Table of Contents
True or False: Enterprises Need AI Technology to Detect Breach Attempts
It seems that every day, a new story emerges involving cybercrime. Whether it’s a text scam about unpaid parking violations targeting individuals or a broader attack like ransomware that affects millions of people in one incident, cybercrime has become one of the highest earning global enterprises. The World Economic Forum reported that cybercrime resulted in more than $9 trillion in losses in 2023, and the cost is expected to rise to $23 trillion by 2028. If cybercrime were a country, it would be among the top 10 economies in the world, set to outpace the top earning country in the next four years.
Cybercrime has been driven by simple techniques, such as social engineering, and more complex methods, such as malicious programming; writing code that not only steals data but encrypts the data that remains on a victim’s system. With the introduction of artificial intelligence (AI) the threat of more nefarious methods may be more accessible to a wider range of would-be criminals.
Key Cybercrime Terminology
What is cybercrime?
Cybercrime is any illegal act that is carried out on an online platform. Cybercrimes can target large systems or individual devices.
What is social engineering?
Social engineering is the process of psychological manipulation to make a person do something that may not be in their best interest. Social engineers often rely on fear and urgency in order to execute the crime.
What is an asset?
An asset is anything that exists as part of a business — everything from file cabinets and lights to employees and company data. The primary step to securing assets is to know what they are and where they are.
How Do You Keep Your Digital Assets Safe Online?
We recently interviewed Fortra’s cybersecurity experts from across the organization to find out more about how they protect themselves, how we can best protect all of the digital assets that we all possess, and the emergence of AI in cybersecurity.
Lisa Lombardo, software development manager at Fortra, responded by sharing:
"I keep myself educated and aware of trends, and review privacy and security terms of online vendors that I use to hold my digital assets. I minimize the permissions and access grants where possible and, at times, I choose to move away from a vendor as vulnerabilities or terms that I do not agree with are faced. I cannot stay 100% safe, but I do my best with the information I have read and gathered in my own research.”
“There are many ways I protect myself, but number 1 is not to depend on a username and password only to protect my digital assets. Wherever possible, I use multi-factor authentication (MFA), and I do not use my Google or Facebook/Meta accounts to log in to other applications or websites. I use a password manager and authentication app to help manage my identities and access management."
Lisa also shared her advice about strategies for protecting digital assets from a personal, as well as a business perspective:
"Perform research on the vendors before trusting them with a personal digital asset, take all available precautions offered by the vendor to protect the personal digital asset, stay aware of reported breaches and take action immediately, and use a high entropy password like the ones generated by password manager applications."
Keith Fuller, technical consultant at Fortra, had similar advice and shared a six-step plan for a business to protect itself:
Identify and map your digital assets across your business value chain. This includes data, systems, and applications.
Implement robust security measures including the use of SSL or TLS, firewalls, and antivirus applications and restrict unnecessary access.
Use strong and unique passwords. The more complex your password is, the more likely it is that it can delay or stop criminals from accessing your systems or data. Also, change your passwords on a regular basis and never leave them stored insecurely. Use an industry-recognized password manager, which makes password changes easy.
Enable MFA. This adds an extra layer of security by requiring a second form of verification. This should be enabled wherever possible.
Train your employees to be aware of suspicious emails, hyperlinks, and be extra careful when downloading attachments from an unknown source.
Back up your data regularly, so you can recover any lost data.
Raghu Bhat, senior support manager at Fortra, provided a similar list of digital asset protection strategies:
Create an inventory of all the assets.
Classify and protect the data.
Implement robust security measures such as MFA and encryption techniques.
Restrict data only to people who must use it for official purposes.
Impose auditing and alerting mechanisms whenever the data is being used.
Run regular security scans to identify and mitigate any vulnerabilities.
Perform regular, consistent data backups, and store them in a separate location.
Chris Hudson, principal solution architect at Fortra, sees the security of digital assets as
"A continuous process that demands attention, awareness, and proactive measures to protect against potential breaches and data loss. Digital security is, in many ways, more complicated than traditional physical security, but with that complexity comes opportunities for better access and versatility.” He adds, “a key aspect is visibility — knowing what you’ve got to protect, where it is, when it is accessed, and who has access is important — as well as knowing when these things change."
Rohit Dhamankar, associate VP of product strategy at Fortra, looks to industry guidance to assist an organization in securing assets:
“The cybersecurity industry has matured to produce several frameworks that enhance security maturity, capability, and maturity models. It is essential for any organization to be fully aware of where they are in the security maturity journey, as well as the steps to take to increase their security maturity and balance it with business priorities and budgets. It is also essential to convey to the executives and Board a clear picture of how the current level of maturity translates into business risk.”
The Role of Artificial Intelligence in Cybersecurity
Artificial intelligence (AI) has been a serious business disrupter. Whether it’s used to assist in composing a letter or creating graphics, AI is changing the way that organizations function. AI can also be used in cybersecurity, for both good and bad. We asked our experts about how they think AI may affect cybersecurity.
