The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly running to catch up. According to the Google Cloud Cybersecurity Forecast 2024 report, companies should anticipate a surge in attacks powered by generative AI tools and LLMs as these technologies become more widely available.

The result is a hard truth for network protectors: keeping pace isn’t possible. While attackers benefit from a scattershot approach that uses anything and everything to compromise business networks, companies are better served staying on the security straight and narrow. This creates an imbalance. Even as malicious actors push the envelope, defenders must stay the course.

But it’s not all bad news. With a back-to-basics approach, enterprises can reduce risks, mitigate impacts and develop improved threat intelligence. Here’s how.

What’s new is old again

Attack vectors are evolving. For example, connected IoT environments create new openings for malicious actors: if they can infiltrate a single device, they may be able to gain unfettered network access. As noted by ZDNET, meanwhile, LLMs are now being used to improve phishing campaigns by removing grammatical errors and adding cultural context, while generative AI solutions create legitimate-looking content, such as invoices or email directives that prompt action from business users.

For enterprises, this makes it easy to miss the forest for the trees. Legitimate concerns over the rise of AI threats and the expansion of IoT risk can create a kind of hyperfocus for security teams, one that leaves networks unintentionally vulnerable.

While there might be more attack paths, these paths ultimately lead to the same places: enterprise applications, networks and databases. Consider some predicted cybersecurity trends for 2024, which include AI-crafted phishing emails, “doppelganger” users and convincing deepfakes.

Despite the differences in approach, these new attacks still have familiar targets. As a result, businesses are best served by getting back to basics.

Focus on what matters

Value for attackers comes from stealing information, compromising operations or holding data hostage.

This creates a funnel effect. At the top are attack vectors, everything from AI to scam calls to vulnerability exploits to macro malware. As attacks move toward the network, the funnel begins to narrow. While multiple compromise pathways exist — such as public clouds, user devices and Internet-facing applications — they are far less numerous than their attack vector counterparts.

At the bottom of the funnel is protected data. This data might exist in on-site or off-site storage databases, in public clouds or within applications, but again, it represents a shrinking of the overall attack funnel. As a result, businesses aren’t required to meet every new attack toe-to-toe. Instead, security teams should focus on the shared end goal of disparate attack vectors: data.

Effectively addressing new attack vectors means prioritizing familiar operations such as identifying critical data, tracking indicators of attack (IoAs) and adopting zero trust models.

Accelerate security defenses with AI

Back to basics

Consider an enterprise under threat from an AI-assisted attack. Using generative tools and LLMs, hackers have created code that’s hard to spot and designed to target specific data sets. At first glance, this scenario can seem overwhelming: How can companies hope to combat threats they can’t predict?

Simple: Start with the basics.

First, identify key data. Given the sheer amount of information now generated and collected by enterprises, it’s impossible to protect every piece of data simultaneously. By identifying essential digital assets — such as financial, intellectual property or personnel data — businesses can focus their protective efforts.

Next is tracking IoAs. By implementing processes that help pinpoint common attack characteristics, teams are better prepared to respond when threats emerge. Common IoAs may include sudden upticks in specific data access requests, performance problems in widely used applications with no identifiable cause or an increased number of failed login attempts. Armed with this information, teams can better predict likely attack paths.

Finally, zero trust models can help provide a protective bulwark if attackers manage to compromise login and password data. By adopting an always-verify approach that uses a combination of behavioral and geographic data paired with strong authentication processes, businesses frustrate attackers at the final hurdle.

Function over form: Implementing new tools

While focusing on the outcome rather than the input of new attack vectors, enterprises can reduce security risk. But there’s also a case for implementing new tools such as AI and LLMs to help bolster cybersecurity efforts.

Consider generative AI tools. In the same ways they can help attackers create code that’s hard to detect and difficult to counter, GenAI can assist cybersecurity teams in analyzing and identifying common attack patterns, helping businesses focus their efforts on likely avenues of compromise. However, it’s worth noting that this identification isn’t effective if companies don’t have the endpoint visibility to understand where attacks are coming from and what systems are at risk.

In other words, implementing new tools isn’t a cure-all — they’re only effective when paired with solid security hygiene.

For better security, work smarter, not harder

Just as attackers can leverage new technologies to increase compromise efficacy, companies can leverage AI security to help defend against potential threats.

Malicious actors, however, can act with impunity. If AI-enhanced malware or LLM-reviewed phishing emails don’t work, they can simply return to the drawing board. For cybersecurity professionals, however, failure means compromised systems at best and stolen or ransomed data at worst.

The result? Security success depends on working smarter, not harder. This starts by getting back to basics: pinpointing critical data, tracking attacks and implementing tools that verify all users. It improves with the targeted use of AI. By leveraging solutions such as the IBM Security QRadar Suite, which features advanced AI threat intelligence, or the IBM Security Guardian, which offers built-in AI outlier detection, businesses are better prepared to counter current threats and reduce the risk of future compromise.

More from Risk Management

What can businesses learn from the rise of cyber espionage?

4 min read - It’s not just government organizations that need to worry about cyber espionage campaigns — the entire business world is also a target.Multipolarity has been a defining trend in geopolitics in recent years. Rivalries between the world’s great powers continue to test the limits of globalism, resulting in growing disruption to international supply chains and economics. Global political risk has reached its highest level in decades, and even though corporate attention to geopolitics has dropped since peaking in 2022, the impact…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today