AI has unleashed unprecedented cyber threats, requiring a new approach to cybersecurity

By Yash Pillay, Sales Engineer at Trend Micro

Imagine coming to the end of a lengthy recruitment process, only to find out the candidate you’ve been dealing with during several rounds of in-depth interviews isn’t real. In fact, the person you’ve just hired doesn’t exist at all. It may sound like something out of a fictional thriller, but unfortunately, AI-based tools and deep-fake technology have turned this scenario from fiction to reality, adding to the growing list of security concerns for enterprises of all sizes.

Not only are job candidates able to use AI to accurately answer interview questions for them, but they can also draw on deep-fake technology to completely alter both their voice and appearance. With more than half of remote workers these days remaining fully remote, scammers could potentially cash in on months’ worth of paychecks before they are discovered. In far more, sinister cases these fake hires can be based in a completely different country and implanted within your local organisation as part of a nation-state attack to steal highly sensitive information.

Given the sophistication of these attacks, it’s hardly surprising that 66% of organisations globally still view AI and machine learning as the factors that will most significantly impact their cybersecurity during 2025.

The reality is that AI use is still in its infancy stages. And not just in terms of how the technology can be wielded by cybercriminals, but also how it can be used by employees to unknowingly introduce new vulnerabilities within the business.

Consider, for example, AI that can do more than just provide information—it can make decisions and take actions for you, like booking and paying for flights or managing your calendar. This is known as agentic AI. While it sounds incredibly convenient, it also means we could lose visibility over what the AI is doing behind the scenes at the code level. In other words, what information is being passed to which systems and how this can potentially be manipulated, creating new vulnerabilities?

Even without agentic AI in the picture yet, the data we’ve collected across various local organisations shows us that users are already accessing high-risk cloud applications from within their organisations. These applications can introduce various risks, like downloading harmful software or creating back doors for unauthorised access. So, it's crucial to be aware and cautious about the potential vulnerabilities these apps might bring.

Managing these increasingly complex security challenges is going to require a more innovative approach to proactive cybersecurity than has been used before. From Trend Micro’s perspective, this involves several key areas.

Understanding the attack landscape

Achieving 100% security is unrealistic in today's world. Instead, we take a proactive approach by constantly evaluating our infrastructure and assets, like user devices and accounts, to identify and prioritise risks. This allows us to focus our efforts where they're needed most, ensuring our security posture remains strong. With so many applications to manage, having a platform to highlight weaknesses helps us stay vigilant and informed.

We begin by assigning a risk score to our customers. This score includes various factors, starting with the attack landscape. We track what threats are detected in the customer’s environment, such as a user plugging in a memory stick that contains malware, which we then block from spreading.

To help transform the way enterprises proactively approach cyber risk, Trend Micro also recently launched Trend Cybertron, a specialised AI engine. It predicts and prevents threats across all environments, using precise local risk assessments and global threat intelligence. Integrated into the Trend Vision One™ platform, it helps IT teams anticipate and mitigate risks before they become breaches. This AI engine, built on a foundation of machine learning and decades of expertise, helps detect and prevent various threats, from deepfakes to malware and phishing.

Evaluating user exposure

The second area of risk is exposure. Imagine your home security: your firewall is the wall, and the gate controls traffic. Now, if you leave a window open without protection, a burglar can easily get in. Similarly, in cybersecurity, vulnerabilities often come from within, like unpatched applications.

Another example of user exposure could be inactive and weak user accounts, which can pose serious security risks. When employees leave, their accounts should be deactivated immediately. However, some accounts linger, and their passwords may not be regularly updated, creating vulnerabilities. If hackers gain access to these accounts, especially those with administrative privileges, they can move laterally within the network, posing a significant threat. It's crucial to identify and secure any "open windows" in the system to prevent unauthorised access.

Monitoring security configuration

The third focus is security configuration. It's crucial to properly set up and manage security tools because even the best solutions are ineffective if misconfigured. Think of it as having top-notch locks but leaving your door ajar. Without proper oversight, suspicious activities can go unnoticed. Regularly monitoring and managing these tools can catch potential threats early, preventing issues before they escalate.

Constantly evolving user education

Finally, user education is crucial. Since users are often the weakest links, we must improve their training on the latest threats. This includes necessary phishing exercises and addressing new, unseen threats to keep everyone well-informed and vigilant.

The evolving nature of cyberattacks requires us to constantly adapt our cybersecurity strategies. Traditional methods are insufficient as attackers become more sophisticated. Embracing advanced technologies like AI and machine learning is essential. We must integrate these into a comprehensive framework that anticipates and mitigates risks before they become breaches. By fostering innovation and leveraging cutting-edge tools, we can protect our digital environments and ensure a resilient security posture.