Zscalerのブログ
Zscalerの最新ブログ情報を受信
購読するAI: Boon or Bane to Security?
Security professionals believe offensive AI will outpace defensive AI
A recent Cybersecurity Insiders report found that AI is transforming security—making fundamental (and likely permanent) changes to both the attacker and defender toolkits.
The “Artificial Intelligence in Cybersecurity” report surveyed 457 cybersecurity professionals online and also tapped into Cybersecurity Insiders’ community of 600,000 information security professionals to find out what CISOs and their frontline teams think about AI’s impact on cybersecurity.
The report reveals some sobering findings on what security professionals most fear about AI in the hands of malicious actors. According to the report, 62% of security professionals believe offensive AI will outpace defensive AI.
Here’s a breakdown of the report and Zscaler’s take on what to do to combat AI-driven cyberattacks
AI increases the sophistication of cyberattacks
Unsurprisingly, 71% of respondents believe AI will make cyberattacks significantly more sophisticated, and 66% think these attacks will be more difficult to detect.
These findings align with observations by the Zscaler ThreatLabz security research team. For instance, the 2023 ThreatLabz Phishing Report noted that AI tools have significantly contributed to the growth of phishing, reducing criminals’ technical barriers to entry while saving them time and resources. Concerningly, the use of AI in phishing campaigns is projected to grow in the coming years.
Bracing for AI-enabled ransomware and cyber extortion attacks should be top-of-mind for security practitioners. Think about it: ransomware attacks typically start with social engineering, which 53% of respondents believe will grow more dangerous because of AI. For instance, attackers can use AI voice cloning to impersonate employees to gain privileged access, or use generative AI to help craft convincing phishing emails. Moreover, it will also get easier for attackers to discover and identify zero-day vulnerabilities.
Also, the business model of encryption-less extortion—in which threat actors steal data and demand a ransom to avoid a leak, rather than encrypting files—will benefit from advancements in AI-enabled tools that can drastically speed up the development of malicious code, exacerbating the threat to both public and private organizations
Organizations plan to increase AI usage in security
Zscaler strongly recommends that security practitioners prepare for more coordinated and effective attacks on larger groups of people, as threat actors will leverage AI to launch more sophisticated scams across different communication channels, such as email, SMS, and websites.
As the Cybersecurity Insiders survey found, security teams plan to invest more in defensive AI capabilities to do just that.
In another notable finding, 48% of respondents believe the use of deep learning for detecting malware in encrypted traffic holds the most promise for enhancing cyber defenses. At Zscaler, we have always advocated for inspecting most (if not all) TLS/SSL traffic and applying layered inline security controls. Today, at least 95% of traffic is encrypted (Google Transparency Report), and the Zscaler ThreatLabz 2023 State of Encrypted Attacks report shows that 85.9% of threats are now delivered over encrypted channels, underscoring the need for thorough inspection of all traffic.
The Zscaler Zero Trust Exchange inspects HTTPS at scale using a multilayered approach with inline threat inspection, sandboxing, data loss prevention, and a wide array of additional defense capabilities. On top of all that, the AI-powered Zscaler cloud effect means that all threats identified across the global platform trigger automatic updates to protect all Zscaler customers.
Strategies for combating AI-powered adversaries
Technology has always been a double-edged sword. The age of AI has arrived, and it is just beginning. Accordingly, organizations should prioritize the adoption of AI for cyberthreat protection—so it is gratifying that 74% of respondents say AI is a “medium” to “top” priority for their organization.
Additionally, partnering with security vendors who offer superior AI capabilities is crucial. This is easier said than done, as most vendors now claim to leverage AI. The best way forward is to educate yourself, look to vendors with a proven record of technological innovation, and engage them in proofs of concept to assess the efficacy of their solutions for yourself.
To find out more about why you need an AI-powered zero trust security platform such as Zscaler’s, watch this on-demand webinar. To read the full “Artificial Intelligence in Cybersecurity'' report by Cybersecurity Insiders, get your complimentary copy here.