PT to fine-tune social engineering and pretexting attacks are just a few of the ways attackers try to evade being detected. Cybercrime gangs and sophisticated advanced persistent threat (APT) groups actively recruit AI and machine learning (ML) specialists to design their Large Language Models (LLM) while also looking for new ways to corrupt model data and invent malware capable of evading the current generation of threat detection and response systems starting with endpoints.
CISOs need AI, ML, automation, and threat intelligence tools if they're going to have a chance of staying at competitive parity with attackers. IBM's report provides compelling evidence that AI is delivering results and needs to be the new DNA of cybersecurity.
Integrating AI and automation reduced the breach lifecycle by 33% or 108 days
IBM found that enterprises that advanced their integration of AI and automation into SecOps teams to the platform level are reducing breach lifecycles by one-third, or 108 days. That's a significant drop from an average of 214 days. The average breach lasts 322 days when an organization isn't using AI or automation to improve detection and response.
Extensive use of AI and automation resulted in 33.6% cost savings for the average data breach.
Integrating AI and automation across a tech stack to gain visibility, detection, and achieve real-time response to potential intrusions and breaches pays off. Organizations with no AI or automation in place to identify and act on intrusions and breaches had an average breach cost of $5.36 million.
Enterprises with extensive AI and automation integration supporting their SecOps teams, tech stack, and cyber-resilience strategies experienced far less expensive breaches. The average cost of a breach with extensive AI and automation in place averaged $3.6 million. That's a compelling enough cost savings to build a business case around.
Despite the advantages, just 28% of enterprises are extensively integrating AI and automation
Given the gains AI and automation deliver, it's surprising that nearly one-third of enterprises surveyed have adopted these new technologies. IBM's team also found that 33% had limited use across just one or two security operations. That leaves 4 in 10 enterprises relying on current and legacy generation systems that attackers have fine-tuned their tradecraft to evade.
In another study, 71% of all intrusions indexed by CrowdStrike Threat Graph were malware-free. Attackers quickly capitalize on any gap or weakness they discover, with privileged access credentials and identities being a primary target, a key research finding from CrowdStrike's Falcon OverWatch Threat Hunting Report. Attackers increasingly use AI to evade detection and are focused on stealing cloud identities, credentials, and data, according to the report. This further shows the need for intelligent AI-driven cybersecurity tools.
Gartner's 2022 Innovation Insight for Attack Surface Management report predicts that by 2026, 20% of companies (versus 1% in 2022) will have a high level of visibility (95% or more) of all their assets, prioritized by risk and control coverage. Gartner contends that cyber asset attack surface management (CAASM) is necessary to bring an integrated, more unified view of cyber assets to SecOps and IT teams, CAASM stresses the need for integration at scale with secured APIs.
IBM's study shows that SecOps teams are still losing the AI war.
The majority of SecOps teams are still relying on manual processes and have yet to adopt automation or AI significantly, according to the report. There is a major disconnect between executives' intentions for adopting AI to improve cybersecurity and what's happening.
Ninety-three percent of IT executives say they are already using or considering implementing AI and ML to strengthen their cybersecurity tech stacks, while 28% have adopted these technologies. Meanwhile, attackers are successfully recruiting AI, ML, and generative AI experts who can overwhelm an attack surface at machine speed and scale, launching everything from DDOS to using living-off-the-land (LOTL) techniques that rely on Powershell, PsExec, Windows Management Interface (WMI), and other common tools to avoid detection while launching attacks.
"While extortion has mostly been associated with ransomware, campaigns have included a variety of other methods to apply pressure on their targets," writes Chris Caridi, cyber threat analyst for IBM Security Threat Intelligence. "And these include D
Imagine a world where cyberattacks are becoming more sophisticated and dangerous. From DoS attacks to encrypting data, hackers are constantly finding new ways to exploit vulnerabilities. But now, there's a new threat on the horizon - deepfakes. These are AI-generated videos or audio clips that can convincingly mimic someone's voice or appearance.
Recently, Zscaler CEO Jay Chaudhry fell victim to a deepfake attack. During a conference, he revealed how an attacker used a deepfake of his voice to extort funds from the company's India-based operations. It's a chilling example of how technology can be used for malicious purposes.
Deepfakes have become so prevalent that even the Department of Homeland Security has issued a guide on the increasing threats they pose. It's clear that we need to be vigilant and proactive in protecting ourselves from these emerging dangers.
Harnessing the Power of AI and Automation
Fortunately, there are tools available to help us combat these threats. AI and automation have proven to be invaluable in detecting and responding to anomalies that could indicate an intrusion or breach. By analyzing massive amounts of data, AI can identify potential threats faster than ever before.
According to IBM, integrating AI and ML algorithms into threat intelligence systems can reduce the time it takes to identify a breach by an average of 28 days. This is a significant improvement that can save organizations time, money, and reputational damage.
Taking Control of Breaches
Another advantage of AI is its ability to empower security operations (SecOps) teams to take control of breaches. Instead of waiting for an attacker to announce a breach or relying on law enforcement, AI enables SecOps teams to identify and contain breaches themselves. This proactive approach can save organizations nearly $1 million.
Furthermore, the integration of AI and automation has also reduced mean-time-to-identify (MTTI) and mean-time-to-contain (MTTC). This means that organizations can respond to breaches more quickly and effectively, minimizing the impact on their operations.
The Importance of Zero Trust
In the face of these evolving threats, the concept of zero trust is more important than ever. Zero trust assumes that a breach has already occurred and requires continuous monitoring and securing of all potential threat surfaces. AI, ML, and automation play a crucial role in providing real-time threat intelligence within this framework.
As zero trust creator John Kindervag advises, it's essential to start with a protect surface and then determine the appropriate technology. By deploying AI, ML, automation, and threat intelligence in a zero trust context, organizations can effectively safeguard their assets and respond to threats at scale.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
Today, a new IBM study revealed how artificial intelligence (AI) and automation are playing a key role in protecting enterprises from data breaches. The study sheds light on how these technologies can help companies maintain the trust and security of their customers’ sensitive data, while also helping them stay ahead of the fast-evolving security threats.
Recent data breaches highlight why enterprises must remain vigilant in maintaining data security. The IBM study found that the majority of enterprises surveyed don't have the necessary resources to quickly detect, respond and prevent potential data breaches. As a result, these companies were more likely to suffer a breach.
The study revealed that those who have leveraged automated tools are better able to identify and remediate threats in real time. AI-powered cybersecurity solutions are essential to detect and respond to threats that occur outside the traditional security network. AI-driven malware and phishing protection protect the customer’s data from exposure and so-called ‘zero-day attacks.’
The study revealed that AI and automation also simplify the process of setting up, managing and updating an enterprise’s cybersecurity infrastructure. Automation reduces the need for manual processes, decreasing the time and resources needed to maintain a robust security posture. This helps enterprises prevent and respond to security threats more quickly and effectively.
By leveraging AI and automation, enterprises can gain the insights and visibility they need to stay one step ahead of the constantly evolving security threat landscape. With AI and automation, businesses can build stronger and more trust with their customers by demonstrating their commitment to safeguarding their sensitive data.
All in all, the IBM study demonstrates how AI and automation are an essential part of maintaining data security for enterprises. By leveraging the power of AI and automation, companies can protect their customers’ sensitive data while also staying ahead of emerging threats.