The average cost of a data breach in the United States was approximately $9.44 million last year, according to IBM. Most commonly, “bad actors” infiltrate company networks and steal critical data through email phishing.
For Cybersecurity Awareness Month this October, FNTS is raising awareness about how cyberattackers are utilizing artificial intelligence (AI) and machine learning technologies to deploy more sophisticated ransomware attacks. While AI has many benefits, it’s important for individuals and companies to understand the risks associated with using AI tools.
With the increase of malicious bots and AI, being vigilant can help protect critical data from unwanted users. Gartner predicts that by 2025, the consumerization of AI-enabled fraud will fundamentally change enterprise attack surface driving more outsourcing of enterprise trust and focus on security education and awareness.
AI and Email Phishing Working Together
Cyberattackers are now using AI to write more legitimate-looking email phishing attacks. They program machine-learning technology to utilize imagery from the internet and keywords that are known to bypass email spam filters. If a spam filter blocks the email, the AI bot will continue to refine the phishing email until it breaks through filters designed to stop spam. While these phishing emails typically contain an infected attachment or a malicious link, QR codes also could be compromised with ransomware or malicious tools.
Once an infected attachment or link is opened, the bot will scan a company’s network to learn about its security practices. The bot will then report its findings to the cybercriminal who can leverage the information in its ransomware attack.
How AI Data is Used by Cybercriminals
While the more than 200 AI tools available today provide various benefits such as automation, enhanced customer service experiences and other advancements, there also are privacy concerns associated with the data these tools collect.
At this time, there is no governance or management of the collected data, which means companies can sell any of the data that is being collected. This practice becomes a security concern when employees input proprietary company information.
It’s not just AI tools that are collecting this information. Smart home devices and virtual assistants are always listening, awaiting its “wake word” to assist you. When these tools are activated at home or in the office, they begin listening to its surroundings, which could include any sensitive company data being shared vocally. Smart cameras and even children’s toys that store voice recordings also could make you susceptible to a cyberattack.
Phone number spoofing also is becoming more common. Cyberattackers can utilize voice recordings from calls, stored voicemails, public appearances and virtual assistants to impersonate individuals you may know. They also can take advantage of your emotional state to scam you for money or access to your devices. Some technology companies anonymize all stored voice recordings to remove identifiable information.
Protecting Your Critical Data
FNTS, a trusted managed services provider for more than 27 years, works closely with organizations to deploy multiple lines of defense to reduce their risk profile and prevent data from being compromised.
FNTS utilizes AI technology for managed security services. We leverage self-learning AI technology that scans and responds 24/7 at machine speeds to efficiently identify potential attacks early enough to stop the threat from infecting client networks.
There are preventative measures individuals can take to protect themselves. Turn off virtual assistants and other voice-activated smart devices that may overhear sensitive company data. When conducting phone calls or virtual meetings, be aware of the volume levels on your speakers, such as those in your car, so private conversations are not overheard.
To learn more about managed security services FTNS offers to companies, visit https://www.fnts.com/security/managed-security-services.
