Nobody is able to see into the future. However, when it comes to cybersecurity trends, two of our Presidio Chief Information Security Officers (CISOs) can certainly give us some predictions in order to stay prepared for the unknown.
Dan Lohrmann, Field CISO for Public Sector, and Dave Trader, Field CISO, join us again to recap the trends and developments that shaped 2023 and dive into potential disruptions and risks that await us in this new year.
From GenAI rocking the workplace to sophisticated phishing scams breaking into enterprises, Dan and Dave explain their take on what to watch out for in the coming months.
New developments within GenAI and their implications on cybersecurity
Unlike 2023, this year we’re well prepared and aware of how AI applies to the cybersecurity world—and the tech world as a whole—and what that means for cybersecurity professionals.
“Almost every vendor talks about how GenAI is going to be the top issue, with different specific things under that,” Dan says.
Top of the list is how GenAI is fostering a “Bring your own AI to work” trend that could prove to be a hindrance to reliable data security.
“What is happening is employees are bringing their own AI,” Dan continues. “Whether it be on your phone, using ChatGPT, using bars, using different generative AI apps, etc. Companies and governments are having to deal with that.”
The rise of personal AI also raises the question: How do you make sure sensitive company data isn’t leaking?
“Reducing that threat landscape is major for any company, being able to get down right to it and say, ‘If I make these seven changes, I increase my cybersecurity posture and its benefit by 10 fold.’ A good way to leverage GenAI is by using it to distill something down like that. I’m very impressed with that. Our partners continue to innovate with this as fast as possible,” Dave says.
New regulations and policies are sure to slip onto the scene as more and more companies grapple with the lasting effects of personal AI and the risks that come with unregulated devices and apps in use within a business setting.
Why you should be on the lookout for increasingly sophisticated AI-based scams
You may have heard the stories about phone scams targeting elderly folks, using the doctored sound of their grandchild’s voice to ask for money urgently. Most times, these recordings are so believable it’s likely they’ll run into little to no resistance unless the family member checks with the person supposedly asking for aid to confirm the situation.
Leveraging emotions is not a new trick from scammers, but the approach is entering a newly refined stage that makes it harder to determine what’s real and what’s not.
This threat doesn’t stop at phone calls—text messaging scams are also becoming more and more common and should be taken seriously.
“The texts say something along the lines of ‘This is XYZ bank, there’s been a security incident, click here; we’ll take care of it for you,’ and people click on those text messages. Those are attacks that at many times are coming in this new threat environment,” Dan says.
Deepfakes, fabricated audio, and text scams are only going to become more prevalent as we move into election season. Dan implores us to check sources and take every headline, video clip, and piece of “breaking news” with a grain of salt to protect our sense of reality.
The increased sophistication of cyber threats and attacks
As much as AI “levels the playing field” in terms of creative works and processes, it also provides a clearer path for bad actors who would, perhaps otherwise, not have the ability to enact their attacks.
“They say, ‘This is the company—or this is the government—this is what I know about them, and I want to have spear phishing attacks against this target, create the attack for me that will be most effective and successful,’ And there are tools that will do that, and so, AI-based phishing takes off in 2024,” Dan says.
Nowadays, bad actors aren’t hacking their way in; they’re logging in—they trick employees into giving them the required credentials or purchase login information on the dark web and waltz into company networks to enact ransomware attacks from the inside.
“There is no barrier of entry anymore, especially with GenAI. I know eight-year-olds that can launch attacks like this now,” Dave says.
There are a few main ways to avoid such attacks:
- Don’t reuse your passwords
- Update passwords regularly
- Don’t respond to unfamiliar messages
Companies of all sizes must take careful and intentional steps to train their teams in best practices for protecting company data and warding against attacks. The best defense against sophisticated bad actors is education and diligent training.
Want to learn more about how GenAI is affecting the cybersecurity landscape? Listen on Apple Music, Spotify or wherever you find your podcasts.