《理特咨詢：2024AI對網絡安全的雙重影響分析報告：AI時代下企業如何應對網絡威脅 把握機遇（英文版）（12頁）.pdf》由會員分享，可在線閱讀，更多相關《理特咨詢：2024AI對網絡安全的雙重影響分析報告：AI時代下企業如何應對網絡威脅 把握機遇（英文版）（12頁）.pdf（12頁珍藏版）》請在三個皮匠報告上搜索。

1、2024AI IN CYBERSECURITY How companies can navigate cyber threats&exploit opportunities in the age of AIAI is rapidly evolving from a set of complex expert tools to a user-friendly technology thats substantially impacting the cybersecurity landscape.Even as AI enhances threat detection and response,i

2、t provides cybercriminals with multiple new attack methods.Additionally,when AI systems within organizations are not properly secured,they can introduce new vulnerabilities.This Viewpoint explores the dual nature of AI in cybersecurity and helps companies understand how to defend themselves against

3、emerging threats.AUTHORSMaximilian ScherrIgor StepanovDaria BryzhytskaPawel JablonskiMichael PapadopoulosTom TeixeiraVIEWPOINTAI IN CYBERSECURITY AI IS ALREADY AN INTEGRAL PART OF MODERN TECHNOLOGYAI is at a turning point,shifting from specialized machine learning(ML)and other techniques that requir

4、e skills training to versatile,user-friendly techniques based on generative AI(GenAI).AI is already an integral part of modern technology,and cybersecurity is no exception.In fact,AI can be leveraged for both defensive and offensive actions:improving organizations ability to detect and respond to cy

5、ber threats while giving cybercriminals tools to launch more sophisticated and targeted attacks.AI-based tools introduced into corporate IT ecosystems can also be a source of new vulnerabilities if theyre not integrated using stringent security measures.This increases the organizations attack surfac

6、e,making it more vulnerable to cyber threats(see Figure 1).AI IS TRANSFORMING CYBERSECURITYImagine youre the COO of a production company and you get a call from the head of procurement asking you to approve an urgent purchase to ensure your business continues to run smoothly.Because you understand t

7、he urgency and have worked with the person for many years,you do not question the request.A few days later,you meet with her and ask whether everything worked out with the purchase but she has no idea what youre talking about.Suddenly,you realize the call quality wasnt that good and came through a t

8、hird-party messenger app,although it was definitely her voice and usual speech patterns.You couldnt see her face,but you didnt need to because there was nothing suspicious about the call at that moment.Of course,it is now too late:the transaction went through,and its irreversible.This is not fiction

9、 it happened to a finance worker at a multinational company earlier this year.Source:Arthur D.LittleFigure 1.AI-based hacking shifting from highly specialized machine learning to future AI technologies Source:Arthur D.LittleFigure 1.AI-based hacking shifting from highly specialized machine learning

10、to future AI technologies PRESENTMID-TERM FUTURELONG-TERM FUTUREPASTAI acting independentlyNew approachesdeveloped by AIAI-assistedAI-drivenClassic/manual hackingUses ML to generate personalized,convincing emails that bypass phishing detectionSends manual phishing emailML used to analyze data,includ

11、ing email content&user interactions,to identify/flag patterns associated with phishing attacksAI synthesizes online data on the target&its connections,generates convincing video/audio impersonation in real timeAutomated real-time anomaly detection&threat response(e.g.,blocking/reporting phishing ema

12、ils before damage is done)Receives phishing email&relies on best judgment on how to actAI technology maturityDegree of AI use by hackers&cyber defendersCyber defendersHackersNoneSpecializedFuture tech(GenAI&others)Super AI(aka true AI)Example:Social engineeringVIEWPOINTARTHUR D.LITTLE2AI IN CYBERSEC

13、URITY 1.Efficiency.AI techniques have already made hackers more efficient through automation and optimization.Recently released AI-based tools let hackers quickly generate malicious code and help them conduct tailored hacking attacks on specific environments.2.Effectiveness.AI-enabled attacks are in

