Humans Are Still the Weakest Link in the AI Cyber War

AI has become the weapon of choice for cyber criminals for crafting new attacks through a variety of tactics and they’re very successful. An MIT Sloan and Safe Security research project found 80% of 2,800 ransomware attacks were powered by artificial intelligence. Malware, phishing, and deepfake-driven social engineering are popular schemes. A major difference is that AI based attacks move at lightning speed. AI-powered malware can dynamically rewrite code, making attacks harder to detect. It can analyze network behavior in real time, looking for vulnerability points to infiltrate. Fighting back against AI will require a defense that combines technology with the recognition that human behavior enables AI cyber-attacks just as humans enabled attacks in the pre-AI era. A business’s best defense is mobilization on three fronts: people, permission control, and technology. 

Threat Defense is a Team Sport

The number one point of security failure is a person clicking on a site, page or application that houses a threat. The opportunities for this increase with the pace and volume at which AI can generate new threats and process these links, creating an urgent need for advanced defenses. Phishing scams through social engineering are a main source of attacks. The difference is that AI is far more sophisticated, sending an email, for example, which looks identical to a person’s account. If an employee is tired, and some of this fatigue is caused by performance issues at their desktop, they are more likely to click on this communication. If they are unsatisfied with their company’s response to previous concerns, they may delay reporting the issue or not report it all. 

A remedy is providing a better digital employee experience that supports a smoothly operating workspace environment. Constant monitoring and using automated remediation to prevent performance disruptions promotes employee engagement. If an employee feels the company is more supportive, they will be more likely to report any threat concerns, and ideally, be more wary of AI social engineering attempts. When a business shows they care, employees will care back. 

Permission Control Needs a Refresh

Shadow IT and Shadow AI are a favorite of AI threat actors. It gives them a built-in advantage, zeroing in on targets that already lack access and permission controls. Add to this the fact that even authorized devices and applications can have lax permission controls and a business, at best, has a weak workspace defense. 

A solution is a rededication to the principle of minimum permissions, or least privilege, giving employees just the right amount of user permissions for apps and devices they need to be fully productive. A business may allow a parent to use a corporate device to check their child’s school schedule, and this on its own is not a major threat. On the other hand, if an employee has permissions to access corporate resources (think data for example) outside of their job function, this can lead to a threat. 

One area of significant risk is administrative permissions. Companies often overdue admin rights, with too many people having this higher-level permission. What happens is the employees make unauthorized changes to a system configuration or introduce a file or app that opens the door to AI generated malware. Strictly limiting admin rights to only those with responsibility for system level management or user accounts is the right strategy. It takes time to manage permissions across a business’s workforce, but it is an essential means of limiting actions that can result in a costly breach. 

A recommended refresher course is the Center for Internet Security (CIS) Controls guide, Control 6 on Access Control Management.

DEX is the Weapon Against AI Threats

AI cyber attackers move far faster than legacy technology can stop them. The goal is threat prevention and automated remediation that can stop these attackers before they disrupt an employee’s workspace and possibly infiltrate the larger network. The speed and volume at which AI operates requires an advanced digital employee experience (DEX) platform that uses real time telemetry to spot anomalous behavior and flag suspicious application performance. Real time data collection every three seconds is the rate IT needs to achieve a level of observability that can defend against AI threats. Additionally, a modern DEX solution offers end-to-end visibility across networking, applications, and devices. With this input, IT will be equipped to see threats across the system and fix any performance issues. 

AI Tools Need Tracking

Everyone is using AI whether their company has an AI policy and strategy or not. A good place to begin charting AI is using DEX software to track employees’ use of AI tools. DEX can monitor AI tools including websites as well as apps within a business’ user domain. The goal is to ensure employees are using corporate approved tools for their job. Like other AI threats, if an employee uses a tool that is not approved, and clicks on a rogue site, the threat begins. AI is very clever at creating fake sites, at warp speed. DEX will also see that there is suspicious behavior if a threat is successful and begins remediation. The best long-term strategy is a corporate AI tools policy that helps prevent more AI threats via Shadow AI activities. 

Beat AI Threats on Three Fronts

Conquering the lightning pace at which AI threat actors operate will take a refresh of corporate policies like permission controls and new policies to manage employee AI tools use. It will also require using modern technology like DEX to monitor performance using real time telemetry and automated remediation as a constant defense. Above all else, we must remember that while people can cause a security breach, people are a powerful defense asset if they trust in their company’s support.