Expert view
AI attacks now ‘the main cybersecurity concern’ for businesses across sectors
GlobalData principal analyst for thematic intelligence David Bicknell discusses AI and the evolving threat landscape with Stu Robarts.
David Bicknell, principal analyst, GlobalData
Cybersecurity threats to businesses are not only more numerous than ever but are now becoming more sophisticated through the use of AI by perpetrators.
In its annual review of cyberattacks released in January, threat intelligence researcher Check Point found that organisations around the world experienced an average of 1,158 weekly cyberattacks each during 2023 – a rise of one percent from 2022.
It was revealed this month, meanwhile, that half of businesses (50%) in the UK, 70% of medium-sized businesses (70%) and nearly three-quarters of large businesses (74%) had experienced some form of cyberattack in the last 12 months.
These figures alone make plain the criticality of cybersecurity for businesses, but experts are now also pointing to AI as being a major concern.
NetScout’s threat intelligence lead Richard Hummel says of the issue: “I think AI definitely has some serious implications.”
Among the applications for the technology, he notes, are generating attack scripts, increasing the scale of attacks and refining the quality with which they are crafted.
“The ease with which you can do with these things, and how it brings this element of professionalism into this criminal space is quite concerning, for sure,” Hummel adds. “I would say that's definitely something that we need to keep an eye on in the future.”
His concern is echoed by ClubCISO, the members' forum for information security leaders, which this week released the results of a study that found a significant discrepancy in how critically chief information security officers (CISOs) view AI as a cyber threat but how underprepared many businesses are.
According to the study, 62% of CISOs agree that the industry as a whole is not equipped to deal with AI cyber-attacks, with 63% saying they rate the severity of the threat posed to their businesses by AI cyber-attacks as critical or high. Despite this, 40% of respondents said the emergence of AI hasn’t altered their priorities, and, for more than three-quarters (77%), AI hasn’t triggered a change in cybersecurity spend.
Of this, Rob Robinson, EMEA head of Telstra Purple, which runs ClubCISO, tells us: “The vast majority of organisations that we found in these findings have done nothing to increase their funding to increase their spend in terms of cybersecurity to address what is obviously going to expedite the type of sophistication, the volume and the complexity and the autonomy of threat that organisations are facing … The vast majority see it as a threat but the vast majority aren’t spending money on it.”
Here, GlobalData principal analyst for thematic intelligence David Bicknell provides further insights on the threat of AI-led cyberattacks, the evolution of cyber threats and what the future of cybersecurity looks like.
Stu Robarts: How have cybersecurity threats evolved over time?
David Bicknell: Cyber threats have been around in some form for 50 years. In 1971, the first computer worm was created, displaying the words: “I am the Creeper: catch me if you can.” Since then, we’ve had viruses, distributed denial of service (DDOS) attacks and ransomware to name but a few.
In 1982, a high school student developed the first virus, Elk Cloner, which infected the Apple II operating system. In 1986, the first US Fraud and Abuse Act was passed, defining federal computer crimes and penalties. And in 1988, Robert Morris created a self-propagating virus that attacked the early internet.
Stu Robarts: What are the most significant current and emerging threats?
David Bicknell: Ransomware has been the scourge of companies for the last few years, but 2023 was particularly bad. Ransomware attacks are becoming more sophisticated. 2023 was notable for relentless cyberattacks globally, and the cyber threat landscape saw an evolution in the execution of ransomware threats. Some criminals started copying and stealing data, demanding payment for not making it public, and then offering it for sale on the dark web.
According to Check Point, one in every 10 organisations worldwide was targeted by attempted ransomware attacks in 2023. That is a 33% rise from 2022, when one in every 13 organisations faced a ransomware attack. Throughout 2023, organisations worldwide each experienced over 60,000 attacks on average. That equates to a staggering 1,158 attacks per organisation per week.
Organisations hit by ransomware attacks in 2023 included the Las Vegas casino giant MGM Resorts, which suffered prolonged disruptions and significant fallout, aerospace company Boeing and the UK’s Royal Mail.
Ransomware payments in 2023 exceeded $1bn, the highest number ever observed, and a number that does not include the economic impact of productivity loss and repair costs associated with attacks on organisations.
The ransomware industry also gained an increasing number of new players, probably attracted by the potential for significant profits. So-called big game hunting, which involves carrying out fewer attacks but collecting larger payments, has become the dominant strategy in ransomware, with a growing share of all payments involving sums of $1m or more.
Stu Robarts: What specific cybersecurity challenges has 2024 brought?
David Bicknell: The threat of AI-led cyberattacks is the main concern. It can be used as an offensive threat against companies. But despite concerns over the risks it poses to organisations, AI can play a major role in improving cyber defences. Organisations can use it to understand their networks better and identify potential threats faster.
For example, AI can spot and decipher the signals that are the precursor to a cyberattack more efficiently than human resources. At the same time, adversaries will use AI in cyberattacks. A simple example is cybercriminals using generative AI to strengthen phishing attacks by eliminating the telltale signs of fake messages, such as poor grammar and spelling mistakes.
Social engineering is often the means of instituting an attack, using the trick of creating an urgent – false - need to which people feel they need to respond, and erroneously click on a link that launches malware.
2024 brings geopolitical challenges. There are over 60 elections around the world in 2024, and there is also the Olympic Games in Paris, which will be a magnet for attacks.
Stu Robarts: Are any specific sectors at particular risk, and how well-equipped are they?
David Bicknell: All sectors are at risk of cyberattack. The less mature the sector in terms of their defensive expertise – and probably their spending on cybersecurity - the more at risk they are. That is why public sector organisations are often attacked. Local councils, city administrations, schools are all at risk.
Stu Robarts: What does the future of cybersecurity look like?
David Bicknell: In a couple of words, complex and challenging. These days, all organisations are going to suffer cyberattacks. The key question is how resilient they can be to those attacks, how quickly can they recover. We have recently seen law enforcement start to take down ransomware groups. But at the same, hackers are varying their approach.
Ransomware attacks are becoming more sophisticated. 2023 was notable for relentless cyberattacks globally, and the cyber threat landscape saw an evolution in the execution of ransomware threats. Some criminals started copying and stealing data, demanding payment for not making it public, and then offering it for sale on the dark web. The likelihood is that 2024 will be another difficult year: with attacks on infrastructure, supply chain, elections, and events.