AI-driven cyber crime brings new challenges to CISOs

Cybercriminals are increasingly turning to automated and scripted techniques that exponentially increase the speed and scale of attacks. Mapping networks, finding attack targets, determining where those targets are weak, blueprinting each target to conduct virtual penetration testing, and then building and launching a custom attack can be fully automated using artificial intelligence (AI). This dramatically increases the volume of attacks a criminal can launch in a given period and may be one reason why the number of exploits continues to explode.
 
At the same time, attacks are becoming more sophisticated. Polymorphic malware has been around for decades, using pre-coded algorithms to take on new forms to evade security controls and potentially producing more than a million virus variations per day. Next-generation polymorphic malware built around AI can spontaneously create entirely new, customized attacks that are more than variations based on a static algorithm.
 
A would-be malicious cyber actor no longer needs any programming skills using GenAI because large language model (LLM) AI tools can be used to write malware. AI is also used to quickly exploit software vulnerabilities once they are publicly known, giving malicious actors increased potential to weaponize and exploit these vulnerabilities more quickly than many customers who apply vendor patches or updates. GenAI can dramatically increase the sophistication of spear-phishing attacks, elevating them above the boilerplate content and spelling errors or awkward grammar that organizations often teach users to look for.
 
AI-driven data analytics have given malicious cyber actors new tools for exploitation that make new classes of data attractive targets. A decade ago, only nation-states had the data centres and computing power to make it possible to exploit large data sets. The AI-driven revolution in data mining and the growth of pay-as-you-go computing power and storage mean that massive data sets have become exploitable and attractive targets for criminal actors and nation-states.
 
Why are enterprises unable to keep up with AI-driven cyberattacks?

One culprit is the disaggregated topology of many network security architectures. Enterprises average more than 30 security-related point products within their environments, which makes it difficult to share threat information in real-time. Obtaining a high-level view of the organization’s overall security posture requires manual effort by security and network staff to consolidate data from all the disparate security applications.
 
Furthermore, when an attack threatens the corporate network, the response is not coordinated and, therefore, is slower and less effective. While cybercriminals take advantage of their rapidly shrinking exploit times, enterprise security teams struggle to move the needle on detection. The average breach detection gap (BDG) the time elapsed between the initial breach of a network and the discovery of that breach has hovered stubbornly around 200 days for the past several years.
 
If far-flung corporate assets such as remote servers, endpoints, and IoT devices seem vulnerable, consider assets in the cloud. Compounding this risk is the fact that most companies deal with more than one cloud provider. In 2024, a majority of organizations (78%) are opting for hybrid and multi-cloud strategies. Of those organizations, 43% use a hybrid of cloud and on-premises infrastructure, and 35% have a multi-cloud strategy.
 
Most organizations also recognize that security needs to be included in their cloud strategies. The cybersecurity challenges associated with the cloud and the need for enhanced security measures in cloud environments have become more critical in the face of new AI-based threats. A whopping 96% of organizations report being moderately or extremely concerned about cloud security. Security is a priority, with 61% of respondents anticipating that their cloud security budget will increase over the next 12 months.

Finally, when security leaders try to gain some headway by bolstering their teams with security experts, they find those with the right skill sets and experience to be both costly and in short supply. And for those seeking to add staff with experience designing and implementing AI-driven security, they are very difficult to find, recruit, and retain.

For all their organizational might, enterprises have so far proven to be no match for the guerilla tactics of the global cybercrime industry. It is safe to say that every enterprise has already been compromised in some way. Security leaders can level the playing field by taking a few pages from the playbook of cyber criminals as they reevaluate their security technology strategies. It does not take a hacker to realize, for example, that a common code base reduces costs and speeds implementation, efficient information sharing improves the odds of success, and AI is a powerful analytical lever.
 
It Is Time to Re-evaluate Security Technology Strategies

To investigate threats, respond to threats and prevent data breaches organizations need a Security Operation Centre (SOC), which is responsible for protecting an organization against cyber threats. SOC analysts perform round-the-clock monitoring of an organization’s network and investigate any potential security incidents. If a cyberattack is detected, the SOC analysts are responsible for taking any steps necessary to remediate it.

From top to bottom, security teams are overloaded with too many tools to manage, too many alerts to investigate, and too many manual or repetitive processes—all of which slow down response times. Despite analyst efforts and SOC budget spending, typical incident detection and response performance remain inadequate to protect organizations against today’s attackers.

This is where technologies like SOAR, or Security Orchestration, Automation, and Response, a set of tools and technologies that help organizations manage and respond to security threats, play a role today. It can automate cyber-attack prevention and response by integrating security tools and processes, defining how tasks should be run, and developing an incident response plan.

Centralizing and standardizing complete investigation and response workflows that leverage artificial intelligence (AI), the latest available threat intelligence, and a rich analyst toolset can make the difference between attack deterrence and breach recovery. 

Vishak Raman

---

Vishak Raman is the Vice President of Sales, India, SAARC and Southeast Asia at Fortinet.