IBM’s most recent X-Force Threat Intelligence Index unveils a worrisome trend where cybercriminals are increasingly focusing on attacking corporate networks via the most basic entry points, with AI technologies enhancing the rapidity of these attacks.
The report, released on Wednesday, observes a 44% rise in assaults launched by breaching internet-facing infrastructures, including public websites and online services. This spike is primarily linked to the lack of login verification and the employment of AI to swiftly pinpoint vulnerabilities.
The abuse of software vulnerabilities surfaced as the main cause in 40% of the cases monitored by IBM in the previous year. “They’re accelerating it with AI,” remarked Mark Hughes, IBM’s global managing partner for cybersecurity solutions. He stressed the necessity for security executives to take a more proactive approach, leveraging AI-driven threat detection and response to proactively mitigate vulnerabilities and thwart potential threats.
IBM’s report aligns with the UK government’s heightened initiatives to enhance business cybersecurity, particularly for small to medium-sized enterprises. Recently, officials initiated a campaign promoting the implementation of the ‘Cyber Essentials’ checklist, highlighting fundamental security practices such as software updates and access management.
The UK government estimates that cyber threats inflict costs of £14.7 billion on businesses each year, with around half of smaller companies facing a breach or attack in the last twelve months. IBM’s insights reveal that unguarded systems and insufficient account security remain significant vulnerabilities for UK firms. Security assessments continue to uncover challenges related to access controls and configurations, which, despite being easily missed, pose considerable exploitation threats.
The report also underscores the escalating concerns regarding AI tool usage within organisations, pointing out a notable increase in stolen login credentials associated with AI applications like ChatGPT. IBM alerts that compromised chatbot accounts can potentially lead to the extraction of sensitive data or manipulation of outputs, creating further risks for enterprises.
