Digital: Disrupted: The Evolution of the Cyberattack
October 13, 2023
In this week’s episode, Paul sits down with Graham Cluley to discuss the evolution of cyberattacks and cybersecurity solutions. Graham shares how generative AI is impacting the cyber threat landscape, and the risk management strategies he recommends to organizations.
Digital: Disrupted is a weekly podcast sponsored by Rocket Software, in which Paul Muller dives into the unique angles of digital transformation — the human side, the industry specifics, the pros and cons, and the unknown future. Paul asks tech/business experts today’s biggest questions, from “how do you go from disrupted to disruptor?” to “how does this matter to humanity?” Subscribe to gain foresight into what’s coming and insight on how to navigate it.
About This Week’s Guest:
Graham Cluley is an expert in the cybersecurity space with over 30 years of experience and is an award-winning cybersecurity public speaker. He is the host of the Smashing Security podcast and was inducted into the Infosecurity Europe Hall of Fame in 2011.
Listen to the full episode here or check out some highlights below.
Paul Muller: Do you want to maybe bring us up to speed with what's happening in the world of generative AI and how it's changing the cyber threat landscape in your opinion?
Graham Cluley: I think fundamentally, one of the big changes it has caused is a democratization when it comes to attacks. So, it's put the power in everybody's hands to do some extraordinarily sophisticated things, which you previously would've thought, oh, well, if the CIA managed to get a whole bunch of guys in Hollywood and special effects guys, it sounds like a feature film already, doesn't it? And they put them to work in producing this mission-impossible style video, which does these extraordinary things. Now, any Joe blog can do it, and you can do it pretty much for free as well. And the development at which those things are happening and how sophisticated they're becoming is quite astonishing. Just in the last year, we've seen such advantages that we can't begin to imagine how realistic it's going to be. Already, we are struggling to tell the difference between things which are created by AI and things that are real, and that makes it quite terrifying.
But yeah, this democratization means it's available to more people than ever before, even if, for instance, English is not their natural language. We know there are plenty of disadvantaged people living in poorer parts of the world who have turned to a career of crime on the internet because they see no other route for themselves out of their poverty. And in the past, people have said, oh, look out for those letters from Nigeria and all the rest of it. But you can tell by the silly spelling mistakes or the way in which they're worded, we'll forget all of that because now they can make it extremely convincing. And of course, it's opened up opportunities to exploit the economies of scale as well. So, you could use this technology not just to outbox one person but maybe to outbox 5,000 people at the same time, because all you need is more computing power to do it in any language.
PM: I imagine that you could use some of these generative AI tools to very quickly build a profile on somebody and tailor your attack, personalize it for want of a better term. Again, it's not so much that you couldn't do that before, but the transactional cost of doing it might have been hundreds or thousands of dollars’ worth of time. Now it's pennies on the dollar. Is that fair to say?
GC: Absolutely. So, it's cheaper than ever before. It's more accessible than ever before. It's so much easier to do it than before. There is a website on the internet where you can upload anybody's photograph and it will do whatever the haircut's doing, drawing through its internet, search database, et cetera, and it will come back and tell you who that person is. It will link to their social media profiles. So, you now know what their name is and how old they are, and who their friends are. So, people are doing this, people are using this, they're just, they're seeing someone in the background of a video who they think, oh, I quite fancy her. Or they're seeing someone who they want to target, and they want to know who it is, and all they need is one photograph of them and it comes up with all the other photographs of that person as well. And it's remarkably reliable and accurate in how it does this and these things are just going to get worse. It's like Clearview AI, but just for all of us. So, technology which you thought was only in the hands of intelligence agencies, is now available to anybody.