14、creasing effectiveness through enhanced social engineering techniques,AI-coordinated lateral movements in hacked environments,and adaptive malware.These attacks are also more sophisticated;for example,social engineering attacks are more personalized to their target and can adapt in real time(making

15、detection more difficult).3.Transformation.AI will transform cyberattacks by creating completely new capabilities and adaptability levels.As with generative adversarial network(GAN)malware,AI-based malware can rapidly change to avoid detection by automated tools.Worse,it has high levels of autonomy

16、and self-development;more advanced versions might only require a knowledge of the hackers goal once delivered to the system,it would find ways to achieve the goal on its own.HACKERS ARE WEAPONIZING AICurrent AI developments give hackers a strong advantage,helping them launch more cyberattacks that p

17、ose significant threats to individuals,businesses,and governments worldwide.Security professionals are seeing the impact:CANCOM reports a 257%surge in consolidated and verified incidents in 2023(see Figure 2).During the same period,events grew by 82%(alerts and critical alarms grew by 64%and 42%,res

18、pectively).This shows that despite cyber-defense mechanisms,on average,hackers have been more successful (the number of confirmed incidents grew significantly faster than the underlying events).Furthermore,according to a Deep Instinct survey,75%of security professionals in the US witnessed an increa

19、se in attacks over the past 12 months,with 85%of those professionals claiming the rise comes from bad actors using GenAI.Arthur D.Little(ADL)has identified some common patterns in AI integration,including how it can change a companys business model(see Figure 3).In the first wave,AI can increase eff

20、iciency through automation.Next,it increases effectiveness by enhancing skills.Finally,its a catalyst for creating new business models.We see the same pattern in the development of AI-enabled security threats:Source:Arthur D.Little,CANCOMFigure 2.Surge in incidents,20222023 Source:Arthur D.Little,CA

21、NCOMFigure 2.Surge in incidents,20222023 20232022+82%+64%+42%+257%EventsAlerts generatedCritical alarms analyzedConsolidated&verified incidents3.4 trillion31.7 million1.8 million3,817VIEWPOINTARTHUR D.LITTLE3AI IN CYBERSECURITY Forecast 2024”report predicts phishing will be significantly enhanced by

22、 AI in 2024.New,widely available deepfake technologies are emerging that create a close replication of a persons voice based on a small audio sample,making impersonation extremely accessible.Deepfake technology,especially voice emulation,can create highly personalized,targeted attacks based on victi

23、m profiles,optimizing timing and frequency.AI can adapt and learn from the feedback and responses of the victims and modify its tactics accordingly.This can increase the success rate and impact of the cyberattacks while minimizing effort and cost.Real-life applications have already appeared,includin

24、g a fake video of Indias National Stock Exchange CEO in which he appears to provide financial investment advice.Currently,AI is mainly being used to make hackers more efficient in the early stages of an attack.In the industry-standard Lockheed Martin Cyber Kill Chain shown in Figure 4,we see that AI

25、-based tools are being used in the reconnaissance stage and(to some extent)in the weaponization stage.We expect to see more diverse and smarter tools in the near future;DeepLocker is already launching tools that can be used in the delivery stage.The most common AI-driven attack type is social engine

26、ering,comprising 83%of all cyberattacks.The danger level has increased with AI:Darktrace research reported a 135%increase in“novel social engineering attacks”among thousands of active email-protection customers from January to February 2023(ChatGPT was released on 30 November 2022).This threat is ex

27、pected to increase:Googles“Cloud Cybersecurity Source:Arthur D.LittleFigure 4.Stages of a cyberattack Source:Arthur D.LittleFigure 3.AI integration patternsCommon usage Pioneeringnew businessNew business model creationNew revenue streamsImproved product development More effective marketing&sales(e.g

28、.,individual product,individual pricing)Core functions(e.g.,customer service)Non-core functions(e.g.,AI-based tax-return automation)Personal research for general informationPublicly available tools(ChatGPT)Use casesIndividual/personal Increase efficiency Increase effectivenessNew monetization models

