Article author:
Published 20 Oct 2024 • 5 minutes of reading
Content of the article
TORONTO – Denis Villeneuve has worked in cybersecurity for 15 years, but rarely has he faced a threat as acute as he is today.
Employees at his workplace, tech company Kyndryl, have been sent a fake video of CEO Martin Schroeter designed to lure them into handing over their login credentials to fraudsters.
Villeneuve also sees a friend who owns a small engineering company who is preyed upon when his wife is left with a voicemail using his voice to lie that he is in trouble and that he needs him to post bail money quickly.
Advertising 2
Content of the article
“I was like, ‘Oh my God.’ It hits home because it’s a good friend of mine,” said Villeneuve, Kyndryl Canada’s cyber security and resilience practice leader.
These attacks are made possible by artificial intelligence-based software, which has become more affordable, accessible and advanced in recent years.
But despite the threat of cybersecurity, Villeneuve — like many in the tech industry — is careful not to frame AI as evil.
In the fight against cyber attackers, they reason AI can be as helpful as it is dangerous.
“It’s a double-edged sword,” Villeneuve explained.
As AI improves, experts feel there will be bigger or more innovative ways to try to overcome corporate defenses, but those defenses are also getting a boost from the technology.
“AI, ultimately, is something that’s better for defenders than attackers,” said Peter Smetny, regional vice president of engineering at cybersecurity firm Fortinet Canada.
The reason lies in the number of attacks that some companies face and the resources needed to deal with or prevent them.
Top Stories
Content of the article
Advertising 3
Content of the article
A 2023 study by EY Canada of 60 Canadian organizations found that four out of five had seen at least 25 cybersecurity incidents in the past year. Indigo Books & Music, London Drugs and Giant Tiger have all been victims of high-profile incidents.
Although not all cyber attacks are successful, Smetny said many companies see thousands of attempts to penetrate their systems every day.
AI makes handling more efficient.
“You might only have four or five people on your team and there are only so many alerts you can do manually, but this allows them to focus and tell them what to prioritize,” Smetny said.
Without AI, analysts must manually check that each attack is linked to an internet protocol address, a unique identifier assigned to each device connected to the internet, which can help trace the origin of an attack.
Analysts will also study whether the person behind the address is known to the company and the level of the attack.
With AI, analysts can now query software using simple language to quickly gather and display everything about attackers and their IP addresses, including where they entered the system and what actions they took.
Advertising 4
Content of the article
“It can save you a lot of time and steer you in the right direction, so you can focus on what’s important,” Smetny said.
But attackers have similar tools in their arsenal.
Dustin Heywood, chief architect of IBM’s X-Force global intelligence agency, said anyone with malicious intent could turn to AI to help collect data from multiple breaches and piece together a target profile.
For example, if the data tells us that someone often shops at Toys “R” Us or at Walmart for children’s products, it might tell an attacker that someone is having a baby.
Sometimes attackers perform a practice known as “killing pigs” to fill in missing information.
“You’re going to have bots start talking to people, start building relationships using things like generative AI,” Heywood said. “He’ll make them feel good and trustworthy, and then he’ll … start extracting information.”
When an attacker gets enough financial details, social insurance numbers or personal information to log into an account, that data can be used to fraudulently apply for a credit card or sell it to other criminals.
Advertising 5
Content of the article
The potential harm snowballs even more when there is good enough material to create a deep fake, which is a clip of someone doing or saying something they don’t have. Villeneuve’s example of his friend leaving a message for his wife exemplifies this tactic.
For smaller targets, the AI does a lot of the heavy lifting, freeing up attackers to focus on high-value victims.
“You can have a bot operator talking to 20 people at once,” Heywood said. “Before it was a farm of people in the third country, typing on their cell phones.”
He also heard of people using augmented reality glasses that instantly pull information about people, including personal data sold on the dark web, as soon as you look at them, and others are working on “jailbreak” AI chatbots intro to extract people’s personal information. already input.
The evolution in attack has convinced that AI is “changing the game.”
“Back in the 90s, it used to be teenagers, kids, students who used to go to websites to destroy them,” he said. “And recently, we’ve moved to ransomware where companies will have their computers encrypted.”
Advertising 6
Content of the article
Now, the focus has shifted to capturing people’s identities, “a very big business” says Heywood, more AI.
The Canadian Anti-Fraud Center said the country had counted 15,941 victims of fraud in the first half of the year, with $284 million lost in the incidents. There were 41,988 victims and $569 million lost the year before.
Heywood, Smetny and Villeneuve felt that the fight against the attackers was not in vain and the company was serious.
Her employer conducts training for businesses such as banks and major retailers, simulating what it would be like if the company was attacked, and helping them prepare staff to deal with threats and find and patch software vulnerabilities.
It’s not difficult to get businesses to act, Heywood said, because a cyber security breach can cost the average company $6 million and lead to a decline in stock, less sales and damaged relationships with customers.
Anything you can do to stop the attack is worth it, he added, because “trust is gained in inches but lost instantly.”
This report by The Canadian Press was first published on October 20, 2024.
Content of the article
