IT pros and cybersecurity experts are tasked with fighting the ongoing battle against tech-savvy threat actors, and AI has only made it more difficult to keep fighting the good fight. If the last few years are any indication, hackers will find more innovative ways to infiltrate our systems into 2025 and beyond.
Cybersecurity teams can turn to several AI-enabled solutions, but those with limited budgets may need to face their hackers with minimal resources and a lot of due diligence.
Threats from inside and out
It’s no secret that hackers are getting better at cyberattacks and infiltrating businesses and computer systems. Before we talk solutions, let’s look at some interesting attacks on companies that leveraged AI in the last few years.
French users were the targets of malware used in an email hacking campaign, and that malware may have been written with the assistance of generative AI. One possible giveaway was that the code was thoroughly commented on, which is uncommon with human-written code.
AI was also suspected of being used in an Activision Blizzard breach in December 2022. The breach targeted several employees through an SMS-based phishing campaign that tricked them into giving up their two-factor authentication code. The incident, which resulted in a hacker gaining access to internal systems, could have sidestepped Microsoft’s eventual acquisition of the company at the end of 2023.
T-Mobile can be considered a dart board for hackers. The company was reported to have been breached by an AI-powered API, which resulted in 37 million records being stolen, and that was just one incident. More recently, the company agreed to pay an FCC fine for four breaches, the first of which occurred in 2021.
The year 2024 alone has been a record year for breaches that have affected all types of businesses, from telecom to health care to education to local governments. In many of those incidents, AI is likely to have played a part, especially in the sophistication and appearance of these tools to seem real through deepfakes, voices, videos and seemingly legitimate and well-written business memos.
The ease with which hackers are gaining access to data is a call to cybersecurity professionals to practice the utmost due diligence, and that means companies should copycat AI-using fraudsters by using AI to view their attacks from the hacker’s perspective.
“For the strongest defenses, the future lies in the ability to adopt the perspective of attackers, who will continue to rely more heavily on AI,” writes Dilip Bachwani, chief technology officer at Qualys, in an opinion on Dark Reading. “By analyzing internal data alongside external threat intelligence, AI can essentially map out our digital landscape from an attacker’s point of view,” Bachwani says.
Secure computing starts with these 3 solutions
Due diligence to stay on top of threats is key, and so is prioritizing having the right tools to do so. The good news is there are good ways to bulletproof your systems without breaking the bank. Experts agree that these three solutions outlined below are among the most effective solutions to keep the wolves at bay on a budget. These solutions are practical and can adapt to evolving threats:
Threat detection and response systems: AI has provided a means for modern threat detection systems to process vast amounts of data and detect patterns to function as a cybersecurity army combing that data. Modern TDRs can respond in real-time as soon as threats have been detected. AI-based solutions that use the power of large language models can learn from incidents to improve and evolve as hackers enhance their capabilities.
You’ll want a TDR that mounts a proactive defense, one that can respond immediately to zero-day exploits, ransomware and other attacks and one that gives AI the task of sifting through humongous data sets to flag any odd activity.
It’s a tried-and-true solution, and one shining example is the Qatar World Cup 2022, where a TDR was used to flag a hacker planting several hacking tools on its networks.
Zero-trust architecture with AI-driven access control: Here’s a cybersecurity model that allows organizations to deal with workforces, remote devices and cloud environments that take remote computing into account. With zero trust, no one inside or outside of the network is trusted by default. AI takes it one step further by continuously monitoring and authenticating users and devices by analyzing user behaviors as they gain entry, while using the system and working with data, and even the methods by which they might exit. AI-driven access control also takes into account how users might move laterally across a network, which is a common method of disguising one’s actions and can even restrict such access.
Insider threats like this one are difficult to catch early on and can be especially difficult if some of the information exfiltrated has been manually processed, like stealing credit card information by simply making copies on a copy machine. This, unfortunately, is untraceable if the copy machine used is air-gapped.
Even so, insiders who use a computing device to perform a hack will often leave some sort of electronic trail. That’s where AI-aided zero-trust solutions can help with your cybersecurity due diligence.
A former Amazon Web Services engineer working for Capitol One took advantage of a misconfigured web application firewall to access Capital One’s AWS servers, stealing data on 100 million people. Fortunately, the company had a TDR that helped to thwart the threat before data could be leaked publicly, but an AI-aided zero-trust solution could have flagged the threat earlier in the process once it detected the engineer’s seemingly normal meanderings around the servers.
Automated patch management and vulnerability detection: Companies with rudimentary cybersecurity best practices know about this one – or should – and even companies armed to the teeth with cybersecurity solutions have safeguards like this in place by default. Hackers will jump on system vulnerabilities once they’re discovered, and AI is likely to help them develop a number of exploits for those flaws.
AI-enabled patch management systems can rapidly scan systems, prioritize critical vulnerabilities and ensure patches are applied to keep exploits at bay. In addition, AI can automate the process in accordance with company policies. If implemented with a good corporate policy in place, it’s a proactive approach with minimal effort and one less security issue to worry about.
Why these 3?
Of course, there are other AI-enabled solutions up and down the cybersecurity tools ecosystem, But not many companies have unlimited budgets. That is why focusing on AI-powered threat detection, zero-trust architecture and automated patch management has to be the bare minimum that organizations need to maintain cybersecurity resilience. It is also critical to stay ahead of AI-savvy hackers and put them on notice if they dare try to infiltrate your systems.