29、Cyber-security use casesDevelop completely new hacking techniquesCreate more dangerous malicious codeDevelop automated ransomwareProvide guidance on hacking techniques Customize attacks in high volumeCyber defendersHackersAI-based tools independently protect company from cyber threatsSignificant inc

30、rease in percent of security incidents detectedAutomatically take first remediation actionsAutomate threat detectionReduce cyber-specialist time spent on noncomplex tasksSource:Arthur D.LittleFigure 3.AI integration patternsSource:Arthur D.LittleFigure 4.Stages of a cyberattack WeaponizationDelivery

31、 ExploitationInstallationCommand&controlAction on objectiveReconnaissancePhase 1Phase 7Phase 2Phase 3Phase 4Phase 5Phase 6LOCKHEED MARTIN CYBER KILL CHAINNOWFUTUREVIEWPOINTARTHUR D.LITTLE4AI IN CYBERSECURITY NEW AI ECOSYSTEMS INCREASE ORGANIZATIONS ATTACK SURFACESIn addition to threats from direct A

32、I weaponization,the increased integration of AI into corporate IT systems(and,eventually,operating technology)poses a significant danger.As companies accelerate the development of AI ecosystems,they are inadvertently creating new opportunities for hackers.Gartner predicts that by 2026,more than 80%o

33、f enterprises will have used GenAI application programming interfaces(APIs)or models and/or deployed GenAI-enabled applications in production environments.This presents a concern for most organizations as it creates new vulnerabilities in their IT landscapes.However,companies have control over their

34、 AI integration approach,which means that implementing appropriate and proactive security measures to protect their IT environment is within their power.Attacks on current GenAI models could lead to AI model theft,data manipulation,and/or data poisoning.Vendor rush and the deployment model used(e.g.

35、,which integrations are set up)could amplify this environment.Importantly,non-AI elements of the ecosystem(e.g.,databases and applications)can often be accessed,increasing the potential damage.For example,in a test environment,researchers demonstrated that prompt injections are an effective method o

36、f hacking a database in an AI ecosystem(the AI model itself was not compromised).This highlights that the approach to AI integration is as important as the security of the model itself(see Figure 5).THE RANGE OF TOOLS AVAILABLE TO CYBERCRIMINALS IS EXPANDINGA large number of AI code-generation tools

37、 have recently appeared,including WormGPT,FraudGPT,Wolf-GPT,and Predator.Although we do not yet know how effective and impactful these tools are and the development trajectory of specific tools remains uncertain(WormGPT closed within two months of launching due to claimed negative publicity,and many

38、 similar products are suspected to be fake)the range of tools available to cybercriminals is certainly expanding.“We expect over time as adoption and democratization of AI models continue,these trends will increase,”warned an FBI official in a 2023 statement.At the same time,organizations are strugg

39、ling to hire and retain cybersecurity specialists.Gartner predicts that by 2025,lack of talent or human failure will be responsible for more than half of all significant cyber incidents.As AI implementation and the discrepancy between hackers and defenders accelerate,it will be even harder to close

40、the cybersecurity gap.Many companies are already facing an uphill battle as they try to close the gap.Total spending due to cyber breaches is predicted to grow(US$10.5 trillion by 2025 versus$3 trillion in 2015 according to Cybersecurity Ventures),but cybersecurity budgets only increased 6%on averag

41、e in 2023,compared to 17%in 2022,according to a study from IANS and Artico.VIEWPOINTARTHUR D.LITTLE5AI IN CYBERSECURITY To ensure safety,companies must develop AI systems using sound architectural principles.AI outputs should be verified,its actions should be controlled,and its access to sensitive d

42、ata should be restricted.AI creates novel security challenges(e.g.,data leakage),but fundamental security practices remain essential,including data protection,system visibility,and software updates.HOW TO RESPONDA solid cybersecurity program is more essential than ever to address emerging threats an

43、d ensure a strong basis for new technology implementation.The first line of defense against AI-based hacking is conventional cybersecurity measures.Defensive AI capabilities and tools can help counter hackers improved efficiency and effectiveness(and the inevitable progress to the“transformation”wav

