AI's Role in Cyber Offense and Defense Strategies
Cyber attackers and defenders are utilizing AI, shaping both the offensive strategies employed by attackers and the defensive measures taken by security teams to combat evolving threats. As IT leaders evolve their security and data protection plans, implementing a cyber recovery plan is more critical than ever.
Realizing the immense potential AI has to revolutionize business operations, organizations are racing to capitalize on AI solutions such as generative AI (GenAI) and large language models (LLMs). But in the ever-evolving landscape of cybersecurity, the use of AI is a double-edged sword as it increasingly shapes the strategies of both cyber attackers and defenders.
Although ransomware attacks can infiltrate organizations through various means, a common underlying factor is social engineering, particularly phishing as it accounts for 24 percent of all breaches. GenAI has significantly simplified the task of creating very convincing phishing baits, making them more deceitful and effective than ever. In addition, intelligent automation is accelerating the velocity of these attacks. Hypothetically, an adversary who was sending 5,000 phishing emails before leveraging AI and automation is now capable of sending 20,000 emails — and it only takes one person to fall for it.
Recent high-profile incidents such as a hotel and casino giant's crippling social engineering attack serve as stark reminders of the devastating consequences of cyber breaches. The attack on the casino resulted in 10 days of downtime for their booking and reservation systems, leading to the theft of customers' personal information and costing the casino an estimated $100 million due to business disruptions. The repercussions extend far beyond financial losses, affecting customer trust and brand reputation.
As the acceleration of ransomware attacks ramps up, so should our defenses.
While having traditional business continuity and disaster recovery plans is necessary, it is not enough to combat today's cyber threats, especially when the survival of the business is at stake. Taking backup and recovery a step further, cyber recovery plans focus on optimizing recovery times for when access to and the functionality of an organization's critical data systems and IT infrastructure are compromised following a cyber attack. A well-structured cyber recovery plan outlines the steps to take before, during and after a cyber incident. It includes identifying critical assets, defining key roles and responsibilities, establishing communication protocols, and setting recovery time objectives.
As emerging threats become increasingly sophisticated, harnessing the power of AI becomes paramount to fortifying our cyber recovery capabilities.
With AI, cyber recovery capabilities can be enhanced by real-time anomaly detection, incident response automation and remediation. For example, machine learning (ML) can quickly analyze and detect signs of intrusion and malware in data storage, whether it is real-time storage or an offline copy. And by leveraging AI to optimize data recovery, it can prioritize the recovery of the most crucial assets and streamline the restoration process.
Recommended reading: Preparing for Ransomware in the Age of Generative AI
Key considerations
Combining human expertise with AI-driven tools creates a more robust and adaptive approach to cyber resilience which is the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on cyber resources. Some considerations to keep in mind as you go down the path of leveraging AI as a valuable tool in your cyber recovery plan:
Define AI objectives in alignment with business priorities: Clearly define how AI will support and enhance business priorities. This information is crucial for implementing robust data protection measures, such as encryption, access controls and monitoring, to safeguard against unauthorized access and data breaches.
Establish an AI Center of Excellence (CoE): This internal team will be tasked with oversight of all AI initiatives and ensuring AI business outcomes are achieved in a responsible, cost-effective, trustworthy and secure manner.
Inventory and classify your data: Identifying and cataloging all data assets within an organization helps establish a comprehensive understanding of what needs to be protected. This is essential for implementing targeted security measures to safeguard and recover sensitive and critical information.
Assess current AI usage: Evaluate existing AI applications and initiatives within the organization to know how your end users are using these solutions to proactively manage risks. This includes mitigating potential security vulnerabilities, addressing ethical concerns and ensuring that AI applications adhere to regulatory requirements.
Educate users on AI best practices and responsible AI usage: Provide education and guidelines to users regarding AI best practices. Encourage employees to align their AI usage with organizational policies and security standards to mitigate potential risks.
Test data protection solutions: Evaluate new data protection solutions in proof-of-concept environments to determine if they will positively affect your organization and achieve desired security objectives before implementing them into your environment.
Securing tomorrow
In the face of escalating cyber threats, the imperative to leverage AI for cyber resilience has never been clearer. By embracing AI-driven cyber recovery capabilities, organizations can mitigate risks, minimize downtime, safeguard sensitive data and uphold business continuity in an increasingly hostile landscape. As we chart the path forward, the integration of AI into cyber recovery strategies will undoubtedly be pivotal in safeguarding the future of enterprise resilience and security.
This report may not be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, recording, or otherwise, without the prior express written permission of WWT Research. It consists of the opinions of WWT Research and as such should be not construed as statements of fact. WWT provides the Report "AS-IS", although the information contained in Report has been obtained from sources that are believed to be reliable. WWT disclaims all warranties as to the accuracy, completeness or adequacy of the information.