84% of the
US' critical infrastructure organizations have identified the use of AI to
drive cyber threats as a current security concern.
This
dramatic rise in concern about how cybercriminals use AI is revealed in new
research by leading cybersecurity services firm Bridewell, surveying 519 staff
responsible for cybersecurity in US critical infrastructure organizations, in
sectors such as civil aviation, telecommunications, energy, transport, media,
financial services and water supply.
The research
found 87% of respondents are worried about AI-powered phishing attacks in which
criminals use AI to radically improve the accuracy and wording of their email
lures at scale. Criminals can also employ AI to complement basic coding skills,
reducing the barrier to entry for exploits and enhancing the sophistication of
their malware.
These
developments are also why 86% of respondents voiced concerns about automated
hacking. Meanwhile, 84% of respondents say they have fears about adaptive AI
cyberattacks, that constantly evolve their tactics, and 85% expressed concerns
about AI-driven exploit development.
All of the
AI-driven threats listed in the research are of concern to more than
three-quarters (75%) of respondents - including polymorphic malware which
mutates with every infection. 80% said they fear this emerging threat.
The research
also explored how critical infrastructure organizations are using AI to combat
the increased use of AI by cybercriminal groups. AI-driven exploits or
techniques are not yet as effective as conventional cyber tactics, and
businesses are able to use AI-focused tools to protect their systems and
infrastructure. With its ability to analyse large datasets rapidly, AI can be a
useful tool in detecting malicious activity in a system or network, spotting
anomalies and suspicious behaviour.
The research
found current deployment of AI in cyber defences is in its early stages. Fewer
than three-in-ten respondents' organizations are using AI-enhanced endpoint
protection (29%), AI-driven data-loss prevention (28%), , or AI-based phishing
detection and prevention (27%). Almost all organizations (98%) are, however,
using some AI tools - a trend certain to gain momentum as cyber threats
escalate and become even more sophisticated.
"While we
are at the early stages of AI-driven cyber-attacks, concern among organizations
is not unfounded as the technology presents itself as a future threat," said
Chase Richardson , Vice President of Consulting at Bridewell. "Businesses
can prepare for the impending AI arms race by incorporating the technology into
their cyber defence strategies. AI can be a force for good by helping critical
infrastructure organizations to enhance threat intelligence capabilities and
accelerate detection and response strategies."
Download the report.