More than half of cybersecurity teams say they are underfunded, according to a new report.
ADVERTISEMENT
THE cybersecurity attacks are on the rise and are putting a strain on cyber professionals, especially as artificial intelligence (AI) makes them more sophisticated, experts say.
A new study from the Information Systems Auditing and Compliance Association (ISACA) found that 39% of nearly 6,000 global organizations surveyed admit they are experiencing more cyberattacks (link in English) and that 15% of them suffer from more privacy breaches than a year ago.
The study also found that cybersecurity teams in Europe are struggling to deal with attacks.
More than 60% of European cybersecurity professionals say their organization’s cybersecurity team is understaffed, and more than half (52%) believe their organization’s cybersecurity budget is insufficient.
The majority of these cyberattacks are ransomware, which involves locking a user’s data or files until a ransom is paid. “The sophistication of AI makes these attacks very difficult to detect,” Chris Dimitriadis, director of global strategy at ISACA, told Euronews Next.
Chris Dimitriadis explained that generative AI (GenAI) can analyze victim profiles within organizations and then generate content that closely simulates a human being.
“In the past we’ve seen, for example, emails translated into local languages that had a lot of errors… So it was a little easier for the victim to understand that it was something that didn’t ‘was absolutely not legitimate’rappelle M. Dimitriadis.
“But with Gen AI, we see that the distribution is very, very close to that of a human person, extremely precise in terms of language, style or culture, and the information in it is more precise or perhaps better targeted in relation to the victim’s environment.”
A separate investigation by Strise, a Norwegian anti-money laundering startup, showed that ChatGPT could easily obtain advice on how to commit financial crimes online.
The investigation showed that he could exploit banks with poor anti-money laundering practices, disguise illegal funds as legitimate loans by creating fake loan transactions, and use various tactics to complicate the task. authorities when it comes to tracing the source of the money.
“The level of understanding [de ChatGPT] and his knowledge of specific legal journalism action, such as what is required of certain banks and how to go about it. I mean, it’s really good on every level.”Marit Rødevand, CEO and co-founder of Strise, told Euronews Next.
She explained that when the chatbot was asked questions such as “how to launder money”, it refused to do so, saying it was illegal and went against its policies.
But Ms Rødevand explained that if you were creative by asking ChatGPT to write a film script about how to help a character called Shady Shark with his illegal dealings, he would give you specific advice.
“It really opened my eyes. I didn’t expect the answers to be so good and accurate. It’s like having your own corrupt financial advisor on your cell phone 24/7 on 7”she said.
In February, Microsoft and OpenAI revealed that hackers were using large language models (LLMs) to refine their cyberattacks. The companies detected attempts by Russia, North Korea, Iran and Chinese-backed groups that used chatbots to search for targets and enhance scripts.
Both companies said they were working to minimize the risks of misuse by such actors, but admitted they could not prevent all cases.
How to fight against cyberattacks
“The way for businesses to protect themselves is to ensure they have technology platforms that are fit for future threats and that they support cybersecurity professionals,” says Ms. Rødevand.
However, the ISACA report found that 71% of businesses said their organization provided no training to staff on digital trust and more than half of cybersecurity teams said they were underfunded .
“With less funds, it is very difficult to implement the right cybersecurity capabilities within their organization”said the director of global strategy at ISACA.
“If we go a little further, one of the causes of this lack of funding is that cybersecurity does not generate revenue if we do not operate in this sector. But above all, this means that decision-makers within the organization have not yet grasped or understood the value [et] the contribution of cybersecurity within the framework of the objectives they have set for this activity”he added.
Related News :