In the realm of technology, the year 2023 will be remembered as the time when artificial intelligence (AI) truly entered the mainstream. The impact of AI was felt across various aspects of our lives, from education and employment to entertainment and copyright law. As we reflect on this significant moment in technological history, it becomes clear that the realm of cybersecurity has been profoundly affected.
Generative AI, a technology that allows machines to create content, brought about a new generation of hyper-targeted attacks in 2023. While traditional anti-phishing defenses have become better at detecting malicious links and attachments, attackers have turned to generative AI to revive the oldest strategy in the book—social engineering. Social engineering aims to manipulate and deceive targets through psychological tactics. With generative AI, bad actors can generate highly effective messages that are more convincing and targeted. They can leverage organizational information easily accessible on platforms like LinkedIn to craft sophisticated attacks such as account-based phishing, business email compromise (BEC) attacks, VIP impersonation attempts, vendor email compromise (VEC), and even use AI agents for automated campaigns.
Image-based attacks, particularly QR code phishing, saw a surprising surge in 2023 and are projected to triple in 2024. These attacks utilize imagery, such as QR codes, reversed text, and everyday image files, to evade AI-enabled security tools that primarily rely on linguistic analysis. The rise of multimedia-based generative AI tools like DALL-E and Midjourney has empowered attackers to create original, professional-quality images within seconds. To combat this rising trend, organizations must prioritize ongoing security awareness training (SAT) that emphasizes the threat of image-based attacks.
Another significant development expected in 2024 is the prioritization of cybersecurity expertise within senior leadership teams. A study conducted in 2023 revealed that only 12% of S&P 500 firms had board members with relevant cybersecurity credentials. Although this number remains low, there has been a noticeable increase compared to the previous year. As the frequency and financial repercussions of cyberattacks continue to escalate, businesses recognize the need to fortify their cybersecurity proficiency at the top level. Boards will likely make a concerted effort to prevent being caught off-guard in the aftermath of a severe breach.
The arrival of AI has sparked a range of opinions and emotions, as with any transformative technology. It is crucial to recognize that AI has the potential for both great harm and immense good. The outcome depends on how we, as humans, wield the technology. Mindful consideration of its impacts, diligent anticipation of potential problems, and proactive measures will be vital in shaping the future of cybersecurity and society as a whole. This balancing act remains essential not only in 2024 but also in the foreseeable future.
Forbes Technology Council, an exclusive community for top-tier CIOs, CTOs, and technology executives, provides a platform for industry leaders to share their expertise and insights. Are you a member of this esteemed council?
