How hackers are using AI to their advantage

            The introduction of generative AI has given hackers the opportunity to automate and simplify their process
            of creating  spear  phishing  attacks.  With  these  AI tools,  malicious  actors  only  require  a few  pieces  of
            information,  such as personal or professional  email addresses  or phone numbers.  The AI will then sift
            through  social  media  and  the  Internet  to  find  additional  information,  such  as  a  job  title,  community
            affiliations, etc.

            Using  this  data,  hackers  can  tailor  spear  phishing  emails  to  the  individual,  have  them  automatically
            generated and quickly sent, while simultaneously dispatching different versions to multiple target victims.
            As a next step, threat actors can then use Generative  AI to quickly adapt and optimize  their messages
            based on success rates, with little effort.



            A “human firewall” is your best defense

            The  best  line  of defense  for companies  to  combat  cyberattacks  is  to establish  a  sustainable  security
            culture.  This  includes  having  a  “human  firewall”  –  meaning  employees  have  been  trained  to be  well-
            versed to recognize potential cyberattacks. To help implement these preventative measures, companies
            need to utilize the “Mindset - Skillset - Toolset” triad.

            Mindset:  Raise the cybersecurity  awareness  of employees.  Although IT tools are helpful,  blind trust in
            them may lead to not properly vetting potential phishing attacks and email traffic.

            Skillset:  Combine  theory  and  simulation  to  educate  employees  on  cyberattack  methods  and  realistic
            phishing simulations.  Paired with general  knowledge, these simulated attacks will help strengthen  their
            understanding of phishing emails and how to identify them.

            Toolset:  Install  tools and  implement  processes  to thwart  potential  attacks  and  strengthen  employees’
            security behavior. These tools will help identify attacks and encourage safe habits.



            Choose the right amount of cybersecurity  knowledge to share

            As cyberattacks become more sophisticated,  IT managers have many tools, methods, and programs to
            train their employees to fight against them and to enhance good cybersecurity habits. It is imperative to
            train  employees  on  these  potential  risks,  but  companies  must  be  careful  to not  overwhelm  them  with
            information or training – for example, employees should not be required to know in detail about endpoint
            detection software, digital firewalls, or network monitoring tools – which may lead to defensiveness  and
            resistance.

            What employees need to be familiar with are the knowledge and tools they will use on a daily basis. This
            includes  educating  the  team  on  how  to  identify  and  report  suspicious  emails,  understanding  proper
            password management, and implementing multi-factor authentication (MFA).








            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               79
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.