44、e of AI integration),but basic cybersecurity hygiene comes first.New security challenges can only be successfully met from a solid cybersecurity foundation.THE FIRST LINE OF DEFENSE AGAINST AI-BASED HACKING IS CONVENTIONAL CYBERSECURITY MEASURESIn numerous conversations with business leaders,we disc

45、overed that although most believe their companies follow all cybersecurity best practices,a close look at their security teams usually reveals thats not the case.Figure 6 lists four examples of basic security questions.Unless you can provide a detailed answer to each,you should strongly consider rea

46、ssessing your cybersecurity strategy.For a more in-depth look at the cornerstones of cybersecurity strategy and the first steps toward comprehensively assessing your companys performance,see the ADL Viewpoint“Being Concerned Is Not Enough,”which features a comprehensive,proven cybersecurity measurem

47、ent framework.RAG=Retrieval-augmented generation Source:Arthur D.LittleFigure 5.Example of a GenAI ecosystem attackRAG=Retrieval-augmented generationSource:Arthur D.LittleFigure 5.Example of a GenAI ecosystem attackUser clientPrompt injection via emailHackerGenAIRAG(enrichment of query by company da

48、ta)Original queryEmail containing malicious prompt in text or imageCompany databaseData request to enrich original queryEnriched queryData necessary for an accurate prompt to the AI model+the malicious prompt+exfiltrated sensitive data!Database poisoningExample:Generate a response to this email&emai

49、l text with malicious promptExample:Original query+data about previous conversations+malicious prompt that“jailbreaks”the GenAIAnother client or AI ecosystemExample:AI plug-in for automatic generation of email responsesMalicious prompt is now stored in database&will be included in every new email ge

50、nerated by AI toolEmail with malicious promptAI ecosystemVIEWPOINTARTHUR D.LITTLE6AI IN CYBERSECURITY DEVELOPING AI-BASED DEFENSES The increased quantity and quality of AI-based attacks calls for AI-based solutions.AI cant replace humans,but humans cant replace AI,either.These solutions must include

51、 ways to securely integrate AI-based instruments into the corporate IT landscape.Increasingly,companies and governments view AI as a serious cybersecurity enhancer and are starting to act.According to Gartner,86%of decision makers believe the use of AI technology in cybersecurity tools will reduce t

52、he success of zero-day incidents(novel security events).IBMs survey of companies with more than 1,000 employees in more than 10 countries found that IT professionals believe more AI and automation in toolsets is the best way to improve threat-response times.Governments also expect value from AI the

53、US government recently announced a challenge with a$20 million prize fund in which hackers must compete using AI in cybersecurity.CEOs must ensure that cybersecurity is a high priority throughout the company,from top executives to part-time interns.Many business leaders mistakenly believe that only

54、dedicated specialists can address cybersecurity,and the same myth exists for AI.The truth is,its a strategic topic concerning the entire C-suite and board of directors.Security is not a direct source of business growth,but according to Sapio Research,19%of business decision makers admit that a lack

55、of cybersecurity credentials impacts their ability to win new businesses.Executives must make cybersecurity a strategic priority and highlight the AI challenge within it.Surprisingly,IT leadership involvement in AI security in this topic is limited:according to Gartner,although 93%of surveyed IT and

56、 security leaders said they are at least somewhat involved in their organizations GenAI security and risk management efforts,only 24%reported that they own this responsibility.Employees are ultimately responsible for their own security,especially given the number of social engineering attacks.Traini

57、ng employees to be vigilant and aware of security fundamentals is a crucial part of protecting the company from threats.Source:Arthur D.LittleFigure 6.Can you answer these basic cybersecurity questions?Source:Arthur D.LittleFigure 6.Can you answer these basic cybersecurity questions?4 KEY CYBERSECUR

58、ITY QUESTIONS1.How many critical vulnerabilities do you have per server?What is the associated coverage of vulnerability scanning in IT&OT?2.When was the last time you conducted a board-level cybersecurity exercise?3.What are your weakest cybersecurity areas/functions?What is the associated business

