USA Trends and Developments Contributed by: Beth George, Timothy Howard, Brock Dahl and Megan Kayo, Freshfields
and anomalies that are indicative of malicious intent. Another significant application of AI in cyberde - fence is the detection of vulnerabilities and mali - cious or anomalous activity within a company’s systems. These tools utilise AI to monitor net - work traffic and identify unusual behaviour that could signify a cyber-attack. By continuously learning from the network’s normal behaviour, these tools can quickly detect deviations and alert security teams to potential threats. Although AI tools and systems can benefit companies, cybersecurity plays a crucial role in ensuring that AI systems are resilient to attempts by malicious third parties to exploit the system’s vulnerabilities and thereby alter the system’s behaviour, performance or security properties. Cyber-attacks against AI systems can exploit AI-specific assets, such as training data sets or trained models, but also vulnerabilities in the AI system’s (underlying) digital assets or the under - lying ICT (information and communications tech - nology) infrastructure. To address these risks, the EU AI Act requires certain high-risk AI sys - tems to meet a specific cybersecurity standard. Insider threats With the increase in remote work and read - ily available AI tools during the past few years, there has also been an uptick in insider threat risk from nation state actors. North Korea, in particular, has been exploiting the recruitment and onboarding processes to install thousands of fraudulent remote IT workers at companies. These fraudsters typically use falsified or sto - len identities to secure their positions. The wide availability of AI tools reportedly has increased this trend, as these tools help the fraudulent IT workers to create convincing profiles and evade detection during the hiring process.
Once hired, these fraudulent IT workers can remotely access company systems within the scope of their job responsibilities and steal pro - prietary information, which they can then use to extort payment from the victim company. Alternatively, fraudulent IT workers can deploy malware within the network or create backdoor access into the company’s network for future cyber-espionage campaigns, as they often have deeply embedded and difficult-to-detect access to company systems. Additionally, this creates sanctions risk, given that the US Treas - ury’s Office of Foreign Assets Control recently advised that the vast majority of these fraudulent IT workers’ earnings were used to fund North Korea’s weapons of mass destruction and bal - listic missile programmes. Mitigation measures While cyber-attacks such as ransomware, sup - ply chain attacks, and insider threats are per - vasive, there are measures that companies can take to mitigate the impacts of such incidents, including: • regularly updating and patching systems – given that exploited vulnerabilities are one of the most common attack vectors and easily accessible AI tools are increasing the rate at which zero-day vulnerabilities are exploited; • conducting employee training on phishing and social engineering, as another one of the most common attacks vectors is phishing; • using advanced threat detection and response tools, as industry research and statistics show that the cost of responding to incidents is significantly lower for companies that have deployed such tools within their systems; • maintaining an asset inventory to ensure the company has visibility of all its endpoints and throughout its systems;
363 CHAMBERS.COM
Powered by FlippingBook