Page 79 - Cyber Defense eMagazine August 2023
P. 79
How hackers are using AI to their advantage
The introduction of generative AI has given hackers the opportunity to automate and simplify their process
of creating spear phishing attacks. With these AI tools, malicious actors only require a few pieces of
information, such as personal or professional email addresses or phone numbers. The AI will then sift
through social media and the Internet to find additional information, such as a job title, community
affiliations, etc.
Using this data, hackers can tailor spear phishing emails to the individual, have them automatically
generated and quickly sent, while simultaneously dispatching different versions to multiple target victims.
As a next step, threat actors can then use Generative AI to quickly adapt and optimize their messages
based on success rates, with little effort.
A “human firewall” is your best defense
The best line of defense for companies to combat cyberattacks is to establish a sustainable security
culture. This includes having a “human firewall” – meaning employees have been trained to be well-
versed to recognize potential cyberattacks. To help implement these preventative measures, companies
need to utilize the “Mindset - Skillset - Toolset” triad.
Mindset: Raise the cybersecurity awareness of employees. Although IT tools are helpful, blind trust in
them may lead to not properly vetting potential phishing attacks and email traffic.
Skillset: Combine theory and simulation to educate employees on cyberattack methods and realistic
phishing simulations. Paired with general knowledge, these simulated attacks will help strengthen their
understanding of phishing emails and how to identify them.
Toolset: Install tools and implement processes to thwart potential attacks and strengthen employees’
security behavior. These tools will help identify attacks and encourage safe habits.
Choose the right amount of cybersecurity knowledge to share
As cyberattacks become more sophisticated, IT managers have many tools, methods, and programs to
train their employees to fight against them and to enhance good cybersecurity habits. It is imperative to
train employees on these potential risks, but companies must be careful to not overwhelm them with
information or training – for example, employees should not be required to know in detail about endpoint
detection software, digital firewalls, or network monitoring tools – which may lead to defensiveness and
resistance.
What employees need to be familiar with are the knowledge and tools they will use on a daily basis. This
includes educating the team on how to identify and report suspicious emails, understanding proper
password management, and implementing multi-factor authentication (MFA).
Cyber Defense eMagazine – August 2023 Edition 79
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.