Getting the balance right between innovation, security and AI technology
By Chris Fisher (pictured), Regional Director for Australia and New Zealand, Vectra AI
The financial services sector is currently witnessing increased deployment of Generative Artificial Intelligence-enabled tools like Microsoft Copilot which are reimagining existing business models in the name of innovation. Unfortunately, this has directly contributed to an alarming spike in cyberattack frequency, severity and diversity. In line with this, recent research suggests that 75% of cybersecurity professionals have seen an increase in AI-powered cyberattacks over the past year, with 85% attributing it to threat actors weaponising AI.
When large language models (LLMs) are given access to proprietary corporate data and equipped with the ability to make decisions and take actions, new attack surfaces are introduced that enable surprising new attack techniques. And oftentimes, cybersecurity defences become an afterthought.
As many organisations within the financial services sector continue to digitise their operations, traditional security measures may no longer be sufficient as a need for more robust cybersecurity measures become more pressing.
It’s useful to first understand why digital innovation is leaving organisations more susceptible to cyberattacks and second what steps can business leaders take to reduce these risks.
Third-party access leads to rapid rise in identity-based attacks
As enterprises modernise their IT infrastructure with Generative Artificial Intelligence (GenAI) technologies and methodologies, they are integrating not just Artificial Intelligence (AI) and machine learning (ML), but also with third-party applications, contractors and outside services. Maintaining strict access control to sensitive networks, services, and applications becomes more challenging as more third-party partners, contractors and suppliers are used, increasing the risk of identity-based attacks. For example, attackers can use Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications like Microsoft Entra ID (formerly Azure ID).
Despite the estimated AU$7.3 billion spent on security and risk management products this year, 90% of organisations have experienced identity attacks. With GenAI further providing new opportunities for adversaries to exploit vulnerabilities in identity-related systems to perpetrate ransomware, scams and business email compromise (BEC), organisations will continue to be targeted. It’s clear that current preventive security controls are not enough to fight GenAI driven attacks. Companies need to consider alternate options like threat detection and response to close the widening exposure gap.
Lateral movement exposes hybrid cloud vulnerabilities
With hybrid attacks on the rise, the complexity of managing security in hybrid environments is daunting. Malicious actors are not just looking at social engineering traps, but also vulnerabilities and misconfigurations. The biggest issue in the cloud is credential theft through repositories like GitHub or Bitbucket – when a developer mistakenly uploads the credentials, or if the cloud’s complexity leads to misconfigurations being used or abused.
Lateral movement in the hybrid world further amplifies the problem as threat actors “live off the land” using available tools and infrastructure to disguise themselves as legitimate users to obtain the necessary credentials to access sensitive data. Identity-based attacks corelates with lateral movement when new identities continue to be compromised as the attacker move around a network. Monitoring how an identity has been compromised and maintaining visibility and a consistency of risk and control is critical. Moreso when most identities are contained in federated domains which don’t fully integrate with one another, creating blind spots for attackers to hide. GenAI tools can be abused to increase the speed of lateral movements. In the past, ransomware attacks used to take between eight to 14 days, but with Microsoft Copilot this reconnaissance could take minutes instead of days.
Fighting AI threats with AI
Despite these challenges, GenAI presents an exciting opportunity to use AI technology to aid in the fight against cyberattacks. If financial services companies go back to basics, leverage proven security expertise, and create a robust foundation of security measures, they are well-placed for innovation without the potential fallout. Key factors to consider include:
- Focus on basic TTPs: While cybercrime continues to grow, the threat vectors – potential pathways into the system – remain the same. Organisations should apply the same defence mechanisms while expanding their digital footprint and focus on basic techniques and tactics, procedures and protocols (TTPs) that can help prevent and remediate security incidents.
- Invest in security controls: A recent Proofpoint 2024 Voice of the CISO report cited human error topping cyber vulnerability threats. Social engineering is further used to exploit employees to hand over credentials to bad actors. Aside from up-to-date security trainings, organisations must tighten protocols for privilege control – ensuring users only have access to the data and functionality that they need to perform their roles to limit opportunities for leaks.
- Find solutions that leverage AI the right way: Defending against the unknown today requires a security solution that combines both security research and data science. Instant AI-driven remediation enables security teams to stop unauthorised behaviour, eliminate access and prevent breaches, application abuse, exfiltration and other damage, within minutes not months.
- Build out visibility, awareness and insights: Security teams need quick visibility and situational awareness across their environments to stay ahead of unusual activity they might not have noticed without enriched security insights. As we move into a cloud-native world, frameworks that deliver cloud telemetry specific to your cloud infrastructure are ideal. The MITRE ATT&CK framework uses patented AI to learn the behaviour of privileged users. By identifying what is normal and what isn’t, analysts have real-time visibility into their hybrid environments. This stops lateral movement and ransomware by detecting attackers before they do any damage.
As organisations get more innovative, so do attackers
The potential of GenAI to transform workforce productivity and boost innovation is more than just hype. As GenAI capabilities continue to evolve, it will advance security tools, improve threat intelligence and transform security operations centres. Security leaders must adopt AI as part of their defence and response strategies to ensure they remain resilient, agile and one step ahead of cyber-attackers.
