While generative AI is already multiplying the impact and success rate of cyberthreats, three cyber defense strategies remain relevant …

ChatGPT and DALL-E have thrust generative AI (GenAI) into the spotlight, with more businesses exploring how to improve productivity and efficiency with AI.

When thinking of generative AI, the most common uses that come to mind are text and image creation to boost productivity or the creation of synthetic datasets to train AI models. However, bad actors can also use this type of AI to quickly create a wide range of scam content that can be used across a wide range of countries or demographics. Due to the capabilities of current generative AI models, it is possible to create large numbers of phishing emails that have a highly likelihood of being opened as compared to manually created phishing emails.

Some examples of how GenAI can help cybercriminals in their campaigns include:

    • Launching highly targeted spear-phishing campaigns
    • Impersonating C-suite executives to facilitate account takeovers, business fraud
    • Driving the share price or reputation of an organization down
Bhupinder Singh, President (Asia Pacific & Middle East), Vodafone Business

Also, the normalization of hybrid work and increased adoption of Internet of Things (IoT) have led to a surge of connected devices, which makes defending against cyber-attacks even more complicated. The increasing numbers of connected devices that businesses have to manage and safeguard also lead to a rise in the attack surface of these businesses. IoT devices can have lower security compared to traditional computing devices, making them easier to hack.

Perhaps that is why some surveys are showing the top two cybersecurity challenges faced by respondents today include securing all different devices (personal, mobile, IOT) and protecting sensitive company and personal data.

Security starts from your network 

In the face of more sophisticated AI-powered cyberattacks, how can businesses keep up?

Here are three key areas that businesses — particularly global or regional enterprises with varying infrastructure and compliance considerations — can consider for improving their cybersecurity strategies:

    1. Zero trust: With this security paradigm, all users and devices trying to access resources on a private network must be verified, regardless of whether they are sitting within or outside of the network. Verification requests extend to IoT devices, lowering the risk of attacks being executed through these devices, and reducing an enterprise’s attack surface.
    2. SASE security: In a world that is hyperconnected network security is more important than ever Here is where Secure Access Service Edge (SASE) comes into play. SASE provides protected access to company apps and data no matter where the user is located. It integrates network connectivity and security into a single service hosted in the cloud — bringing more efficiency, flexibility and agility.
    3. End-to-end protection: Users and devices are everywhere, and security needs to be everywhere too. Businesses need to look at embedding security into every layer of their infrastructure, and into solutions that extend security to where data is stored and accessed, to ensure that the data is reliably protected regardless of location, application or environment.

Finally, while it is common for businesses to look at endpoint protection, cybersecurity is a moving target: so, they should ensure that their networks and security solutions are integrated to deliver the best protection possible.