According to new research by cybersecurity services firm Bridewell, 84 percent of the U.S.’ critical infrastructure organizations identify AI as a concern driving cyber threats.
The rise in concern regarding how cybercriminals use AI is based on responses from 519 staff responsible for cybersecurity in critical U.S. infrastructure organizations, including sectors such as civil aviation, telecommunications, energy, transport, media, financial services and water supply.
The research found 87 percent of respondents are worried about AI-powered phishing attacks in which criminals use it to improve the accuracy and wording of their email lures, at scale. Criminals can also employ AI to complement basic coding skills, reducing the barrier to entry for exploits while enhancing malware sophistication. With these developments, 86 percent voiced concern over automated hacking, 84 percent have fears about adaptive AI cyberattacks and 85 percent are concerned about AI-driven exploit development.
All AI-driven threats listed in the research are of concern to more than 75 percent – including polymorphic malware that mutates with each infection – while 80 percent fear the emerging threat.
The research also explored how critical infrastructure organizations are using AI to combat the increased use of AI by cybercriminal groups. AI-driven exploits or techniques are not yet as effective as conventional cyber tactics, and businesses are able to use AI-focused tools to protect their systems and infrastructure. With its ability to rapidly analyze large datasets rapidly, AI can be a useful tool in detecting malicious system or network activity, spotting anomalies and suspicious behavior.
Research also found current deployment of AI in cyberdefense is in its early stages, with:
- 29 percent using AI-enhanced endpoint protection.
- 28 percent using AI-driven data-loss prevention
- 27 percent employing AI-based phishing detection and prevention.
Despite these statistics, approximately 98 percent of organizations are using some AI tools, with this trend expected to gain momentum as cyber threats escalate and become more sophisticated.
“While we are at the early stages of AI-driven cyber-attacks, concern among organizations is not unfounded as the technology presents itself as a future threat,” said Chase Richardson, Bridewell VP of consulting. “Businesses can prepare for the impending AI arms race by incorporating the technology into their cyberdefense strategies. AI can be a force for good by helping critical infrastructure organizations to enhance threat intelligence capabilities and accelerate detection and response strategies.”
Click the following to obtain Bridewell’s full Cyber Security in Critical Infrastructure Organizations: 2024 report.
Click here for the Bridewell Academy.