Cybercriminals will adopt AI to accelerate the tempo of attacks they mount, making them harder for organizations to combat, suggests the annual Threat Horizon 2023 report by the Information Security Forum (ISF), a not-for-profit cybersecurity and risk management association. Drawing on 15 years of predictions, the report details nine cybersecurity threats organizations need to prepare for as these evident dangers mature and are deployed over the next two years.
“By 2023, organizations will be under siege as attackers turn to AI to accelerate and super-charge exploits never seen before,” said Steve Durbin, chief executive, ISF. “These attacks, when combined with the chaos and uncertainty caused by the pandemic’s aftershocks, could leave unprepared organizations reeling and struggling to cope.”
Top of the list is the exploitive techniques being adopted by organized criminals using AI tools and machine learning to make their nefarious attacks more autonomous and dangerously aggressive.
Close behind are developments by con-artists and scammers to combine ID credentials with convincing audio and video to create “digital doppelgangers” and “deep fakes” that can autonomously steal identities in the service of various cyber-crimes, fooling many members of an unsuspecting public who tend to believe video footage from unverified sources.
The Threat Horizon 2023 report compiles technology threats to help business organizations anticipate the imminent dangers against which they need to prepare adequate defenses. The report outlines the degree to which each threat could impact an enterprise and how to organize mitigation efforts to start the necessary defensive postures. Key themes include:
1. Machines Seize Control: Organizations turning on autonomous defenses to combat AI-powered attacks could be exposed if the tools are given too much control. With humans pushed out by technology, it could be hard to recover if the machines fail or act unpredictably.
2. Identity is Weaponized: As identities become more valuable and increasingly translated into technological forms, scammers and other threat actors will aim to monetize credentials by stealing intimate data, creating digital doubles, or using bots to batter away at websites and secure supplies of high-priced and limited-edition goods.
3. Security Fails in a Brave New World: Established and once-predictable patterns of business life, such as energy supplies, trading relationships, and supply chains, will be changed forever.
“Our report gives organizations advanced notice so they can put in place appropriate responses,” said Mark Ward, ISF Senior Research Analyst and author of the report.
The ISF Threat Radar
Senior leaders, CISOs and risk executives can use tools such as the ISF Threat Radar to:
- Assess the potential impact of threats;
- Determine the organization’s ability to manage threats;
- Prioritize plans and investment needed to remediate threats.
Threat Radar facilitates engagement with the Board, offering a way to visualize the extent of impending threats and identify areas that require further investment.
For more information on Threat Horizon 2023, and to download the executive summary, please visit securityforum.org.