The number of cybersecurity incidents has surged five-fold over the last year and could increase more than twenty-fold in the coming year due to advancements in generative artificial intelligence (AI), Aman Raheja, global chief information security officer (CISO) at Hewlett Packard Enterprise (HPE), said.
“The pace of change in cybersecurity is now more prominent than the change itself. Ransomware is gaining new dimensions. Threats from state actors due to shifting geopolitical scenarios will continue to occur going ahead,” Raheja said.
The arrival of generative AI has also made exploiting technology much more accessible to hackers, allowing them to send emails and phishing messages on a much larger scale to millions of users in a much shorter timeframe, he said.
These attackers, Raheja said, are now also using generative AI to instruct large language models to generate new, more sophisticated code and complex programmes to exploit vulnerabilities in organisations’ networks.
Organisations such as HPE have adapted to this burgeoning problem, but it cannot be solved just by deploying additional human resources. Though companies have begun responding to the new threats posed by generative AI, they will need to be more aggressive and accurate to address them, Raheja said.
While methods such as generative user awareness remain among the most efficient and low-cost mechanisms for preventing cybersecurity incidents, they are becoming less effective as attacks become more sophisticated, he said.
The second method is to ensure ample threat modelling for all such possible incidents, Raheja said.
“All we are saying to the users is that if they understand the workflow of how some transactions work, how users operate, whether it is on the network, desktop or an application, we also have to ensure that the right technical controls are in place in a multi-level step for the right protections,” he said.
Apart from ensuring rules-based protection mechanisms, companies will also need to ensure that protective systems are trained on behaviour-based mechanisms so that the tools are updated with the latest trends and usage patterns, Raheja said.
“Every company needs to customise the detections based on their own environment. That is where it takes time and investment to understand these detections and then feed that back into the production strategy. Once companies have this complete cycle, things will continue to get better,” he said.
Raheja, who oversees the cybersecurity strategy and its implementation across HPE’s worldwide operations, also said that the cycle of industries facing the most cybersecurity incidents keeps repeating, but continues to centre on critical sectors such as banking, finance, healthcare and defence.
