… a survey finds 93 percent anticipated AI-enabled attacks in 2023

Thukten Zangpo  

With generative AI technology evolving, top cyber security experts warn of the increasing danger of cyber-attacks that could compromise countries and organisations.

There is increasing evidence reported on AI-generated phishing emails, malware, and deep fake campaigns. 

Experts in cybersecurity said that generative AI will facilitate cybercriminal activity as it becomes more advanced. The AI will grant cybercriminals the ability to attack organisations and countries in increasingly sophisticated ways,often without having to write a single line of code.

Director of Blavatnik Interdisciplinary Cyber Research Center, Tel Aviv University in Israel, Professor Isaac Ben-Israel said that we should be better prepared for generative AI.

“The algorithm in good hands has helped close knowledge gaps and promote global communication but in less good hands, it has created many negative effects,” he added.

Sharing the challenges in the age of social networks, Isaac Ben Israel calls for the liberal society to come up with regulations and code of ethics for removing offensive content to refine the algorithm.

For AI to lead to evolution rather than a revolution, he said that cooperation and openness between tech giants and security organisations must be enhanced.

Similarly, the Vice President of Enterprise Security at Sygnia, David Warshavski said that AI can act as a “force multiplier” for cyber-attacks and endanger resilient organisations across public and private sectors with increasing pressure to adopt AI technologies in the workplace.

“Cyber criminals have the ability to utilise and access such AI tools such as ChatGPT for personal gain or malicious behavior,” he said, adding that companies are rushing to embed AI and especially large language models within their products, creating a new attack surface that provides threat actors with new ways to breach the perimeter, leak customer data and potentially launch destructive attacks.

However, David Warshavski said that ChatGPT as a large language model-based chatbots with its ability to mimic natural language and human interaction with remarkable efficiency can also be used in a variety of ways to lower the bar for threat actors.

“The accelerated adoption of ChatGPT in the workplace has also provided another attack surface for threat actors. We have witnessed more than 100,000 ChatGPT accounts being stolen and sold over the Dark Web,” he added.

However, David Warshavski also said that the companies would need to educate the employees and set expectations for AI adoption in the companies and organisations since there are no guardrails on ChatGPT.

“The cybersecurity vendors will leverage this technology to close the skill gap that is plaguing the industry, but it will take time before such technologies are fully deployed,” he added.

According to the recent survey titled, “CyberArk 2023 Identity Security Threat Landscape” conducted by the CyberArk, a leading identity security company, it was found that 99 percent of the organisations are expected to suffer identity-related compromise in 2023, 93 percent anticipated AI-enabled attack, and two-thirds expected layoffs and workforce churn to create new cybersecurity issues.

The Co-founder and Executive Chair of CyberArk, Udi Mokady said companies and countries have opened the doors to attackers’ innovation because of the surge in human and machine identities with digital transformation, cloud migration, among others.

The identity-based attacks occur when cybercriminals target the computer system, network, or account to retrieve one’s personal information for illegal or malicious activities.

 Also known as impersonation attacks, threat actors leverage them to collect sensitive data, steal money, and ruin the target’s reputation.

 According to another cybersecurity company, Check Point, ransomware attacks have been evolving from individuals to companies to countries in the last decades. Between 2021-2023, the highest ransom of USD 40 million was paid by a country. The company believes that prevention is the future of cyber defence.

The top cybersecurity experts shared their views on the sidelines of the 13th edition of the Cyber Week event held at Tel Aviv University in Israel from June 26 to 29. Over 11,000 attendees from 99 countries attended the event.

For Bhutan, cyber threats looms large with no strategy in place and no cybersecurity experts in the country as internet users are exposed more to fraud, phishing, scams, and data loss.

At present, the Bhutan Computer Incident Response Team is identified as the national agency to coordinate cybersecurity activities and as a central point of contact on all cybersecurity matters on national security in the country.

According to the Royal Audit Authority’s (RAA) Performance Audit report 2023, Bhutan’s cybersecurity initiatives undertaken in the country lack strategic visions and directions, defined principles, and set priorities in managing cybersecurity risks with the National Cybersecurity Strategy (NCS) still in draft stage since 2018.

The RAA recommends that GovTech should draft NCS and take the lead to strengthen the legal framework for cybersecurity.