AI-based Cyberattacks Are Here

Experts predict hackers will conduct AI-based cyberattacks for the first time this year. Really? Hackers are creative, especially those backed by nation states. Does this mean companies should revisit their cybersecurity programs and invest in AI-based responses? AI-based cyberattacks sound ominous yet should not be treated different than any other attack. AI-based cyberattacks aim to gain access to information to steal money or gain access to control systems to cause harm. No different than today. The AI-based cyberattacks will simply make hacking faster. After all, AI systems don't have to stop to drink Red Bull, go to the bathroom, or nap.

Companies can be well protected from AI-based cyberattacks in the following areas:

Operational Systems

SCADA, ECM Monitoring, Power Grid and other process control systems often fall outside the purview of the IT organization. Basic table stakes security is often overlooked. For example, changing default passwords or updating software and firmware on a regular basis is a must. Software updates and passwords are vulnerabilities all hackers exploit when trying to shut down power grids or take over process control systems.

Functions responsible for operational systems should work with Internal Audit and IT to do the following:

• Establish a cybersecurity champion (read more here)
• Implement a cybersafety program
• Change all default passwords and update all systems on a regular basis
• Create and test recovery procedures (read more here)

ERP

Most ERP systems have been secured, but hackers will try to access employee information for identify theft or access vendor tables to change bank information to redirect payments. Companies should assume ERP systems are vulnerable and should establish the following basic controls:

• Encrypt employee HR information
• Strengthen employee awareness of possible hacking
• Establish controls around the payment process
• Monitor changes made to supplier bank information

Employee Social Media

Most employees have no idea what hackers can do with information posted on social media. Hackers spend significant time culling through social media to create and execute successful phishing and "spear phishing" campaigns. AI-based hacking can easily marry company website information with posts of pictures taken in the same country where a deal is being negotiated to acquire assets. Why? To create an email from the CEO requesting wire transfer of funds for a down payment. And the employee could fall for it.

Prevention is easy:

• Create and communicate a social media vulnerability awareness program for all employees
• Hold employees accountable for business controls compliance
• Perform regular cybersecurity training

Companies have no choice but to live with the threat of cyberattacks. Hackers are relentless and creative. They will develop new and varied methods to steal money or cause problems by taking over any system. Unfortunately, companies fall into the trap of spending more and more money on unnecessary technology for protection. Compliance to common-sense controls is the best defense against hackers, whether human or AI-based.

Trenegy helps companies develop effective cybersecurity practices. Find out more about Trenegy’s expertise by contacting us at info@trenegy.com.