By Caroline Seymour, VP,
storage product marketing Zerto, a Hewlett Packard Enterprise company
To say artificial intelligence
(AI) and machine learning (ML) are gaining momentum as an operational tool is
an immense understatement. Across sectors, the incorporation of AI and ML tools
into day-to-day operations has become the new norm, forcing organizations to
reflect on how automation can improve efficiency while simultaneously expanding
the threat landscape.
Early this year, Gartner released its
"Top
Trends in Cybersecurity for 2024" report, which states, "By 2026,
organizations prioritizing their security investments based on a continuous
threat exposure management program will realize a two-thirds reduction in
breaches." The report goes on to predict that by 2025, the evolution of
generative AI will demand a dramatic increase in cybersecurity resources to
establish security, "causing more than a 15% incremental spend on
application and data security."
What does this mean for
organizations? In order to navigate the ever-changing path of
cybersecurity, a larger focus must be placed on internal operations and
cybersecurity approaches. By implementing continuous data protection technologies
and zeroing in on the expanding threat landscape, organizations can evolve
alongside AI instead of playing catch up.
I. The AI-Enabled Threat
Landscape
AI and ML are shifting the way
organizations prepare for and combat cyber threats. Artificial intelligence can
recognize cyber activity patterns, both malicious and normal, which can then be
used to proactively implement automated
responses. Relying on patterns established using AI, organizations can then
leverage ML to identify deviations for incoming and outgoing data as a measure
to prevent cyberattacks.
While the concept of implementing
automated responses to cyber threats is enticing for organizations, the
realization that malicious entities also leverage these technological
advantages presents an additional challenge in effectively mitigating risks. Threat
actors can take advantage of AI and ML in attack timing, target identification,
and detection avoidance - making the potential misuse of automated technologies
a growing concern for organizational security. Other ways that AI can be
misused is through enabling high-level attacks such as phishing, deepfakes,
AI-powered malware, and Advanced Persistent Threats (APTs).
II. The Role of AI in Advanced
Persistent Threats (APTs)
APT is defined
as a "prolonged and targeted cyber-attack in which an intruder gains access to
a network and remains undetected for an extended period." Instead of causing
damage to an organization's network, APT attacks aim to steal high-level
information over a long period. APT actors can utilize evolving AI capabilities
to both maintain persistence and avoid detection. APT attacks rely on
sophisticated and high-level hacking approaches to gain and retain system
access. The end goal of ongoing system access is achieved through the following
attack stages: reconnaissance, resource development, execution, and data
exfiltration.
The reconnaissance stage involves
the collection of information about the target, including its systems and
potential vulnerabilities. In this stage of an APT, AI's automatic generation
of information from various sources can help actors identify and gain a
comprehensive understanding of the target, even having the power to pinpoint
weak entry points through an assessment of system architecture.
In other stages of an APT, AI can
adapt malware behavior as a response to security measures which heighten the
chance of a successful breach. AI can also assist APT actors in the development
of personalized and convincing phishing messages. Phishing is the most common
way that ransomware can infiltrate an organization's network. When an employee
clicks on a phishing email, the system will download a piece of software acting
as a back door. This new entrance establishes communication with the hacker's
command and control server that subsequently sends additional software, which
includes the ransomware payload. Upon infiltration in the host system,
ransomware will then begin the encryption of organizational data.
III. Robust Cybersecurity
Combats AI-powered Threats
As we know, if organizations can utilize
evolving technology to their benefit, so can cyber criminals. AI is helping threat actors act faster and more
efficiently with all the benefits AI is providing everyone else. The threat
landscape facing organizations has expanded tremendously over the last few
years with its staggering growth attributed to an increased adoption of SaaS - in
turn leaving organizations vulnerable and facing large numbers of potential
exposures.
In order to
defend themselves from these kinds of threats, organizations must implement
continuous data protection (CDP). The integration of CDP in cybersecurity solution
stacks provides organizations with an unmatched level of security along with a
continuous availability of recovery checkpoints to use in the case of a cyberattack. CDP offers many
benefits to organizations, specifically data mobility, granular recovery, and
periodic data resilience testing. By simplifying and automating disaster recovery
operations, CDP enables organizations to quickly rewind and resume from a
point-in-time just prior to an attack.
As a measure of
fortifying cybersecurity strategies, organizations must implement strategies
with distinct capabilities such as the ability to cut off external data access.
Cyber vaults can accomplish this additional layer of security through the
prevention of data access. With the right vault architecture, such as an
isolated vault with top-tier data protection, organizations can benefit from
reduced downtime, regulatory or audit compliance, and lower complexity providing
ease in detection, response, and recovery from ransomware.
IV. Conclusion
Each organization has unique considerations when it comes
to data security, but a commonality among all is the need for robust
cybersecurity strategy that incorporates CDP to enable rapid recovery after
even the worst attacks. In order to effectively capitalize on evolving
technologies, organizations must upgrade their data protection strategies to make
the most out of their data while simultaneously safeguarding against ransomware
and loss. In conclusion, it is critical for organizations to safeguard against
AI-powered ransomware as the ever-evolving and relentless advancement of AI and
ML technology requires a proactive approach to data protection. In today's
world, implementing robust security strategies is no longer a matter of
protecting data but represents a strategic and logical investment in resilience
and longevity of an organization.
##
ABOUT THE AUTHOR
Caroline
Seymour is the Vice President of Product Marketing at HPE. She helps shape the company's product strategy
and marketing activities. She is skilled in driving innovation and delivering
value to customers through HPE's technology solutions. Before joining HPE,
Caroline was VP of Product Marketing at Zerto, where she oversaw the overall
product marketing strategy and implementation. Before Zerto, Caroline worked at
IBM for nine years. Caroline has a lot of valuable experience in the Enterprise
software space from the various roles she has had in Europe and in North
America.