By Diwakar Dayal, Managing Director and Country Manager at SentinelOne
As we usher in 2024, the cybersecurity landscape is rapidly transforming. While the battle of machine vs. machine is a recipe for great cinematic blockbusters, AI is being prompted by some of today’s most clever minds, not by other machines. This shifting battleground demands a new strategy from Indian CISOs and security team members—one that abandons traditional methods and embraces innovative thinking to outmaneuver the adversaries of tomorrow.
In India, a worrying trend has emerged: 82% of citizens have inadvertently interacted with a phishing attempt. While some threat actors continue to try and exploit system vulnerabilities, many are looking to leverage AI to trick people into sharing personal credentials. Unfortunately, they have been quite successful. This statistic is a stark reminder that Cybersecurity has always been a cat-and-mouse game, but now, the pace is accelerating. The difference now is that generative AI condenses timeframes, allowing threat actors to try new approaches faster than practitioners can preemptively protect against them.
So, what does this mean for securing your organisation against generative AI threats in 2024? That depends on how you answer these critical questions.
As cybersecurity leaders brace for more formidable challenges, it’s essential to ponder over several key questions that will illuminate the path to a robust security framework.
Consider the convergence of technology being granted access to humans who are vulnerable to being misled and tricked.
Q1. How proficient is your team in utilising your comprehensive suite of cybersecurity tools?
Managing multiple tools has become a challenge for CISOs in India, with 78% of global organisations using 50 or more cybersecurity tools. However, often team members are not well-trained on the entire suite of tools, focusing only on their specialised areas, potentially leaving blind spots where other technologies could be beneficial.
Start the year by reacquainting your team with the entire cybersecurity toolset. If multiple tools are offered by one vendor or under one platform, ensure that your team is comfortable with the user experience, enabling them to fully utilise all available resources.
Q2. How well are your employees prepared to identify and report phishing attempts?
India, poised to grow its tech investments by 10% in 2023 to ₹3.9 trillion ($46.8 billion), is a prime target. So far, the average ransomware payout in India is around ₹99.8 million ($1.2 million), with the total cost of the attack nearly double that.
This underscores the increasing benefit threat actors derive from the rapid advancement of AI technology. Instead of attempting to penetrate networks through vulnerabilities, a well-crafted AI-generated email might be all it takes.
This raises the importance of comprehensive internal training, ensuring that every team member understands:
-Their critical role in safeguarding the organisation
-Techniques to identify potential attacks
-Applicable internal protocols
-The correct procedures for reporting suspicious activities
Q3. What proactive measures does your “one step ahead” strategy include?
It is vital to acknowledge that the attack that could breach your defences may not even exist yet. Whether incredibly complex or deceptively simple, the impact would be significant.
Anticipating that a major attack against your organisation could occur even this year, encourage your team to:
Gain a deep understanding of your network’s intricacies
Assess the value your organisation presents to potential attackers, whether nation-states or private entities
Adopt a hacker’s mindset: Consider how a malicious actor, aided by AI, might attempt to extract valuable data
Be vigilant on all fronts, as your adversaries need only a slight weakness to infiltrate your defences.
The multi-million-dollar question that remains is how to forge effective partnerships and strategies to safeguard your assets against these evolving threats.
AI, as much as it can be used nefariously, can also tap into vast data reserves to detect anomalies and suspicious patterns, moving us beyond the traditional cat-and-mouse game. For threat actors, the investment in crafting deceptive messages or simply bribing someone for their corporate credentials is often worth the risk.
Indians, on average, receive 12 phishing messages per day, with 49% being unable to discern their malicious nature due to their sophistication. For us, the investment in security must be comprehensive – mirroring the diligence of round-the-clock physical security.
In conclusion, keep probing the critical aspects of security and AI, and guide your company into 2025 with robust defences and a proactive mindset.