential security breaches may seem daunting, but there are many steps you can take to improve your security measures. Here are some ways to improve your business's cybersecurity practices:

• Implement access controls:

Access control policies limit access to your business's critical assets. Avoid sharing user IDs for accessing systems and data. Instead, use unique IDs and login credentials to make it easier to track who is accessing your resources. Implementing automated Identity Access Management (IAM) systems helps streamline this task and eliminates a large amount of risk.

• Thoroughly train employees in best practices:

Humans are often the weakest link in the cybersecurity chain. It is essential that your employees and adequately trained in your more updated security procedures. They need to be equipped with the knowledge and skills to be able to identify and avoid potential threats. Without this, they may be more likely to fall victim to sophisticated phishing attacks, and unintentionally expose the company’s data or put it at risk of an attack.

• User Authentication:

User authentication is the process of verifying the identity of a user before they are granted access to a system or application. Multi-factor authentication creates a layered security system that requires employees to use a randomly generated one-time code sent via SMS or email in addition to their password to verify their identity. This type of security system protects your data by preventing unauthorized third-party users from gaining entry to business systems and websites.

• Implement a Managed Detection and Response (MDR) service:

Small businesses and their IT security teams can struggle to keep pace with their growing volume of technology and threats. A Managed Detection and Response (MDR) service is a cybersecurity service that combines high-end technology with human expertise to rapidly identify and limit the impact of cyber threats without the need to hire additional staff. This service monitors your systems and applications 24/7 to detect and respond to any security incidents.

Final Thoughts

In conclusion, improving your business's cybersecurity practices is essential to safeguarding your data and ensuring the continuity of your business. By implementing these security measures, you can help protect your business from cyber threats and avoid the devastating consequences of a security breach.

☉☉☉