Generative AI is changing everything, even phishing.
No longer will scammers offer a bizarre premise in broken English to entice an employee to click a link. Instead, they’ll use generative AI to effect a conversational tone and combine it with personal information scraped from social media to offer a message that rings true.
“Instead of a premise about a prince from an exotic country, attackers are now saying, ‘Hey Frank, it was great seeing you at our kids’ basketball game last week. Took some great photos. Click here to download them,’” says Jeetu Patel, the Executive Vice President and General Manager of Security and Collaboration at Cisco. “It’s just another example of how adversaries are using AI to construct bespoke attacks that make it harder to distinguish between legitimate and malicious activity.”
Phishing scams that rely on generative AI are just one example of criminals harnessing new technologies to deploy ransomware and other malware at an unprecedented scale. Today, companies need to take cybersecurity action to defend against these novel threats, but unfortunately most are still unprepared. According to a 2023 study by Cisco, only 15 percent of global organizations are resilient enough to respond to a cybersecurity threat.
AI has changed the equation for both attackers and defenders. To keep up with the pace and sophistication of these attacks, the old way of handling security no longer works. Organizations need to detect, investigate, and respond to attacks at machine scale, in near real time. That will require comprehensive efforts to curb cybercrime industry-wide, as well as generative AI and machine learning to make security simpler, more effective, and proactive at the enterprise level.
“In security there’s an inherent asymmetry, further exacerbated by AI, in that the criminals only have to be right once, but the defenders have to be right every time,” Patel says. “Breaches will occur—that’s unavoidable. The question is how quickly can you detect, respond, remediate, and recover from that breach. And that means you have to make sure that you’re dealing with security attacks at machine scale.”
Simplifying Security to Strengthen It
In this new era of cyberattacks, AI will be used by malicious actors to hone their assaults. But it will also be used to help resolve one of the greatest challenges faced by Security Operations Teams (SOCs): a security stack and ecosystem too complicated to remain effective.
For years, organizations have accumulated layers of solutions from dozens of different vendors to defend against specific types of attacks. As a result, it’s now difficult if not impossible to streamline a security stack for fear of creating a breach. Even specific security devices have become so convoluted that they can cause paralysis against moving forward with better solutions. “If you think about something like a firewall, it might have six million rules,” says Patel. “This is because some rules were written decades ago, the people who wrote those rules have since left the company, and now no one wants to touch them because they’re afraid of unintentionally breaking something.”
Generative AI offers a simplified approach to security. Take permissions, for instance. “You’ll be able to have natural-language-instructed prompt interfaces that’ll actually set policies for you,” Patel says. “Your systems will operate with a level of simplicity so that you don’t have to go out and learn all these different cryptic interfaces.”
A shift as simple as this could save SOC teams vast amounts of time and resources, in part because basic security functions could be handled by a less experienced team member. Longtime employees could then focus their efforts on higher-level concerns rather than sorting out basic permissions for new team members. Such measures could also resolve a growing issue in tech: the talent shortage in cybersecurity. By making the field more accessible to a wider range of people, generative AI could bolster the effectiveness of the industry overall. “The more people with bright minds from diverse backgrounds who get into security, the safer the world gets,” says Patel.
Generative AI has its own issues, of course, including security challenges and privacy concerns. Overall, however, it has the potential to help transform the field by diversifying and streamlining it. That alone could help turn the tide against malicious actors.
“If we continue to keep security technology overly complex, then the attackers end up winning,” says Patel. “If we simplify the technology—making it easy to use and manage, with the right level of detection of anomalies in the system—then I think we can beat them.”
Evolving from a Patchwork to Platform Approach
The current increase in ransomware attacks demonstrates just how difficult it is to curb cybercrime and why a more streamlined approach is crucial.
In 2022, law enforcement officials in several countries helped dismantle REvil, a Russian cybercrime organization that deployed ransomware-as-a-service (RaaS) software. Among other attacks, REvil was partly behind the Colonial Pipeline incident, which led to a weeklong delay in fuel supply along the U.S.’s eastern seaboard. Soon after it was disbanded, however, the scattered remnants of REvil developed their own criminal organizations, and the frequency of cyberattacks increased. Now, with access to generative AI, many malicious groups have the ability to use highly sophisticated means to target employees and companies, at a pace faster than many SOCs can manage.
To keep up with the speed and sophistication of these attacks, the old patchwork approach won’t work. Today, comprehensive security, detection, investigation, and response must be offered at machine scale, in near real time.
“Your defenses need to be automated and intelligent,” says Patel. “AI-powered defenses have to understand that an email, for example, came from an AI engine rather than a real person, and it has to be able to correlate that email with activity in the system after it was delivered. From there you can do automated detection, response remediation, and recovery.”
This is the power of a platform approach to security: it protects against AI attacks by deploying extended detection and response capabilities via machine learning. With Cisco Extended Detection and Response (XDR), for example, SOC teams can automatically detect, snapshot, and restore business-critical data at the first sign of a ransomware attack. “Unless you have native telemetry that can be correlated across control points, your efficacy is by definition not going to be as high,” says Patel. “That’s why a macro trend in the industry is a shift from point solutions to platform providers.”
An Industry-Wide Effort to Create a Safer Future
The ultimate solution to stopping ransomware gangs, of course, is to cut off their revenue. Without income there’s no incentive.
This goal will require industry-wide collaboration. Cybercriminals are working together to exploit vulnerabilities, so organizations need to align to counteract that advantage. Criminal cooperation is purely transactional, according to FBI director Christopher Wray. “They’ll turn on each other in a heartbeat if it suits them,” Wray said at the World Economic Forum in January 2023. “[There’s a] competitive advantage the good guys have … when we’re all working together, then they’re no match.”
By pooling knowledge and resources, security experts and organizations can increase cybersecurity readiness and accelerate incident-response measures. Better security will also require proactive solutions like platform approaches. Luckily, the effectiveness and economics of security are no longer inversely proportional.
“When you have higher efficacy,” says Patel, “you’ll have greater economics and vice versa, because you’ve simplified the system.”
By creating a security ecosystem collaboratively focused on helping organizations stay ahead of malicious hackers—and offering the forward-looking solutions to do so—security professionals can help shut down the seemingly endless cycle of attacks.
“The way security has traditionally been set up, we’ve made it easy for the attackers and really hard for the defenders,” says Patel. “It should be the opposite. At Cisco, we’ve spent billions on artificial intelligence over the past several years, developing security solutions and working with partners to implement them. But what I think is even more exciting is that we’re just getting started.”
This story was produced by WIRED Brand Lab for Cisco.
