[ad_1]
According to an FBI report released last year, New Jersey achieved an unwelcome milestone: becoming one of the top 10 states in the nation for cyberattacks (losses to the state totaled nearly $285 million). Digital attacks come in different “flavors,” but the report clearly identifies phishing (or using fraudulent emails to obtain sensitive information) as one of the most common threat vectors. As generative artificial intelligence spreads, phishing traps launched by cybercriminals are becoming more sophisticated than ever. But experienced cybersecurity service providers can provide the tools and training to build a deep moat between the enterprise and digital attackers.
Phishing threats have become more challenging as advances in artificial intelligence and large language models allow nation-states and other cybercriminals to collect detailed data about people and organizations in seconds, allowing them to develop and deploy Communication that sounds authentic and creates a sense of urgency. For example, an email might appear to be from a long-term supplier, citing an invoice for products or services delivered to your business.
The email may also reference an event you attended, lending legitimacy to the communication; additional communications may follow the initial contact, such as text messages and social media messages. Alternatively, an attack could take the form of a phone call purportedly coming from a company’s treasurer or other senior executive, with a “person” on the other end making an urgent request to move funds or ship goods.
However, the email, text message or phone call may not be legitimate. The rise of generative artificial intelligence has made it easier to create sophisticated “deepfakes,” realistic-sounding voices and even fake videos. For example, hackers hope that when you hear your boss’s distinctive voice on the phone, you’ll take the call seriously and immediately comply with his or her request.Of course, the funds or other assets they are asking you to transfer are actually being transferred to an unknown third party
Traditional defenses used by businesses, such as email filters and multi-factor authentication (a system that requires several different factors, such as a code texted to a phone before a user can log into an account) may no longer be enough to protect against deepfake videos as well as Other AI-powered attacks. Instead, organizations need a combination of advanced security tools and improved training.
Automated email security powered by AI can help detect AI-generated content, while cybersecurity tools using machine learning and behavioral analytics can help identify phishing attempts by analyzing online behavior and identifying biases and other issues. . A comprehensive cybersecurity plan will also reflect a layered approach, employing state-of-the-art authentication methods and permissions management.
For example, passwords may be replaced by alternatives such as biometric authentication, which uses a person’s unique physical or behavioral characteristics to verify their identity. While passwords can be forgotten, stolen, or easily cracked, biometric data is inherently linked to an individual, making it a safer and more reliable method. For example, facial recognition is already used in a variety of settings, from unlocking smartphones to airport security checks.
more Science and technology information
The other layer is a zero-trust approach, which requires authentication every time any user, device or application attempts to access the system. Other digital security barriers may include privileged access management, where users have only the minimum system access they need to do their jobs. Security teams should then regularly check privileged accounts to ensure user accounts only have the required access.
AI-enabled tools, such as phishing simulations, can also help organizations develop employee education programs focused on “best practices.” As part of the program, ongoing security awareness training and individualized training can be conducted at team and individual levels.
Cyber threats initiated by hackers are becoming increasingly sophisticated, requiring sophisticated cyber security approaches. Businesses can start by working with a skilled IT partner to initiate a risk assessment that highlights their vulnerabilities, then carefully evaluate their security controls, email filters and security awareness training, updating these digital assets as needed. The return on investment will be substantial, both financially and reputationally.
Carl Mazzanti is president of eMazzanti Technologies in Hoboken, which provides IT consulting and cybersecurity services to businesses ranging from home offices to multinational corporations.
[ad_2]
Source link