The Dark Side of Artificial Intelligence

We cannot overlook the dangerous side of artificial intelligence (AI) hidden beneath glowing media coverage of all the benefits that it has brought to humanity. There is also a dark side to AI, and when used by criminals, they are able to leverage that same power out of it for malicious purposes.

Ransomware Attacks Today

Cybercriminals asking people for a few gift cards just a few short years ago has escalated into multiple layers of extortion that oftentimes will get six and seven-figure sums paid by companies that fell victim to them. Now it's not just encrypting the data of the victim, but it's also threatening to release it out to the dark web.

The average downtime for a victim of a ransomware attack is three weeks, or 21 days. You can imagine if you're a business how catastrophic it would be to be down for 21 days without being able to produce your goods or services. The average time to detect an attack is currently 194 days, and an additional 64 days are needed to subsequently contain that attack once it's been identified. As an example, if an attack were to happen on New Year's Day, you wouldn't really have it detected until after the Fourth of July, and you wouldn't have it contained until Labor Day. These attacks can be devastating.

Supply Chain Attacks

Criminals are very efficient, so by attacking supply chains, the attack acts as a multiplier. Anything downstream or upstream is now impacted by that cyberattack. For example, managed service providers (MSPs) are often victims of these types of attacks because they support hundreds of companies. By attacking once, they can then get hundreds of victims in one swoop.

Cloud Technology Security Risks

Over 80 percent of data stolen is now found in the cloud. A lot of people feel as though the cloud is a panacea of security, and certainly there are some great security controls in place, but it is not immune to attack. Unfortunately, criminals know that all the eggs are kept in that basket and that's where they're really starting to target. You want to make sure that your business is acquiring a SOC report from your cloud provider, reading it very thoroughly, and looking through those complementary user entity controls.

Social Engineering and Phishing

Let's explore some of the more malicious purposes that criminals use AI for. AI has removed some of the traditional hallmarks of these types of phishing attacks, such as poor grammar and spelling. Oftentimes, English isn't the first language of these attackers and they've been able to streamline and make these almost indistinguishable from legitimate communications.

They're also able to use sophisticated tools to create malicious software with little to no programming experience. These chatbots, Fraud GPT for example, are able to create very malicious programs.

Cyberattacks by the Numbers

Now let’s look at some of the statistics that really drive home how dangerous the world of cybersecurity has become. In 2024 (the latest year that we have numbers for) there were over 1.7 billion records that were either exposed or compromised. That's almost a quarter of the world’s population. The average cost of these breaches is around $4 million, but in the United States, it's closer to $9 million. Forty percent of attacks target small businesses. The concern here is that a lot of smaller businesses feel as though, "Well, I'll fly under the radar of these criminals. They don't want anything from me." Unfortunately, they are often a softer target and are more frequently prone to being hacked.

In over 90% of attacks, the genesis is social engineering by way of spearfishing or texting (known as smishing or even vishing) which are voice calls. Those are the ways to really deceive a user into providing their credentials or clicking on an infected document.

How Citrin Cooperman Can Help

Citrin Cooperman’s Cybersecurity Practice helps companies assess their organizational vulnerabilities and provides actionable plans to defend against cyberattacks and data breaches. For more information on how to best safeguard your company in today’s challenging digital landscape, please contact Kevin Ricci or info@citrincooperman.com.