59、 risk in dollars?4.After a ransomware attack,what proportion of your IT/OT data can be recovered within 24 hours/3 days after an attack?INDICATIONS OF SIGNIFICANT PROBLEMSDont know in detail/about 5(coverage less than 95%)Never/more than a year agoDont know/we dont chargeDont know/small proportionGO

60、OD ANSWERSIncluding month-to-month development,currently less than 0.3 per server with 99%coverage2 within the last 12 monthsDomain XY(e.g.,cryptography,especially for remote maintenance by provider X)/less than Y million dollars24 hours:85%3 days:98%VIEWPOINTARTHUR D.LITTLE7AI IN CYBERSECURITY -Fra

61、ud detection.AI systems can detect patterns indicative of fraudulent activities,such as unusual transaction volumes or anomalous credit card usage,and alert security personnel.-Security incident simulation.AI can assess an organizations security posture by simulating attacks and predicting potential

62、 breaches,enabling proactive security enhancements.ADL has successfully applied this approach as part of cybersecurity assessments,incorporating AI-enabled reconnaissance and weaponization(penetration testing)stages.The tools employed were capable of pinpointing potential system vulnerabilities,with

63、 all high-confidence/high-warning and medium-confidence/high-warning alerts examined.To complete the assessment,human intervention was required to investigate false positives(basic alert checks were performed on those found to be potential issues).-Regulatory compliance.Using scanning and vast data

64、sets analysis capabilities,AI enables front-runners to better manage cybersecurity compliance.ADL has been leveraging this technology to evaluate compliance with International Electrotechnical Commission(IEC)62443-4-1,IEC 62443-4-2,and EN 18031 standards.In our approach,we design questionnaires for

65、the AI model to test conformity to these standards in an efficient and consistent manner.These tools help comprehensively address the cybersecurity compliance scope and assist in developing an accelerated plan to address the latest EU regulations.(An upcoming Viewpoint will explore optimizing effici

66、ency with a combination of machine and human capabilities.)Unlike malicious hacking,in which tools being released now mostly focus on reconnaissance/weaponization,defense tools currently being developed focus on a wider range of cybersecurity areas,such as attack prevention,infiltration detection,an

67、d threat processing.For example,AI tools can help prevent attacks by identifying vulnerabilities,managing access,and detecting phishing.When a breach occurs,AI can quickly detect it,automate response actions,and streamline incident handling for security teams.We expect AI tools to provide support in

68、 the following areas:-Anomaly detection.AI algorithms can continuously monitor network traffic and identify unusual patterns that could indicate a breach,spotting threats that traditional methods might miss.Anomaly detection of this type is still in its early stages,but when its full potential is ac

69、hieved,it will effectively solve the zero-day vulnerability problem,currently the most powerful exploit.-Threat intelligence.AI can analyze vast amounts of data to predict and identify emerging threats,helping organizations stay ahead of new malware,ransomware,and other threats.-Automated response.A

70、I can automate responses to detected threats,quickly isolating affected systems and blocking malicious activities,reducing attackers window of opportunity.-Vulnerability management.AI can scan and analyze networks and external perimeters for vulnerabilities,prioritizing them based on potential impac

71、t and suggesting the most suitable mitigation strategies.-Phishing detection.Using natural language processing and ML,AI can identify and filter out phishing emails and other social engineering attacks before they reach end users.VIEWPOINTARTHUR D.LITTLE8AI IN CYBERSECURITY TIME-CONSUMING THREAT INV

72、ESTIGATION AND FALSE-POSITIVE IDENTIFICATION ARE TOP ISSUES FOR CYBERSECURITY SPECIALISTSIn the near future,we will likely see the application of AI both deeper and wider,covering most cyber domains except governance narrow AI is not capable of replacing human problem-solving and decision-making cap

73、abilities.Because these tools will create vulnerabilities,they must be implemented carefully,applying all deployment best practices.IT industry leaders are actively developing and sharing relevant expertise through publicly available frameworks,including Googles Secure AI Framework,Microsofts Respon

