If there is anything that our last few briefs on Volt Typhoon and the concerns over Chinese activity have proven, it is that cybersecurity is a global issue. And it is an issue that’s impact hits many levels and sectors – from consumers to executives and from public to private. But,one of the most targeted areas continues to be critical infrastructure. The European Repository of Cyber Incidents (ERCI) reported that healthcare, financial organizations, telecommunications, transportation, and energy are some of the most frequent cybercrime victims, only to be followed by other fields including political and state systems.
The Ongoing Attack on Critical Infrastructure
One of the biggest spotlights to highlight the threat such areas of critical infrastructure faces has been geopolitical conflicts, which we also previously covered. That, unfortunately, continues. According to SC Magazine, around 20 water, energy, and heating providers across Ukraine were recently notified by a Computer Emergency Response Team that they had been compromised by Russian-backed group, Sandworm. Considering the risk lurking, agencies in the U.S. have been spurred into action. The Cybersecurity and Infrastructure Security Agency has proposed an updated rule recruiting critical infrastructure operators to report cyber cases within 72 hours and ransomware payments within 24 hours. The Environmental Protection Agency and the White House are also revisiting rules for water plant facilities. They recently met with a group of governors to set a goal of having cybersecurity plans for their systems drawn up by June 28.
Can AI Help?
As initiatives to enhance cybersecurity expand, there is another player poised to take on a greater role – AI. Citing a MeriTalk study, Security Magazine reported that “80% of cybersecurity decision makers say accelerating artificial intelligence (AI) adoption is critical to their organization’s resilience against evolving threats.” In fact, the AI in cybersecurity market has been projected to reach $102.78 billion by 2032.
At the same time, other research has concluded that one in five cyber security officers see AI as one of the biggest threats facing their organizations, including accidental exposure through employees’ use of AI tools. Worries have also been raised over AI’s fueling of zero-day exploits and deepfake scams as well as the advantage it offers bad actors to take when it comes to large language models and generative networks.
The benefits versus downfalls are certainly up for debate. Like Matt Bracken wrote for FedScoop, “In these relatively nascent days, some federal cyber officials have said they believe that AI provides more of an advantage to defenders than attackers in cyberspace, while others warn that the pace of innovation looms as a threat to the country.” What is clear is that AI will undeniably be a part of cybersecurity moving forward and offers opportunities for both offense and defense. For operators, the solution likely lies in integrating AI use cases into existing, and hopefully growing, teams. That MeriTalk study found that 86% of cybersecurity experts see “human-AI collaboration” as the new “cornerstone” for near future strategies.
Sources:
- “These sectors are top targets for cybercrime, and other cybersecurity news to know this month” – Akshay Joshi, World Economic Forum https://www.weforum.org/agenda/2024/04/cybercrime-target-sectors-cybersecurity-news/
- “Ukraine critical infrastructure subjected to Sandworm attacks” – SC Magazine https://www.scmagazine.com/brief/ukraine-critical-infrastructure-subjected-to-sandworm-attacks
- “Facing cyber attacks, critical infrastructure gets new reporting requirements” – Eric White, Federal News Network
https://federalnewsnetwork.com/cybersecurity/2024/04/facing-cyber-attacks-critical-infrastructure-gets-new-reporting-requirements/
- “Water Facilities Warned to Improve Cybersecurity as Nation-State Hackers Pounce” – Catherine Stupp, WSJ Pro
https://www.wsj.com/articles/water-facilities-warned-to-improve-cybersecurity-as-nation-state-hackers-pounce-69ca8818
- “40% of organizations have AI policies for critical infrastructure” – Security Magazine
https://www.securitymagazine.com/articles/100603-40-of-organizations-have-ai-policies-for-critical-infrastructure
- “CSOs say AI is ‘biggest cyber threat’ to their organizations” – Olivia Powell, Tech Radar https://www.techradar.com/computing/cyber-security/csos-say-ai-is-biggest-cyber-threat-to-their-organizations
- “Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape” – Fiona Jackson, TechRepublic https://www.techrepublic.com/article/ai-impact-cybersecurity-threat-landscape/
- “AI won’t replace cybersecurity workforce, agency leaders say” – Matt Bracken, FedScoop https://fedscoop.com/ai-cybersecurity-workforce-automation/
