Blog
Interview: Artificial intelligence in cybersecurity: who will make better use of it?
AI helps both hackers and those who fight them – but in addition to sophisticated security solutions, it also requires users to be prudent and informed. Cyber criminals are increasingly making use of artificial intelligence (AI). While the main techniques of cybercrime remain similar, AI is increasing the scale and speed of cyber attacks. In […]
AI helps both hackers and those who fight them – but in addition to sophisticated security solutions, it also requires users to be prudent and informed.
Cyber criminals are increasingly making use of artificial intelligence (AI). While the main techniques of cybercrime remain similar, AI is increasing the scale and speed of cyber attacks. In the area of phishing in particular, AI has enabled very sophisticated attacks that are difficult to identify, according to Erik Hren and Jernej Galjanič, Cybersecurity Analysts from NIL, part of Conscia.
Fake calls from directors and fake recordings from politicians
Using language models such as ChatGPT, attackers can phish in any language to create persuasive messages without grammatical errors. AI also allows phishing to be enhanced with deepfake technologies to increase the persuasiveness of fake video or audio messages. Erik Hren mentions one of the more famous cases of a British energy company where fraudsters created a voice clone of their CEO who “instructed” employees to wire them (the criminals) $243,000.
Unexpected requests for quick money transfers or information sharing are the most common elements of successful cyber-attacks. Language models and deep forgeries allow attackers to create more sophisticated malicious code that can dynamically change and evade standard detection, according to the experts.
Scammers have also used doctored videos to appeal to the masses, including false statements by celebrities such as Tom Cruise or the late British Queen, and on LinkedIn, some influencers have solicited users to buy software, while political disinformation is also common. Deepfake technology with fake videos of political leaders and their statements can manipulate public opinion and also cause considerable confusion or influence election results. For example, fake videos have also been used in the Russian-Ukrainian war. In one, the Ukrainian President called on citizens to lay down their arms, while in another, the Russian President announced the cessation of the war or peace between the two countries.
Be sceptical about everything you see or hear online
Here are some of the most important steps you can take to protect yourself from cyber threats by the advice from Jernej Galjanič. You should pay attention to any messages that seem suspicious or unusual, including unusual requests or strangely worded content. “Always check the authenticity of the information, as AI can create very convincing fakes,” says Galjanič, adding that there are tools to check AI-generated content, but they are not always 100 percent accurate.
Galjanič further advises to:
- update all security systems regularly,
- be careful when posting personal information online, as an attacker may be able to glean useful information from images or posts,
- keep passwords strong,
- use two-factor authentication,
- always make backup copies of important data,
- be restrained when responding to unsolicited or suspicious communications,
- check privacy settings on social networks and limit access to your personal data,
- be careful when agreeing to the terms and conditions of data processing.
“Businesses should have cybersecurity experts and invest in advanced threat detection tools. Smaller companies can hire external experts to advise them, while larger ones should consider setting up their own security operations center to continuously monitor and analyze developments in the IT environment, identify anomalies in operations and potentially dangerous attempted attacks or actual security incidents,” Galjanič advises.
Cybersecurity in the AI Era
Explore the impact of Artificial Intelligence (AI) on cyber security in this webinar recording. Discover AI-driven cyber threats and defense strategies with experts Erik Hren and Jernej Galjanič from …
About the author
Erik Hren
Cybersecurity analyst
Erik is a Cyber Security Analyst and XSOAR Engineer at NIL, specialising in monitoring and coordinating security incidents. His skills in automation, in particular in the XSOAR tool, help to optimise investigation processes. Among his key projects, he has integrated Azure OpenAI and other AI models, developed automation for logging man-hours in the SNOW tool, and worked on threats in the Cisco Umbrella environment. He earned a Master’s degree in Business Analytics from Fairfield University, updated his Python skills and published a research paper at HICSS 2020. In his free time, he enjoys martial arts, music, languages, and volunteering at Conscious Planet. Erik is a multi-faceted professional committed to learning and cross-cultural understanding.
Jernej Galjanič
Cybersecurity analyst
Jernej is a Cyber Security Analyst at NIL, his main role in the Security Operations Centre is to detect and prevent security incidents. In addition, as a Technical Account Manager for several clients, he is responsible for communication and coordination with their teams. He is currently working on the integration of Kenna Security with the Security Operations Centre’s existing systems, which will significantly improve the criticality assessment of vulnerabilities at clients. As a graduate in Electrical Engineering from the Faculty of Electrical Engineering in Ljubljana, Jernej combines theoretical knowledge with practical experience. In addition, his professionalism and dedication have been further recognised by the SC-200 and OSDA certifications, which certify his knowledge in the field of cyber security. Jernej is not satisfied with his existing knowledge, but strives for continuous education and growth in his rapidly evolving field. His approach to his work reflects a combination of technical sophistication and innovation, which enables him to effectively address the challenges in the field of cyber security.
Related
