AI has enhanced attackers’ abilities to detect vulnerabilities in systems, create malicious code without the need for advanced development skills, and enable more sophisticated phishing methods to trap victims. For example, in addition to being more personalized, emails and SMS also have the ability to perfectly duplicate the voice. “Innovative AI technologies can help lower the barrier to entry for those without advanced technical skills,” said Director of AI at HarfangLab Constant Bridon.
Expert Ivan Kwiatkowki, cyber researcher at HarfangLab, explains: “Developing complex attack tools has never been a difficult problem for experienced attackers. Larger AI models can solve a more complex problem, capable of better analyzing large volumes of stolen data.
However, new technologies also benefit system defenders, helping to ward off cyber attacks. Expert Bernard Montel, Technical Director EMEA and Cybersecurity Strategist at Tenable emphasized: “Using the power of AI helps cybersecurity management teams search and analyze faster, and in the future , can make decisions faster.
“Defenders benefit as much from recent advances in AI as attackers, if not more,” asserts researcher Ivan Kwiatkowki. Assessing the severity of an attack with an automated tool also helps handle more cases. This also allows businesses that cannot afford to hire the necessary experts to still have a layer of security, through the use of automated tools to assess and address security issues.” .
* Strengthen management regulations
The rapid development of these technologies poses a new challenge for businesses and organizations, which is the dependence on several external AI service providers. The attack on the software platform of software development company Solarwinds at the end of 2020 or the attack on software development company Kaseya in 2021 indirectly affected the computer networks of tens of thousands of regulatory agencies. management and large businesses in the world.
“Accurately determining the supply chain is an indispensable step for a business in the field of cybersecurity,” noted expert Raphaël Marichez. To raise the overall level of cybersecurity, regulators of many countries have increased their projects in recent years. In the European Union, the Cyber Security Act, which comes into force this year, focuses on requiring more stringent security in the development of digital products, software and hardware.
The Act complements the NIS 2 (Cyber and Information Security) directive, pending passage into French law, to increase cybersecurity obligations on more companies and organizations. In the US, since December 13, the Securities and Exchange Commission has required transparent and public information about cyber attacks that have occurred, requiring listed companies to clearly state in their reports. annual report on how they manage the risks of cyber attacks. They will have to explain how they assess threats, protective measures, the potential material consequences of a successful attack, and the level of board oversight of these issues.
Another signal of the priority given to this topic is that for the first time, the European Central Bank (ECB) will conduct earlier this year a cybersecurity-related resilience test for with the EU’s 109 largest financial institutions, to identify their weaknesses.
Just as “Stress Tests” are used to test their resistance to certain severe attack events, “security resilience tests” This first cyber security measure primarily assesses how banks respond and recover from a cyber attack, rather than their ability to avoid it, the agency explained in early January 2024.
Key results should be announced in the summer. In the banking, finance, and insurance sectors, only 21% of information systems security managers regularly test resilience plans, according to a survey by Palo Alto Networks and IDC Research. “Those responsible for this are operating in difficult circumstances. On the one hand, geopolitical events and supply chain disruptions add to the threats. On the other hand, the lack of human resources and appropriate expertise makes it difficult to deploy solutions and prepare to deal with future attacks,” said expert Haider Pasha, Director EMEA and Latin America cybersecurity at Palo Alto Networks, analysis.
Researcher Ivan Kwiatkowski noted: “2024 will be a tense year, with many major geopolitical events. The more tension there is in the world, the greater the risk of cyber attacks. Ms. Gita Gopinath, First Deputy Managing Director of the International Monetary Fund (IMF), also warned at Davos that: “There is a risk that a ‘big event’ will happen before we really find a way solve it”.
Even the strongest technology companies, considered leaders in the field of cybersecurity, are not immune to this risk.
Microsoft said that in late November 2023, attackers succeeded in accessing the mailboxes of some of its most senior leaders, including President Brad Smith and Chief Financial Officer Amy Hood, who were who discussed strategic issues with CEO Satya Nadella. Hackers stole emails and attachments.
This highly sophisticated intrusion has only just been discovered. The perpetrators are the Nobelium group (also known as APT29, Cozy Bear or Midnight Blizzard), often targeting countries, large organizations, NGOs and information technology service providers. They are the ones behind the “Solarwinds” attack in December 2020.
Microsoft is working closely with the US Cyber Security Agency (Cisa) and the FBI to understand exactly what happened, assess the consequences, and learn lessons to protect other entities. “At this time, we are not aware of any impacts to the environment or to Microsoft customers’ products,” the company and authorities affirmed.