5 Ways To Protect Organizations From AI-Powered Cyberattacks
MGM Resorts is all about casinos and fun, and Clorox keeps your home clean, but they both have something very unlucky in common: they’ve been victimized by costly cybersecurity attacks only weeks apart. The Clorox Company recently disclosed that a cyberattack in August, which led to product shortages, is set to affect its earnings for the first quarter of 2024 -- including a decline in sales between 23 percent and 28 percent. MGM Resorts reported losing $100 million because of a September ransomware attack that shut down the operations of some of its hotels and casinos. And unfortunately, with AI, bad actors are getting more effective at figuring out smarter ways to breach a company’s information technology firewalls. But these costly breaches don’t need to happen to you. By taking a proactive approach that combines training and ongoing vigilance, you can thwart cyber-attacks. Here are five ways to do that in the spirit of Cybersecurity Awareness Month.
1. Embrace a Digital Safety Culture
Every organization needs to adopt a Digital Safety initiative to combat the growing levels of damaging risk that are rampant today. I recommend that organizations stay agile and develop strategic communications that include robust, informative session(s) highlighting the latest techniques from fraudsters, the potential impact to the enterprise, the responsibility of every team member, and success of attempted thwarted attacks. I recommend that organizations stay agile and develop strategic communications that include robust, informative session(s) with ongoing communications highlighting the latest techniques from fraudsters, the potential impact to the enterprise, the responsibility of every team member, and success of attempted thwarted attacks. Quite frankly, every employee should be involved in Digital Safety activities and have visibility of their contributions to keep the organization safe.
2. Apply Emotional Intelligence
AI and data technologies can mine and assess the emotional intelligence of a given organization’s employees and customers. This is helpful to determine specific areas to improve upon and how to address them. The Myers Briggs personality assessment, and other tools or frameworks, incorporated by AI, may be compared with the attributes of fraudsters, which assist in the detection and response to fraud and security attack vectors.
3. Develop Cybersecurity Frameworks
It goes without saying but security frameworks such as MITRE ATT&CK, and NIST should be put in place and used by security tools to assess the vulnerabilities within an organization and better position itself to detect, respond, and mitigate to protect digital citizens.
4. Maintain a Well Architected Framework
Organizations that adopt this architectural discipline, as well as deploying best practices of DevSecOps throughout their application and infrastructure ecosystem, can generate early visibility of potential channels that may be exploited by fraudsters. This includes the proper usage of defining access to systems via identity, access management policies, and rules-based access for permitting users to only utilize those systems that pertain to their role.
5. Practice Simulations
The practice of using breach and attack simulation, ethical hacking, as well as Purple Teaming, will further improve an organization’s ability to detect potential fraudsters. A fraudster typically performs reconnaissance prior to their criminal activity and employing these techniques may provide further awareness of the looming threats, which may be mitigated by your security professionals.