Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Cybercriminals embracing AI

May 2024 Information Security, Security Services & Risk Management

By Zaakir Mohamed, Director, Head of Corporate Investigations and Forensics, CMS South Africa

Across the globe, organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still trying to figure out how best to use AI, cybercriminals have fully embraced it.

Whether they are creating AI-enhanced malware (that enables them to steal sensitive data more efficiently, while evading anti-virus software) or using generative AI tools to roll out more sophisticated phishing campaigns at scale, the technology looks set to have a massive impact on cybercrime. As an example of how significant AI’s impact has already been, SlashNext’s State of Phishing Report 2023 puts the 1 265% increase in phishing emails largely down to targeted business email compromises using AI tools.

For businesses, this increase in cybercrime activity comes with significant risks. Those risks do not just include the compromising of customer data either. Cyberattacks also come with reputational and financial risks and even legal liabilities. Therefore, organisations must do everything in their power to ready themselves for the onslaught of cybercriminals using AI tools. That includes ensuring that their own AI use is safe and responsible.

Massively enhanced innovation, automation, and scalability

Before examining how organisations can do so, it is worth discussing what cybercriminals get from AI tools. For the most part, it is the same thing as legitimate businesses and other entities are trying to get out of it: significantly enhanced innovation, automation, and scalability.

When it comes to innovation and automation, cybercriminals have built several kinds of AI-enhanced automated hacking tools. These tools allow them to, amongst other things, scan for system vulnerabilities, launch automated attacks, and exploit weaknesses without innovation. Automation can, however, also be applied to social engineering attacks. Whilst a human-written phishing email is more likely to be opened, an AI-written version takes a fraction of the time to put together.

All of that adds up to a situation where cybercriminals can launch many more attacks more frequently. That means more successful breaches, with more chances to sell stolen data or extort businesses for money in exchange for the return of that data.

Those increased breaches come at a cost. According to IBM’s 2023 Cost of a Data Breach Report, the average breach cost in South Africa is now ZAR 49,45 million. However, that does not take into account reputational damage and lost consumer trust. Those costs also do not account for the legal trouble an organisation can find itself in if it has not properly safeguarded its customers’ data and violated relevant data protection legislation or regulations such as the Protection of PersonaI Information Act or the GDPR.

Education, upskilling, and up-to-date policies

It is clear then that cybercriminals' widespread adoption of AI tools has significant implications for entities of all sizes. What should organisations do in the face of this mounting threat?

A good start is for businesses to ensure that they are using cybersecurity tools capable of defending against AI-enhanced attacks. As any good cybersecurity expert will tell you, however, these tools can only take you so far.

For organisations to give themselves the best possible chance of defending themselves against cyberattacks, they must also invest heavily in education. That does not just mean ensuring that employees know about the latest threats but also inculcating good organisational digital safety habits. This would include enabling multi-factor authentication on devices and encouraging people to change passwords regularly.

It is also essential that businesses keep their policies up to date. This is especially important in the AI arena. There is a very good chance, for example, that employees in many organisations are logging in to tools like ChatGPT using their personal email addresses and using such tools for work purposes. If their email is then compromised in an attack, sensitive organisational data could find itself in dangerous hands.

Make changes now

Ultimately, organisations must recognise that AI is not a looming cybersecurity threat, but an active one. As such, they must start putting everything they can in place to defend against it. That means putting the right tools, education, and policies in place. Failure to do so comes with risks that no business should ever consider acceptable.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

The impact of AI on security
Technews Publishing Information Security AI & Data Analytics
Today’s threat actors have moved away from signature-based attacks that legacy antivirus software can detect, to ‘living-off-the-land’ using legitimate system tools to move laterally through networks. This is where AI has a critical role to play.

Read more...
Managed security solutions for organisations of all sizes
Information Security
Cyberattackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Multiple IoT devices targeted
Information Security Residential Estate (Industry)
Mirai remains one of the top threats to IoT in 2025 due to widespread exploitation of weak login credentials and unpatched vulnerabilities, enabling large-scale botnets for DDoS attacks, data theft and other malicious activities.

Read more...
SABRIC Annual Crime Statistics 2024
News & Events Security Services & Risk Management Residential Estate (Industry)
SABRIC has released its Annual Crime Statistics for 2024, reflecting a significant decline in financial crime losses, but also warning of the growing threat posed by artificial intelligence (AI) in fraud schemes.

Read more...
Health, safety, and environmental eLearning
Training & Education Security Services & Risk Management
SHEilds is a global leader in health, safety, and environmental eLearning, delivering internationally recognised qualifications such as NEBOSH, IOSH, IEMA, and ProQual NVQs.

Read more...
See crime stopped in seconds
Products & Solutions Security Services & Risk Management
Fog Bandit, a leader in security fog, is bringing its instant crime-stopping technology to Securex Cape Town 2025. Experience the innovation trusted worldwide to protect retailers, warehouses, and high-value sites.

Read more...
Local-first data security is South Africa's new digital fortress
Infrastructure Information Security
With many global conversations taking place about data security and privacy, a distinct and powerful message is emerging from South Africa: the critical importance of a 'local first' approach to data security.

Read more...
Sophos launches advisory services to deliver proactive cybersecurity resilience
Information Security News & Events
Sophos has launched a suite of penetration testing and application security services, designed to identify gaps in organisations’ security programs, which is informed by Sophos X-Ops Threat Intelligence and delivered by world-class experts.

Read more...
SA’s private security industry receives multi-million USD investment
News & Events Security Services & Risk Management
South Africa's private security sector has attracted significant international attention, with the world’s largest tactical flashlight manufacturer, Nextorch, announcing a major investment in its local operations, Nextorch Africa.

Read more...
Kaspersky highlights biometric and signature risks
Information Security News & Events
AI has elevated phishing into a highly personalised threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.