SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Phishing
#
Zero Trust Security

AI impersonation emerges as top cyber threat in new report

Today
Author image
By Shannon Williams, Journalist

New research from Teleport reveals that AI impersonation now ranks as the most challenging cyber attack vector for security experts to defend against, as indicated by 52% of senior leaders surveyed.

The 2024 State of Infrastructure Access Security Report issued by Teleport highlights the growing complexity of social engineering techniques, with AI and deepfakes substantially enhancing the effectiveness of phishing scams. The study involving 250 senior decision-makers illustrates the persistent threat posed by social engineering, which remains a primary tactic for cybercriminals to deploy malware and exfiltrate sensitive information.

Ev Kontsevoy, CEO of Teleport, states, "The reason AI impersonation from cyber criminals is so difficult to defend against is that it is getting better and better at mimicking legitimate user behaviour with high accuracy, making it challenging to distinguish between genuine and malicious access attempts."

The survey data shows that a majority of organisations, at 68%, have adopted AI-enhanced tools to improve the precision and efficacy of security measures. However, there is ongoing debate concerning the effectiveness of employing AI to counteract AI-based threats. Kontsevoy comments, "The findings here suggest a risk of overconfidence in AI's ability to protect organisations against social engineering. Using AI to combat this threat is like suggesting that an adversary targets the missiles on a fighter jet, rather than the fighter jet itself."

Kontsevoy further emphasises that the focus should be on reducing the vulnerability of credentials: "The right conversation is, 'how do we stop employees and enterprises from making their credentials a threat vector?' As it stands, credentials are pretty much littered across the many disparate layers of the technology stack – Kubernetes, servers, cloud APIs, specialised dashboards and databases, and more."

Despite the advancements in social engineering, almost 40% of businesses have yet to implement cryptographically authenticated identities to counteract identity-based attacks. The growing prevalence of these types of attacks was noted by 87% of respondents as a significant challenge to improving infrastructure access security.

In the area of defensive ease, respondents indicated that weak passwords are now one of the simplest attack vectors to mitigate, with only 36% reporting difficulty in addressing this issue. Notably, 45% of participants considered protecting against weak passwords to be 'easy'.

On this point, Kontsevoy observes, "I think what this shows is that the cybersecurity industry is becoming better at plugging the most obvious gaps and weak points. There has certainly been some regulation, such as in the UK, to clamp down on weak passwords." However, he warns that credentials extend beyond passwords to include API keys and browser cookies, and there are still standing privileges that pose a risk.

Kontsevoy concludes, "Regardless of whether social engineering attacks use AI or not, the solution is always going to be the same: eliminate human error. That means the modern-day security paradigm has to be first and foremost about eliminating secrets and enforcing cryptographic identity, least privileged access, and robust policy and identity governance."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
IriusRisk unveils Jeff: AI tool for threat modelling images
ReliaQuest report reveals new cloud phishing tactics
New Cloud Security Alliance report stresses ethical AI governance & risk
AppOmni earns FedRAMP status, enhancing SaaS security
Papua New Guinea adopts TechnologyOne SaaS for 200 agencies
Top stories
CyberArk highlights new security threats at Impact World Tour
Zoho invests USD $10m in NVIDIA AI for language models
Gallagher wins big at Australian security awards event
Dynatrace named a leader in 2024 Gartner's Magic Quadrant
Qualys VMDR recognised as leader in 2024 GigaOm report