Excitement over AI must be tempered by awareness of new dangers, warns Billy MacInnes
Blogs
Image: cottonbro/Pexels
“Every new technology trend opens up new attack vectors for cyber criminals.”
Very true. It’s not something you see in the adverts for this year’s must-have technology product, it’s not something the sales people tell you when they’re selling you a product or service to make your business run better. But it’s the truth all the same.
Those words come from Corey Nachreiner chief security officer at WatchGuard Technologies, so they are not just the musings of a casual observer as they come from someone who is engaged with IT security for a living.
advertisement
“In 2024, the emerging threats targeting companies and individuals will be even more intense, complicated, and difficult to manage,” Nachreiner adds, just to make sure the message gets through.
There is an answer or a combination of answers. None of them are “don’t buy the new technology trend”. The difficulty in opting not to take the risk of opening up a new attack vector is that the old trends become more vulnerable over time as the people who sold them to you stop supporting them because they’re so busy supporting the new ones. At least, that’s what I’d like to think. Wait, maybe not.
Otherwise, I might be forced to wonder if they decided to stop supporting them to force you to buy their newer stuff. But on the whole, it’s fair enough as it probably becomes more expensive to protect older technology as time goes on and the rewards for doing so are likely to be diminished too. You have to pull the plug sometime.
But there’s a balance to be struck if you’re going to take the risk of investing in something new that might open you up to a wider range of attacks.
The most obvious is to make people aware of the risks as well as the benefits of that new piece of technology or better service. Clearly, you don’t want to put them off, but it can save a lot of time and hassle if they have some awareness of what they might face.
The WatchGuard Threat Lab team’s top cyber security predictions for 2024 has some fairly hair-raising prospects. For example, it predicts a prompt engineer will crack the code and manipulate a large language model (LLM) into leaking data. I’m sure someone will do it, I just wish they wouldn’t.
AI goes boom!
AI-based stuff seems to loom large. WatchGuard predicts a “boom” in the sale of AI spear phishing tools on the Dark Web that will send spam e-mail, create convincing texts and scrape the Internet and social media for a target’s information and connections. That sounds pretty scary even if WatchGuard’s description of the threat can’t help sounding ever so slightly like an advert for AI, noting that “well-formatted procedural tasks like these are perfect for automation via artificial intelligence and machine learning.” Sounds like a slogan to me. Go AI!
There’s obviously no end to the potential of AI with the prospect of AI-based vishing (voice-based phishing) taking off in 2024. According to WatchGuard, “the combination of convincing deepfake audio and LLMs capable of carrying on conversations with unsuspecting victims will greatly increase the scale and volume of vishing calls. What’s more, they may not even require a human threat actor’s participation”. More good news.
WatchGuard says that for companies faced with these threats, “the need for MSPs, unified security, and automated platforms to bolster cyber security and protect organisations from the ever-evolving threat landscape has never been greater”.
But what are the odds that the need will be even greater in 2025? And 2026. And 2027. Nachreiner didn’t quite say it, but the truth is that innovation often cuts both ways.
Read More: AI Artificial Intelligence Billy MacInnes Blog Blogs cyber crime WatchGuard
READ SOURCE