Lisa Lombardo sees AI as:
“A tool that can help cybersecurity professionals and cybersecurity software programmers increase their capabilities. But just like any tool, AI can also be used by those that generate cybersecurity exploits and attacks. Like most tools, the tool is neutral; it is how we humans use the tool — for good or evil, for innovation or destruction. Though just a tool, AI is powerful. It can advance the field yet is also capable of empowering people who have bad intent. It has the potential to reduce the amount of time it takes for users to accomplish their goals without needing to possess the skills that would be needed if AI did not exist.”
Paul Dale, professional services manager at Fortra, sees the emergence of AI as another step along the timeline of human progress:
“From the first moment we built a wall to keep the enemy out and the first ladder to help people get over, there has always been a battle between defense and offense. Skipping the clock forward a few millennia, in 1997, IBM’s Deep Blue managed to win against the world’s premier chess Grand Master Garry Kasparov. From there, it was just a matter of time until a person can no longer defeat the machine consistently — and consistency is the key.”
“AI will be used on both sides. Attackers will use it to scrape even more digital context from social media. It is already proving as successful as many low-level attacks previously performed by human scammers. As AI improves, where we now see much more state-sponsored threats, the use of AI for defense is ever more critical. AI will be at least as transformative to business as the industrial revolution was. Our role in cybersecurity is to ensure we use AI not only to defeat rogue actors, but also use it responsibly and ethically moving forward.”
Chris Hudson agrees that AI will be an assistive tool for cybersecurity professionals, however, he cautions not to rely entirely upon AI as the sole arbiter for analysis:
“The opportunity for AI to aid with the triage of security data is significant, enriching complex data sets far quicker than manual assessments. But, as with data collection methods in the past, it must be tempered with human assessments on top. Handing everything over to AI won’t solve problems any more than just collecting more data or checking more things will do for any set of issues. Smart analysis with a layer of human involvement and understanding will be key.”
Troy Thompson, senior director of professional services at Fortra, sees AI from a very practical, albeit cautious viewpoint, stating:
“The role of AI has been over complicated and made out to be mysterious. I can’t agree with that perspective. Security information and event management (SIEM) systems promised us all the signal in the noise but could only honor that promise with mountains of ever-updating correlation and tuning. If the processes for monitoring and response plans are detailed and mature, using AI to facilitate identifying out-of-the-ordinary-activity comes with the same risks that are currently given to SecOps teams. Defining the role AI will play in the pursuit of a better monitoring and responding process should be a pragmatic exercise with AI as just another layer (or automation step) in detection and response. To best suit reality, the selection and use of an AI solution must be seen through this cautious lens.”
All of our experts agreed that AI will be used for both cybersecurity and cybercrime. Raghu Bhat expresses his concerns, but also sees more good through the use of AI. Some warnings include:
“AI is being used to create malware, intelligent phishing attacks, generate false-positive alerts to create distractions, and to crack passcodes. AI can create lots of new and advanced malicious software to disrupt the normal business operations.”
Raghu lists the positive uses of AI as well:
AI algorithms can be used for better malware and phishing attack detection and mitigation.
AI can also create better intrusion detection and prevention, as AI can automatically generate signatures for blocking the attacks.
More accurate and efficient vulnerability management can be realized by identifying and remediating the vulnerabilities.
Advanced algorithms can help to classify large data as per data protection regulations.
AI can generate advanced threat intelligence algorithms.
True or False: Enterprises Need AI Technology to Detect Breach Attempts
Finally, we posed the following stat to our experts: 61% of enterprises say they cannot detect breach attempts without the use of AI technologies. The responses from our experts were a bit surprising, with some questioning the accuracy of the percentage, indicating that 61% may actually be an underestimate.
Bob Erdman expressed the wisdom and importance of basic security hygiene:
“While machine learning (ML) and AI are excellent extensions of a security product or program, not every detection method requires ML or AI. The first step to preventing breaches is securing the environment. Missing patches, compromised credentials, and phishing emails are major vectors that open the environment to a breach. All of these can be remedied with proper tools and user training.”
Lisa Lombardo takes a measured approach to the idea:
“Products and tools existed before AI technologies were added. It would be more believable to me if those 61% of enterprises said they cannot detect breach attempts within 30 or fewer days without the use of AI technologies.”
Cybersecurity has always been a dynamic discipline. From its earliest days of simple firewalls and antivirus software as primary defense mechanisms, it has changed and advanced to keep up with the felonious actions of those who seek illegal profits. As our experts intimated, the common best practices for basic security still apply today. These professionals also reached beyond the obvious with their thoughts about the current defensive trends in artificial intelligence, as well as how AI will continue to impact the cybersecurity profession.
Make Fortra Your Cybersecurity Ally
Our mission at Fortra is to help organizations increase security maturity while decreasing operational burden. Our vision is a stronger, simpler future for cybersecurity. Who’s with us?