AI's growing impact on cybersecurity threat & defence

The growing prevalence of artificial intelligence is altering the landscape of cybersecurity, as outlined by various executives at OPSWAT.

Matt Wiseman, Director of Product Marketing, commented on the evolving threat posed by AI.

"The rapid spread of AI has allowed for less advanced attackers to increase their sophistication and improve the credibility of their attacks. Whether this is to improve the grammar and design of their phishing email or enhance their social engineering. AI has closed the skills gap of these less advanced hackers making their attempts less obvious than they were in the past."

"Organisations can also leverage AI in their defensive cyber strategy, but they are often lagging behind the attackers' adoption of such tools. Rethinking your past cybersecurity strategy will be a must to ensure you have the technology and policies in place to keep these advancing attackers at bay."

Wiseman underscored the necessity of revisiting security fundamentals, especially within Operational Technology (OT) environments.

"As attackers continue to gain skills and momentum in developing new and more sophisticated cyber-attacks, organisations will need to go back to basics and focus on those security solutions and policies that will protect their assets of greatest value. An increased focus on prioritising the most critical sites or assets with proper segmentation, developing zones, and conduits to wall off those highest-value product assets are a must."

"When done properly, organisations can better secure their operations while still gaining business insights of a connected network. Leveraging true one-way data transfers with data-diodes to still have access to production data from the operation network to the IT layer for better business and operational insights. Additionally, implementing basic scanning policies for all inbound removable media or laptops can help to prevent new threats from entering these further disconnected assets while still maintaining updates and operations."

Pedram Amini, Chief Scientist, warned of the escalating sophistication and growing misuse of AI as related costs decrease.

"The drum beat of the evolution of threats will of course continue with nation states increasing their attacks on physical devices and appliances. ML assisted scams will increase significantly in their volume, quality, and believability. As costs associated with ML compute decrease, we'll see the transition from assisted to fully operated. Organisation's should expect increased attacks on employees personal devices and prioritize training and novel detection controls to prepare for AI-enhanced social engineering attacks. Production grade zero-day will be found and perhaps even exploited by AI, we're probably a few years out from seeing our first fully agentic AI malware."

Irfan Shakeel, VP of Training and Certification Services, highlighted the critical nature of cyber hygiene and organisational accountability. "During a panel at GITEX Global, it was noted that, despite the sophistication of emerging threats, many successful cyberattacks still exploit basic vulnerabilities, such as outdated software that hasn't been patched for years."

"A focus on maintaining cybersecurity fundamentals, combined with advanced threat detection, is crucial. Businesses must recognise that cyber threats pose significant business risks, requiring a balance between regulatory compliance and proactive security measures. However, even with technical defenses, human factors continue to be a critical point of vulnerability. Despite considerable investments in education and awareness, people still frequently fall for phishing schemes, social engineering attacks, and other manipulative tactics, leading to breakdowns in security defenses."

"To counteract this, organisations must go beyond conventional awareness programs, implementing tailored, continuous training that evolves alongside emerging threats. Regular upskilling and immersive training are essential to instill a proactive mindset, fostering vigilance that aligns with both regulatory compliance and proactive security measures."

Erik Knapp, CTO of OT, noted the challenges presented by increased cloud adoption in the Industrial Control Systems (ICS) and OT sectors and the existing skills gap.

"With more organisations leveraging the cloud, very strong network security controls at the perimeter need to be implemented. To ensure secure communication, devices that regularly interact with cloud services should ideally be channeled through data diodes, which allow safe, one-way data transfer. However, many sites also require remote access into OT environments to perform maintenance, upgrades and similar tasks. This calls for separate, secure pathways that are tailored for specific OT tasks and restricted to only authorised personnel. In 2025, we hope to see an increased adoption in both of these solutions, in lock-step, as organisations manage their cloud connections. Investment in proper controls is a prerequisite to obtaining the types of asset and connection visibility that many organisations are currently hoping to achieve and the question for next year is whether organisations are investing in a comprehensive and layered approach. Historically, we see the industry focusing on a single "technology du jour", but there are indications that 2025 may show a more balanced approach."

Itay Glick, VP of Products, discussed the heightened focus on data privacy and compliance.

"With regulations like GDPR and CCPA gaining traction, organisations are under heightened pressure to protect sensitive data. This growing focus on data privacy is exemplified by a significant enforcement action taken in May 2023, when Ireland's Data Protection Commission fined Meta €1.2 billion ($1.3 billion) for unlawfully transferring personal data from the European Union to the U.S."

"This case illustrates the severe financial repercussions organisations can face when failing to adhere to data protection laws."

Glick also addressed the increase in ransomware attacks, describing their impact on critical infrastructure. "Ransomware attacks are surging in frequency and complexity, posing a grave threat to critical infrastructure. A recent incident in April 2023 saw the ALPHV group (also known as BlackCat) successfully targeting NCR, a leading provider of ATM and payment solutions. This attack disrupted the Aloha POS platform widely used in restaurants, demonstrating how ransomware can cripple operations and highlight the necessity for advanced threat detection and incident response capabilities."

Glick mentioned a shift from cloud services to on-premises solutions, noting current security trends.

"As organisations reassess their data security strategies, many are moving from cloud services to on-premises solutions to maintain greater control over their data and mitigate risks associated with cloud vulnerabilities. This trend has gained momentum following high-profile breaches like the MOVEit cyberattacks in 2023, where weaknesses in cloud infrastructure were exploited, leading to widespread data exposure"

"By transitioning to on-premises systems, organisations aim to enhance their security posture, reduce reliance on third-party providers, and better align with compliance requirements," Glick added.