As the new year begins, there are many developments expected in the technology sector. However, along with the excitement, concerns about cybersecurity remain prevalent.
Cybersecurity experts believe that in 2024, there will be a significant increase in artificial intelligence (AI) powered cyberthreats, particularly in the area of phishing attacks. This is due in part to the wider availability of powerful tools.
Andrew Shikiar, the Fast Identity Online (FIDO) Alliance’s executive director and chief marketing officer, states that social engineering and phishing tactics are already deceiving both individuals and businesses on a large scale. He expects AI to greatly enhance the effectiveness and scale of these attack vectors.
He predicts that AI-driven phishing attacks will be the main security threat of the year, citing a recent study that found over half the population has experienced an increase in suspicious messages and scams, while 52% believe they have become more sophisticated.
Cybersecurity firm Trend Micro’s vice president of market strategy, Eric Skinner, also expects a widespread escalation in AI-powered phishing threats during the year. He mentions that advanced large language models proficient in any language pose a significant threat, making them exceedingly difficult to detect.
Skinner also highlights the use of generative AI to create hyper-realistic audio and video content, potentially driving a new wave of business email compromise (BEC) and virtual kidnapping scams.
Trend Micro recommends the use of zero-trust policies as the best direction to move towards in response to these threats. “Zero-trust” refers to a cybersecurity approach that assumes that no user should be trusted with unrestricted access by default.
This rising trend in AI-powered cybersecurity threats may lead to more scrutiny from regulators and prompt the cybersecurity sector to take initiative in addressing AI.
A study by cybersecurity company Cloudflare found that 53% of Malaysian companies experienced more than 10 cybersecurity incidents between November 2022 and November 2023. The study also showed that only 35% of these companies disclosed the incident to authorities, as reporting of such incidents is not mandatory under the current Personal Data Protection Act 2010 (PDPA).
Another cybersecurity firm, Surfshark, reported that Malaysia ranks as the eighth most breached country between July and September 2023. The report emphasizes the need for a more proactive cybersecurity approach and an increase in funding for cybersecurity measures.
