Cybersecurity in the Age of AI: New Threats, New Defences

The relationship between artificial intelligence and cybersecurity is genuinely two-sided, and it's worth being clear about that from the outset. AI is making certain categories of cyberattack more capable and more accessible. It's also making certain categories of defence more effective. Understanding both sides of this equation is essential for anyone responsible for an organisation's security posture. The net effect, whether AI is making us more or less secure, depends heavily on who's deploying it, how well, and in what context.

How AI Is Changing the Attack Landscape

Advanced phishing attacks

Traditional phishing attacks were often detectable by their poor grammar, generic content, and obvious tells. AI-generated phishing content is different. Large language models can produce highly convincing, personalised emails that reference real details about the target, such as their role, colleagues and recent company news, at a volume and speed that human attackers couldn't match.

Spear phishing i.e. targeted attacks on specific individuals or organisations, previously required significant research effort which limited its use to high-value targets. AI reduces that effort dramatically, making sophisticated targeted attacks economically viable against a much broader range of targets.

Australian organisations have seen a measurable increase in the quality of phishing attempts over the past two years, with several high-profile incidents involving emails that passed initial scrutiny from experienced staff.

Vulnerability discovery

AI tools can analyse code and system configurations to identify vulnerabilities faster than human researchers. This capability is available to defenders and it's the basis of several commercial security scanning tools, but it's also available to attackers. The speed at which newly discovered vulnerabilities can be exploited has increased, reducing the window between disclosure and patching.

Deepfakes and social engineering

AI-generated audio and video content, including deepfakes, are increasingly being used in social engineering attacks. Voice cloning technology can produce convincing audio of a CEO or CFO instructing a financial controller to transfer funds and the technology required to produce these fakes has become accessible to non-specialist attackers.

Automated attack tools

AI is being used to automate aspects of the attack chain which increases the scale at which attacks can be conducted and reduces the skill level required to execute them.

How AI Is Strengthening Defence

Anomaly detection and threat hunting

The volume of security event data generated by modern IT environments exceeds what human analysts can review manually. AI-powered security information and event management (SIEM) systems can analyse this data continuously, identifying patterns that indicate potential threats e.g. unusual login times, atypical data access patterns and anomalous network traffic, that would be invisible in the noise without automated analysis.

This capability is particularly valuable for detecting sophisticated attacks that don't trigger conventional signature-based detection. Advanced persistent threats, the kind used in nation-state espionage, are specifically designed to avoid detection by conventional tools. Behavioural analytics powered by AI can identify the subtle patterns these attacks leave even when they're not triggering specific rules.

Automated incident response

When a security incident is detected, the speed of response is critically important. AI-powered security orchestration tools can automate initial response actions including isolating affected systems, blocking suspicious IP addresses and revoking compromised credentials, in seconds rather than the minutes or hours it takes for human analysts to respond. This speed advantage can be the difference between a contained incident and a major breach.

Vulnerability management

AI tools that continuously scan for vulnerabilities and prioritise remediation based on exploitability and business impact help security teams focus their limited resources where they matter most. Rather than working through a static list of vulnerabilities in order of severity, these tools provide dynamic prioritisation that accounts for the actual threat landscape.

Email security

AI-powered email security systems are significantly better at detecting sophisticated phishing attempts than rule-based filters. They analyse not just the content of emails but the behavioural context e.g. is this sender unusual? Is this request atypical for this recipient? Does the writing style match previous communications from this sender?, making constant analysis possible and more accurate than what would have been caught by conventional filters.

The Governance Gap

Technology is only part of the cybersecurity picture. Governance policies, processes, accountability structures and culture are all equally important, and it's where many organisations are most exposed.

The Australian Cyber Security Centre's annual threat reports have consistently identified human factors including phishing susceptibility, poor password practices and inadequate patch management, as the primary enablers of successful attacks. These are governance failures as much as technical ones.

Several specific governance gaps are worth highlighting:

• Incident response planning Many organisations have never tested their incident response plans. A plan that exists only on paper is not a plan, it's a document. Regular simulated incidents are essential for understanding how an organisation will actually respond when something goes wrong.

• Third-party risk management Supply chain attacks where attackers compromise a supplier to gain access to the supplier's customers have become one of the most significant threat vectors. The SolarWinds attack in 2020 and the MOVEit breach in 2023 both demonstrated how a single compromised vendor can affect thousands of downstream organisations. Managing third-party cyber risk requires visibility into suppliers' security practices, which many organisations currently lack.

• Privileged access management Accounts with elevated privileges e.g. system administrators, database administrators and executive accounts, are disproportionately targeted by attackers because they provide the most access. Robust privileged access management, including multi-factor authentication and just-in-time access provisioning, is a high-value control that many organisations still haven't fully implemented.

• Security awareness training Generic annual security awareness training has limited effectiveness. More frequent, targeted training that uses simulated phishing exercises and provides immediate feedback when staff click on test phishing emails is significantly more effective at changing behaviour.

The Regulatory Environment

Australia's cybersecurity regulatory environment has been evolving rapidly. The Notifiable Data Breaches scheme, the Security of Critical Infrastructure Act, and the updated Privacy Act all create specific obligations for organisations handling sensitive data or operating critical infrastructure.

The penalties for non-compliance have increased substantially, and the Australian Information Commissioner has demonstrated a willingness to pursue enforcement action. Organisations that haven't reviewed their compliance position against current requirements are taking on regulatory risk that may not be reflected in their risk registers.

The federal government's 2023-2030 Australian Cyber Security Strategy sets out an ambitious framework for improving national cyber resilience, with specific obligations for critical infrastructure operators and increased investment in the Australian Signals Directorate's capabilities.

Practical Priorities for Australian Organisations

Given the current threat landscape and regulatory environment, the following priorities represent the highest-value investments for most Australian organisations:

• Multi-factor authentication Implementing MFA across all externally accessible systems and all privileged accounts eliminates a large proportion of credential-based attacks. It's not a complete solution, but it's one of the highest-return security controls available.

• Endpoint detection and response Modern EDR tools provide visibility into endpoint behaviour that conventional antivirus cannot match. They're particularly effective at detecting the lateral movement and persistence techniques used in sophisticated attacks.

• Regular patching The majority of successful cyberattacks exploit known vulnerabilities for which patches are available. A disciplined, timely patching programme, particularly for internet-facing systems, removes a large attack surface.

• Backup and recovery testing Ransomware remains one of the most significant threats to Australian organisations. The ability to recover from a ransomware attack without paying the ransom depends on having current, tested, offline backups. Many organisations have backups but have never tested their ability to restore from them.

• Security awareness Investing in genuine, ongoing security awareness training not just annual compliance tick-boxes, reduces susceptibility to phishing and social engineering attacks.

Where to from here?

AI is making the cybersecurity challenge harder in many ways and easier in others. The organisations that navigate this environment most successfully are the ones that approach security as an ongoing operational discipline rather than a periodic compliance exercise.

The threat landscape will continue to evolve rapidly and the organisations that build adaptive, intelligence-led security programs, rather than static, rule-based ones, are the ones that will be best positioned to respond.

Eagle SOS specialises in supporting the development, implementation, and integration of mission critical technology to optimise intelligent automation. Visit our blog for more emerging technology news and practical insights.

#emergingtechnology #AInews #technologynews #cybersecurity