How AI has made cyber attacks more sophisticated
With the surge in AI use, cyber attacks are changing, according to Neuva solutions, CEO, Ferdinand Tadiaman.
Cyber attacks have become more sophisticated as bad actors use more AI-based tools to target organisations.
Ferdinand Tadiaman, CEO at MSSP Nueva Solutions told CRN Australia at the Acronis MSP Connect in Sydney that phishing emails sent to businesses have become more advanced.
“A lot of the phishing emails now you won't see any grammatical errors, or you won't see any emails coming from the, the king of Brunei, they're a lot more sophisticated,” he said.
Neuva Solutions provides, offensive and defensive security options for end users plus governance and risk options, including various certifications like SMB1001.
What Tadiaman is also seeing is third party attacks, with breaches coming from contractors and suppliers.
“Any suppliers that you bring to your ecosystem becomes another threat vector. Now that we're buying more services like SaaS services and through suppliers, they become an entry point to your environment,” he explained.
“What we're seeing now is if they get breached, they they're sending compromised emails to their customers and their ecosystem, we saw that with Qantas just recently, with a call centre in the Philippines.
“They use very sophisticated attacks, where they use voice synthesisers to copy someone's voice from the call centre to be able to then break into the to their environment.”
As attacks are becoming more sophisticated, they’re also becoming more frequent and expensive.
"The cost of a breach is getting higher, it's increasing every year,” he said.
“I think now it's over $4 million, average cost of a breach is over four million, and average cost for an SMB is roughly around the $140k mark.
“If we look at the SMBs today, who can afford $140k so there's a massive reputational damage as well as financial impact damage.”
He noted there has also been a change in technology too.
“We're seeing a lot more people embed cybersecurity, and now there's more awareness, I feel, which is good, and that's because of all the breaches.
“The good thing that came out of it is created more awareness and education for customers,” Tadiaman said.
Challenge in finding talent
Another challenge Tadiaman is facing is a lack of talent and qualified people within the industry
“There's a lot of upskilling that we need to do or reskilling, and technology changes so fast, so it's just getting across so many things. There's a lot of noise, it's too much noise,” he explained.
“If we're finding it hard to navigate through the noise, imagine our customers.”
To try and reduce the noise, Tadiaman explained that him and his team work hard to advocate for their customers.
"We say, ‘these are, these are our customer strategic initiatives, let's align that with how we can deliver on those initiatives with solutions and services’, rather than just throwing product [at them],” he explained.
Tadiaman noted that everyone is throwing all these buzz words, like zero trust and AI. To counteract that, he asks his customers what they want to do and what their business risks are.
“It's a balancing act and what we're finding is resources is insanely hard. I think that's a problem for everyone,” he said.
“ISC2, which is where we get most of our certifications from, they predicted by 2026 there's going to be a shortage of four million cyber security professionals globally.”
The channel is a “hot space”
Despite the challenges facing Tadiaman, he said the channel and cybersecurity is a “hot space” at the moment.
“Cyber is very topical for all organisations and the beauty is SMB 1001 is an easy framework for any organisation to start off the cyber security journey,” he said
“It's exciting to be able to help organisations, especially regardless of whether small or large, to start off on that journey, cost effectively.”