Survey sees cyberattacks gaining AI sophistication

Cybersecurity professionals who believe cyberattacks are becoming more sophisticated have plenty of company. A survey of more than 800 IT and cybersecurity leaders found that 95% of respondents agree.

Conducted by Keeper Security, a provider of password access management (PAM) software, 92% of respondents said during the past year, they have seen an increase in cyberattacks by “creative and relentless” cybercriminals. 84% said artificial intelligence (AI) has made phishing and smishing attacks even more difficult to detect.

More than half (51%) identified AI-powered attacks as the most serious threat facing their organizations, and only 35% feel their organization is prepared to combat these attacks.

As a result, 45% of respondents said their organization is focusing on enhancing their cybersecurity training programs, while 41% are investing in more advanced threat detection systems. The survey finds that just over half (51%) are also investing in data encryption.

Separately, a report from research firm Juniper projects a 141% increase in global losses, from $44 billion in 2024 to a staggering $107 billion by 2029, as a direct result of an increase in e-commerce fraud enabled by AI technologies that could, for example, be used to set up synthetic identifies to drive fake transactions.

AI is changing the cybersecurity game in a way many organizations do not yet fully appreciate. For years, many cybersecurity professionals have encouraged organizations to focus on cybersecurity fundamentals. Rather than worrying about all the vulnerabilities being regularly discovered, organizations would be better off if they simply focused on steadily improving cybersecurity hygiene. After all, most cybercriminals will not bother to write a sophisticated piece of malware when they can simply steal credentials and exfiltrate as much data as they like.

That may have been good advice, but as cyberattacks become more sophisticated, the cybersecurity bar is being raised regarding what constitutes fundamental cybersecurity requirements. Simple practices such as using strong passwords, enabling multifactor authentication (MFA), and training can go a long way toward averting potentially catastrophic events. However, cybercriminal syndicates have the resources required to invest in AI technologies. The simple fact is that the cost of launching cyberattacks enabled by AI targeting specific individuals is declining rapidly.

Fortunately, efforts are underway to simplify identifying those threats by, for example, using the neural processor units (NPUs) in next-generation PCs to scan audio files for anomalies. Not everyone, however, will be equipped with a PV with an NPU any time soon, so it may be a while before tools needed to thwart these attacks become widely available. In the meantime, cybersecurity teams should expect more end users to fall victim to deep fake scams that are only going to look and sound increasingly more authentic. Many of the cybersecurity tools and platforms that organizations have historically relied on to ensure fundamental best cybersecurity practices are followed are not nearly going to be effective when organizations are confronted with new types of threats enabled by AI.

The challenge, as always when it comes to cybersecurity, is once again rallying the organization to proactively address these emerging threats before everyone has to learn a new set of cybersecurity fundamentals in the age of AI.