FEATURE : CYBERSECURITY
Organisations need to prioritise their people , processes and technology as a ‘ cyber resilience collective ’ to address enhanced and evolving cyber threats . This includes training their people in all the organisation ’ s functions to manage data security risks relative to their job role , adopting and deploying modern data security and management capabilities , and ensuring their processes bring IT & Security together to respond to attacks ; as both technology functions have a role to play in responding , remediating and recovering from attacks .
These challenges are compounded by the rapid progress in AI and ML that are providing scale , simplicity and serviceability to cybercriminals . For example , NotPetya is a malware discovered in the systems of an undisclosed data and telecommunications equipment company . Using an AI-powered algorithm , the malware was able to avoid detection and managed to extort more than US $ 500 million from its victims .
ORGANISATIONS NEED TO PRIORITISE THEIR PEOPLE , PROCESSES AND TECHNOLOGY AS A ‘ CYBER RESILIENCE COLLECTIVE ’ TO ADDRESS ENHANCED AND EVOLVING CYBER THREATS .
The useability and widespread availability of AI and ML through large language models , such as ChatGPT , have removed the need for extensive programming nous and are lowering the barrier to entry for threat actors to craft malicious code and automate cyberattacks to probe until a vulnerability is found .
Malicious actors are also leveraging these technologies to identify potential victims and create phishing emails that are more professional and personalised to better ensnare victims . Phishing emails today are more convincing and often mimic the styles of official correspondence from trusted sources . For example , in Singapore , malicious actors posed as government officials and deployed phishing links via SMS to cheat Singaporeans of their government cash vouchers .
To nullify the latest cyberattack techniques businesses similarly need to harness the power of AI and ML to automate aspects of data security , threat detection and intelligence , and data protection . Key capabilities they should have as part of their arsenal include :
1 . Immutable backup snapshots :
Cybercriminals are increasingly targeting backups as they become more sophisticated in their attacks . Unlike traditional backups that can be changed or deleted , these unmodifiable backup snapshots provide a secure and intact copy of data for recovery , forensics and compliance .
2 . AI-enabled multifactor authentication ( MFA ): With MFA , organisations can protect themselves against password cracking or guessing attacks . When
54 INTELLIGENTCIO APAC www . intelligentcio . com