AI generated cyberattacks are set to pose a major business operational risk

Computers for sale in Moscow, where residents seemed fatalistic about looming Western sanctions over Russia’s invasion of Ukraine – Copyright AFP Charly TRIBALLEAU

What are the essential cybersecurity concerns for businesses as we head into 2024? To give some realistic expectations of what is to come for cybersecurity in the year ahead, Digital Journal sought the opinion of Skybox Security’s Adi Dubin.

Dubin is particularly concerned about AI-generated cyberattacks. Indeed, threat actors’ use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months, as The Independent reports.

According to Adi Dubin, Vice President of Product Management, in 2024, we will begin to see this transition to AI-generated tailored malware together with the full-scale automation of cyberattacks.

This presents renewed cybersecurity concerns for business. To address this, Dubin notes: “Cybersecurity teams face a significant threat from the rapid automation of malware creation and execution using generative AI and other advanced tools.”

This includes denial of service attacks on computers.

In terms of the specific threat, Dubin notes: “In 2023, AI systems capable of generating highly customized malware emerged, giving threat actors a new and powerful weapon. In the coming year, the focus will shift from merely generating tailored malware to automating the entire attack process.”

The downside of this is: “This will make it much easier for even unskilled threat actors to launch successful attacks.”

There is a second concern that Dubin draws out. This relates to how automated vendor assessments and enhanced security measures will become the norm, redefining how companies interact with third-party vendors.

Addressing this, Dubin predicts that: “In 2024, we can expect a significant shift in how companies interact with third-party vendors and assess their security measures. The traditional checklist approach to mitigating third-party breach threats will evolve as businesses increasingly transition from manual assessments to automated procedures.”

In terms of tackling this, Dubin foresees: “Similar to the adoption of external attack surface solutions, many companies will adopt automated vendor assessments for a more comprehensive approach. This approach is expected to become the norm, especially in industries like insurance.”

There also needs to be a focus with the consumer, says Dubin: “Additionally, customers will take a more active role in assessing their vendors, conducting extensive evaluations, and implementing a wide range of automation-driven solutions to enhance code controls and security measures. This will ultimately strengthen the vendor-customer relationship.”