In the realm of cybersecurity, artificial intelligence (AI) serves as a double-edged sword, providing transformative capabilities for both attackers and defenders alike.
To Dorit Dor, chief technology officer (CTO) at Check Point Software Technologies, AI is changing the nature of cyber attacks and cyber defences, as well as influencing an organisation’s need to protect its proprietary AI. Check Point is an AI-powered, cloud-delivered cybersecurity platform provider. Dor, an industry veteran and one of the world’s leading women in the cyber industry, joined Check Point in 1995 and has served in several roles including being the company’s chief product officer for over 25 years.
“[AI can] help an attacker just as it helps any other organisation — by making cyber attacks more efficient and scalable,” says Dor at Check Point’s CPX Bangkok conference in January. She explains that bad actors can use AI to help with their research to build more targeted cyber attacks, thereby increasing efficiency.
Nataly Kremer, Check Point’s chief product officer and head of R&D, adds: “Today, all you need to have to build a cyber attack is just criminal intent. You don’t have to be an expert since you can easily ask AI to create [and execute] cyber attacks for you. This is scary for two reasons: The number of attacks will grow significantly and it’s easy to fine tune attacks. For example, AI can easily craft 50 versions of a phishing email to see which is the most effective.”
Rising trend of ransomware
Organisations need to be concerned about the ease of executing phishing attacks as they are usually the primary delivery system for ransomware. Dor notes that malicious actors are likely to plug in ransomware into their cyber attack as it is one way for them to monetise the attack. According to a Chainalysis blog post dated Feb 7, the total amount of payments extorted from ransomware victims crossed US$1 billion ($1.34 billion) in 2023, making this a record high despite the decline seen in 2022.
See also: Singtel offers free access to Perplexity Pro AI search for a year
Another reason for the rising trend of ransomware is that cyber attackers may have gotten better at understanding what would make their victims successfully pay up.
“An example that is counterintuitive is, there are insurance companies that insure against ransomware. Some attackers are going after those who are insured… because they have insurance [of maybe] up to one million dollars. If they attack you and ask for less than a million dollars, they are more likely to get paid than someone that doesn’t have cyber insurance,” says Dor.
She continues: “They’re using the information of how much you’re being insured for and the fact that you are insured to see you as a target. So, it’s sometimes confusing because you have to get into the mindset of an opposite thinking, kind of personality.”
See also: The AI opportunity and challenge for Apac
Additionally, Dor highlights that attackers are resorting to more layers of extortion. That is, they are targeting an organisation as well as its clients.
“So, they could demand you pay them, and also tell your clients that they will lose their data unless they pay the ransom. We’ve even seen attackers threatening to report [the targeted organisation] to the US Securities and Exchange Commission. Because if you have an obligation to report the attack, they would tell you that they’re going to report you to the authorities as a scare tactic to get you to pay. They will use anything…as a way to attack you,” she says.
For an organisation to protect itself effectively, Dor suggests starting by having a security architecture and understanding the inputs and outputs to the company’s environment. “You should build a security architecture [and] put the right guardrails in the right places. The system needs to be updatable because even if you do a perfect job today, something [might] change tomorrow. You should also learn from the world and from your own incidents or near-incidents to improve your system, [especially when] you’ve learnt that something could be a blind spot.”
AI for defence
Although AI can power cyber attacks, not all hope is lost as cyber defenders are also leveraging AI to accurately decide if the organisation is under attack with the data derived, and automate security operations centres which are very human-intensive today. For example, generative AI could help automate the remediation process. “You could [ask generative AI to identify] things that will evolve and [suggest better ways] of defending the organisation,” says Dor.
She also shares that using AI or machine learning to detect and prevent cyber threats is not a new trend, and Check Point has been doing it for the past 15 years. “Our products have an underlying [set of] cloud-delivered, AI-powered core services. [These services] collect a lot of telemetry data from different sources in the world to learn what is bad and what is good before teaching AI models to work.”
One example cited by Dor is Check Point’s model in identifying phishing in emails, which is a common form of cyber attacks. She explains: “People identify phishing in many different ways, and it may be hard to tell that [a particular spam email] is actually phishing. A phishing email could be a brand impersonation email that sends you to a slightly changed site instead of the original site, or a business email compromise that convinces you to transfer money [by posing as a trusted figure in your company]. So Check Point has multiple AI engines that handle different things, but all of them learn how to differentiate good and bad [patterns or behaviour].”
Besides leveraging AI, organisations also need to have a holistic and collaborative cybersecurity platform. “Organisations tend to have many cybersecurity products from different providers that may not work well together. This is inefficient and poses a cybersecurity risk, because when products do not talk to each other, they become less effective in preventing cyber attacks,” says Kremer.
She adds: “Recognising this, our platform is collaborative in nature to ensure that our cybersecurity products [looking at different forms of attacks] can work together and find cyber threats and attacks more efficiently and effectively. We do it by having one infrastructure to support all our solutions [including those we acquire and newly developed ones]. That way, we ensure our solutions are integrated with each other.”