74、sible AI Toolbox,Amazons GenAI Security Scoping Matrix,and the Open Worldwide Application Security Project(OWASP)AI Checklist.These and other frameworks look at the problems from various angles,from core security guidelines to providing toolboxes for AI implementation.They discuss defending against

75、AI-specific threats by implementing least-privilege control for AI tools,sanitizing inputs and outputs,and putting a human in the loop where feasible.Robust governance structures must accompany this effort to ensure the responsible use of AI,comprehensive data security,and clear ownership of securit

76、y processes.This combined approach will provide greater visibility into potential threats and granular control over security responses.AI-based solutions provide security benefits and make employees more efficient and effective.For example,AI-based defensive tools show promise in improving the effec

77、tiveness of cybersecurity specialists.Bugcrowds survey of white hat hackers found that they acknowledged the importance of GenAI tools like ChatGPT in their work,with 21%stating that AI is already outperforming them in penetration testing.Time-consuming threat investigation and false-positive identi

78、fication are top issues for cybersecurity specialists,so we expect this to be a major development area for AI-based tools.IBMs study found that 46%of global respondents said their average time to detect and respond to a security incident increased over the past two years.Over 80%reported that manual

79、 investigation of threats slows down their overall threat-response times.Deep Instincts research shows that false-positiverelated work accounts for more than two working days of lost productivity per week.Gartners interviews with nearly 50 security vendors found that,overwhelmingly,their first expec

80、tation from AI is to mitigate false positives.The AI-enhanced tools already on the market generally fall under three groups:1.Phishing-detection tools use ML-or AI-based technology(e.g.,IRONSCALES Themis,PhishML part of PhishER,Hacker AI,and Cortex XDR)2.Full-defense tools aim to cover various stage

81、s of the cybersecurity process(e.g.,Google Cloud AI and Darktraces AI tools)3.AI-based penetration tools created for ethical hacking and optimizing the work of white hat hackers(e.g.,Mayhem,DeepExploit,Pentoma,and Wallarm)VIEWPOINTARTHUR D.LITTLE9AI IN CYBERSECURITY Unlike conventional cybersecurity

82、 measures,AI-based defense tools act as enhancers and will not shield you on their own.From an operational perspective,overreliance on AI-based defense tools can create a“black box”effect,in which business leaders blindly trust AI decisions without understanding the reasoning behind them,potentially

83、 leading to bad business and security decisions.To defend against emerging cybersecurity threats,companies should:1 Evaluate their cybersecurity strategy,starting with ensuring that a series of basic security questions can be answered in detail.2 Make cybersecurity a strategic priority,involving sen

84、ior leaders and the entire board.3 Leverage AI cyber-defense tools,being careful not to expose the organization to additional threats.All new tools come with potential threats and should be integrated using stringent security measures.4 Develop AI capabilities to combat AI-based attacks,recognizing

85、that AI can augment,but not replace,human effort.Employees are the gatekeepers to your companys security,so they must be carefully trained to be vigilant about security fundamentals.AI-BASED DEFENSE TOOLS ACT AS ENHANCERS AND WILL NOT SHIELD YOU ON THEIR OWNCONCLUSION AVOID THE BLACK BOX EFFECT1 0VI

86、EWPOINTARTHUR D.LITTLEAI IN CYBERSECURITY VIEWPOINTARTHUR D.LITTLE1 1Arthur D.Little has been at the forefront of innovation since 1886.We are an acknowledged thought leader in linking strategy,innovation and transformation in technology-intensive and converging industries.We navigate our clients th

87、rough changing business ecosystems to uncover new growth opportunities.We enable our clients to build innovation capabilities and transform their organizations.Our consultants have strong practical industry experience combined with excellent knowledge of key trends and dynamics.ADL is present in the most important business centers around the world.We are proud to serve most of the Fortune 1000 companies,in addition to other leading firms and public sector organizations.For further information,please visit .Copyright Arthur D.Little 2024.All rights reserved.