Small to medium businesses face a hostile cyber threat landscape as criminals turn to AI to increase the sophistication of attacks. However, customised solutions delivered by cyber-security experts can minimise risk without imposing undue strain on budgets.
Kloudify Technologies, a Microsoft Cloud Solution Provider that offers cloud migration, managed services and cyber security services across Australia, is increasingly seeing samples from customers of AI-generated phishing emails that aim to deceive recipients into clicking on malicious links or attachments.
As AI learns and matures, these messages become increasingly convincing and the risk for targeted businesses and individuals continues to escalate. In Europe, law enforcement agency Europol has released an article pointing out the potential applications of ‘large language models’ such as ChatGPT to fraud and social engineering, in particular drafting highly realistic text.
However, enhanced phishing emails are just one area in which AI is escalating the cyber security threat to small to medium businesses. ‘Deepfake’ audio and video can convincingly replicate the voice and appearance of real people, presenting opportunities for deception and misinformation.
In addition, AI can improve the performance of software designed to guess user passwords so criminals can access systems and accounts.
“The age of AI is upon us and we’re just scratching the surface of what it means for business and society,” says Lizon Rahman, Director, Kloudify Technologies. “While AI offers us unprecedented opportunities to improve and innovate, it also creates new avenues for cyber criminals. Organisations need to be acutely aware of the duality of AI in cybersecurity.”
A growing breadth of targets in today’s cyberwar
Unfortunately AI is just one weapon in today’s intensifying cyberwar between criminals and businesses.. In a post earlier this year, Vasu Jakkal, corporate vice president, security, compliance, identity, and management, Microsoft, noted increases in the volume, severity, and sophistication of cyber attacks.
Jakkal also noted “a growing breadth” of targets.
The Microsoft Digital Defense Report reveals the vendor’s Digital Crime Unit took down 531,000 unique phishing URLs and 5,400 phish kits between July 2021 and June 2022. This led to the identification and closure of more than 1,400 malicious email accounts used to collect stolen credentials.
In addition, Microsoft blocked 2.75 million site registrations before they could be used to engage in global cybercrime.
Microsoft’s experience of an escalation in cyber security attacks is backed up by cyber security agencies in a number of jurisdictions. In Australia, the Australian Cyber Security Centre (ACSC) noted increases in the number and sophistication of cyber threats in 2021-22.
The ACSC said this rise made crimes like extortion, espionage and fraud easier to replicate at a greater scale.
The organisation received more than 76,000 cybercrime reports, an increase of nearly 13% from the previous financial year.
40% of customers without security measures experience breaches
Unsurprisingly in this environment, Kloudify Technologies, found 40% of its customers that did not have appropriate security measures in place had experienced one or more breaches.
The potential consequences of a breach to a small to medium business can be severe and ongoing. In her post, Jakkal cited an IBM report that put the average cost of a data breach at an all-time high in 2022, at USD$4.35 million
The immediate and damaging consequences of a breach can include data loss, corruption or theft, service disruption and financial and reputational damage.
However, if infiltration remains undetected, cyber-criminals can time their attacks to maximise returns. For a small to medium business, this may mean experiencing an attack after a period of sustained growth.
Options available for cost-effective security for small to medium businesses
Despite these potentially severe consequences, many small to medium businesses are unwilling to invest in cybersecurity.
Leadership teams may view cybersecurity as requiring considerable initial and ongoing investment in a sophisticated, multilayered response delivered through enterprise-grade technologies.
However, options are available for small to medium businesses to deploy robust security foundations within their Microsoft environments based on the benchmark ACSC’s Essential Eight
–a series of mitigation strategies that make it much harder for adversaries to compromise systems.
Working with certified experts who can configure Microsoft security solutions to meet their specific needs, businesses can block AI-developed and other malware and minimise the risk of data compromise.
They can also ensure compliance with the regulatory and governance requirements of industries such as health or finance.
Helping a finance business meet cybersecurity challenges
Kloudify Technologies has delivered solutions that enable businesses to overcome the challenges of a fast-evolving, AI-enabled cybersecurity landscape.
These include a finance sector business with 100 employees.
“As a business deeply entrenched in finance, we often find ourselves often confronting a cyber security landscape fraught with challenges, especially in the areas of email and endpoint security,” says a spokesperson for the business. “Over time, we have noted significant changes in the threats we face. The phishing attacks, in particular, have evolved in their sophistication, becoming increasingly socially engineered and thus harder to detect and deter.”
The business has noted an uptick in AI-generated threats and an overall increase in cyberattacks.
“ To combat these, we have partnered with Kloudify Technologies, deploying Microsoft Defender for Office 365 Plan 2, Defender for Endpoint, and Intune,” the spokesperson says. “These tools have been instrumental in managing and reducing risks to help us secure our identity, email security and helping train our staff.”
“Kloudify Technologies has been an invaluable ally in helping us tackle our security challenges. They serve as our subject matter expert, providing analysis and guidance on an ongoing basis.
“Their role extends to configuring security solutions tailored to our specific needs, ensuring continuous improvements in our security posture to stay ahead of the ever-evolving threats posed by increasingly sophisticated cybercriminals.”
For a free consultation please contact Kloudify Technologies.
