How Cybersecurity Tries To Keep Up With Attackers’ Evolving Strategies

website security

The cybersecurity world is witnessing a potentially new, dangerous threat: according to insurance firm Euler Hermes, one of its corporates fell victim to cyber fraud after attackers used sophisticated artificial intelligence (AI) technology to impersonate the firm’s chief executive officer by mimicking his voice on the phone.

Though the tactic is unusual, cybersecurity experts warn the strategy could signal an increasing use of so-called “deepfake” technology to infiltrate systems and steal company cash.

It’s unclear whether AI voice mimicking will become the norm in cyberattacks, but what is certain is that these criminals are growing more sophisticated and experimenting with new technologies and tactics to commit their crimes.

One cybersecurity expert, Agari CEO Patrick Peterson, recently told reporters that cyberattackers are beginning to look like “super criminals” thanks to their creative, albeit malicious, use of sophisticated technologies.

In response, however, cybersecurity companies, businesses, and government officials are similarly exploring new strategies to combat this threat.

Some of those strategies include collaboration, with Comcast Business recently announcing a collaboration with Fortinet and Akamai to elevate cybersecurity capabilities for middle market clients. For others, like the Cyber Readiness Institute, combatting cybercrime means expanding the availability of resources: the Institute recently revealed its plans to translate its cybersecurity program to Spanish and Portuguese for instance.

Other tactics include strategic investment in cybersecurity, government-led initiatives, and technological innovation — all in an effort to stay ahead of bad actors. Below, PYMNTS looks at some of the numbers behind changing cybersecurity strategies.

29 percent of small businesses spend less than $1,000 on IT security each year, data from Untangle revealed in its 2019 SMB IT Security report. SmallBizTrends reported last week that this data conflicts with Untangle’s other finding: that 80 percent of businesses surveyed agree IT security is a top priority. According to Untangle Chief Technology Officer Timur Kovalev, small businesses struggle with limited budgets, time and workforces — forcing these firms to reassess their IT security investments and prioritizing which cybersecurity technologies demand the limited funding that’s available.

50 percent of alerts received by cybersecurity experts are false-positives, new research from CRITICALSTART reveals. As a result, these professionals are beginning to tune out those alerts, raising the risk of missing an actual cyber threat, Health IT Security reports said last week. Each alert takes more than 10 minutes to investigate, and with experts receiving an average of 10 a day, researchers warn that cybersecurity personnel are beginning to suffer from “alert fatigue,” signaling the need for more sophisticated, intelligent technology, as well as automation.

$157 million: The cost of the Australian government’s 2016 cybersecurity initiative. Now, Australia is looking to update and revamp its strategy to combat cyber crime. According to ZDNet reports, the government plans to introduce a new cybersecurity strategy that will supersede the 2016 initiative, noting that “the threat environment has changed significantly and we need to adapt our approach to improve the security of business and the community,” according to Peter Dutton, Minister for Home Affairs. Australia is now seeking comment from industry experts to address modern cyber threats in both the private and public sector.

$13.5 billion has been lost to the Business Email Compromise scam between 2013 and 2018, data analyzed by cybersecurity firm Agari, in conjunction with the Federal Bureau of Investigation’s Internet Complaint Center, revealed. Yahoo Finance reports last week said Agari CEO Patrick Peterson is warning that cybercriminals are beginning to look more like “super criminals,” elevating their attack strategies to impersonate vendors or company executives and steal corporate funds. In response, Agari said solution providers must evolve their technologies to mitigate this risk even after cybercriminals have infiltrated a supply chain.