Generative artificial intelligence (AI) is quickly changing the world and making headlines. And businesses of every stripe are embracing its potential, with IDC forecasting that worldwide spending on AI-centric systems will reach $154 billion in 2023 and rise to more than $300 billion in 2026. We think that’s a conservative number.
Unfortunately, there’s also a dark side to AI that’s making headlines. Cybersecurity firm SlashNext recently confirmed how quickly hackers are adopting AI after discovering WormGPT—ZDNet calls it “ChatGPT’s malicious cousin”—a tool being promoted for sale on a hacker forum “designed specifically for malicious activities.”
Even more frightening, SlashNext conducted tests focusing on business email compromise (BEC) that produced “unsettling” results. WormGPT created a “not only remarkably persuasive but also strategically cunning” email to pressure an account manager into paying a fraudulent invoice. That tells you that a single malicious email can unlock the door to your data, where hackers can encrypt it and then send you the ransomware note. Because your backups are almost always targeted in an attack, they are equally at risk. And fresh on the heels of WormGPT, a new malicious cybercrime AI tool called FraudGPT has shown up on dark web marketplaces.
The new vulnerabilities that AI has exposed demand that you do more to ensure your data is resilient, even in the face of ever more sophisticated attacks. Here are a few steps you should take:
Employ Advanced Cybersecurity Technologies
The best way to fight back against AI is by using AI. That’s why Arcserve Unified Data Protection (UDP) safeguards your data with Sophos Intercept X Advanced for Server, a security platform that protects your cloud, on-premises, or hybrid environments using deep learning AI that proactively prevents attacks. It also includes anti-exploit, anti-ransomware, and control technology that stops threats before they can wreak havoc on your systems.
AI is being employed across the cybersecurity landscape because it can quickly analyze and detect unusual activity that may indicate insider threats. AI is also being used to analyze network traffic, identify possible intrusions, and analyze relationships between threats—malicious files or suspicious IP addresses, for example. From your endpoints to your data center and up to the cloud, invest in cybersecurity solutions that leverage AI so they can adapt as the technology evolves.
Implement Zero Trust Cybersecurity
A zero-trust approach to cybersecurity assumes that no entity should be trusted by default, only granting access to what a user needs and nothing more.
A zero trust posture employs Identity and access management (IAM) technologies, including multifactor authentication (MFA) and role-based access controls (RBAC). With MFA, two or more verification methods are used to ensure the person attempting to access your resources is who they say they are, while RBAC limits access only to the resources necessary for an individual to do their job.
Biometrics adds another layer of protection against the malicious use of AI. In a recent Cybermagazine.com article, the CEO of digital identity company Incode says, “AI-powered liveness detection comes into play, which ensures the integrity of a biometric match by distinguishing both ID and liveness via AI. The technology uses facial recognition to determine if a biometric sample is being captured from a living subject who is present at the point of capture; in other words, a real, live person behind the screen.” While at this point, it isn’t clear that biometrics can solve the problem in the long term, it’s another step you can take to protect your data.
While these measures may not directly prevent AI from hacking into networks, they put more obstacles in the hacker’s path. Learn about the Cybersecurity and Infrastructure Security Agency (CISA Zero Trust Maturity Model here.
Teach Your Team About Cybersecurity
The Verizon 2023 Data Breach Investigations Report found that 74 percent of all breaches include the human element, whether due to error, privilege misuse, stolen credentials, or social engineering.
That’s why the SlashNext BEC test described above is telling. You must train everyone on spotting suspicious or malicious emails and websites and how to avoid helping hackers overcome your defenses. Regular testing keeps everyone on their toes, especially when the results of a successful test attack are shared with the entire team so everyone can learn from the experience. Most importantly, ensure everyone knows where to turn if they are unsure if a threat is present.
Use Immutable Backups
For now, immutable storage is one of your best defenses against AI-driven attacks. For example, the Arcserve OneXafe network-attached storage file system is based on an immutable object store, with every object written only once and never modified. Any modification you make to the file system always creates a new object, delivering continuous data protection (CDP) by taking low-overhead snapshots— a view of the file system at the instant the snapshot is taken—every 90 seconds.
Since the underlying objects are immutable and cannot be changed, the snapshots inherit this immutability so that an external source can’t change or modify it. Indeed, hackers are very likely working on overcoming immutability using AI, but it’s one more weapon you can put in your arsenal today as you fight back.
Talk to a Data Resilience Expert
Arcserve technology partners have the expertise and experience to help you figure out the best way to achieve data resilience within your organization. Find an Arcserve technology partner here.
You May Also Like
- Channel: MSPs / VARs / SIsSeptember 27th, 2023
- Backup and Disaster Recovery Business Continuity Cybersecurity Data Resilience
Enhancing Data Resilience With Deep-Learning Cybersecurity Solutions, Immutable Storage, and Scalable Business ContinuitySeptember 26th, 2023
- Channel: MSPs / VARs / SIsSeptember 21st, 2023