New NINJIO Report Provides Insights on Rapidly Growing Threat of AI-powered Social Engineering
New NINJIO Report Provides Insights on Rapidly Growing Threat of AI-powered Social Engineering
As cybercriminals increasingly use AI to launch more sophisticated and effective attacks, security leaders must adapt with new forms of training
隨着網絡犯罪分子越來越多地使用人工智能發動更爲複雜和有效的攻擊,安防領袖必須以新型培訓方式進行適應。
LOS ANGELES, June 19, 2024 /PRNewswire/ -- NINJIO, an industry-leading cybersecurity awareness training company, has released its latest report: "The CISO's Guide to AI-powered Social Engineering." With the rapid proliferation of AI applications such as large language models and deepfakes, cybercriminals have never had more tools to deceive and manipulate employees. The report covers how CISOs and other cybersecurity leaders can prepare the workforce for AI-powered phishing attacks, deepfakes, and other new cybercriminal tactics.
2024年6月19日洛杉磯/美通社——領先行業的"NINJIO"安全意識培訓公司網絡安全意識培訓公司已發佈了最新報告:"CISO的AI動力社交工程指南."隨着大型語言模型和Deepfakes等人工智能應用的快速增加,網絡犯罪分子從未擁有過更多的欺騙和操縱員工的工具。本報告包括安全領袖如何爲人工智能動力的網絡釣魚攻擊、Deepfakes和其他新的網絡犯罪策略做好員工準備。
AI has made it easier for cybercriminals to launch advanced social engineering attacks because they don't need advanced language skills or technical ability. Cybercriminals can produce convincing spear phishing messages at scale, carry out multi-level social engineering attacks with deepfakes, and use AI to conduct surveillance on potential victims. It's the CISO's responsibility to ensure that employees are aware of these tactics.
由於網絡犯罪分子不需要先進的語言技能或技術能力,因此人工智能使他們更容易發動高級的社會工程攻擊。網絡犯罪分子可以規模化地生產令人信服的釣魚信息,並用Deepfakes執行多級社會工程攻擊,並使用人工智能對潛在受害者進行監視。這是CISO的責任,確保員工意識到這些策略的存在。
"CISOs can't afford to be reactive when it comes to AI-powered social engineering," said Zack Schuler, Founder and Executive Chairman of NINJIO. "The threat is already here, and security leaders must remain one step ahead of ever-shifting cybercriminal tactics. The latest NINJIO report demonstrates how cybersecurity awareness training can adapt to the evolving cyberthreat landscape with real-world examples of AI-powered cyberattacks and individual behavioral interventions that will help employees address psychological vulnerabilities."
"當涉及到人工智能動力社交工程時,CISO們不能承受被動的態度。" NINJIO的創始人兼執行董事長扎克·舒勒(Zack Schuler)說:"這種威脅已經存在,安全領袖必須保持在不斷轉變的網絡犯罪策略的前沿。最新的NINJIO報告證明了安全意識培訓如何通過真實案例的AI動力的網絡攻擊和個人行爲干預來適應不斷變化的網絡威脅環境。"
There are three main takeaways from the report:
報告中有三個主要的要點:
1. AI has permanently changed the cyberthreats companies face.
1.人工智能已經永久地改變了公司所面臨的網絡威脅。
AI has reduced or eliminated the barriers to entry for personalized social engineering attacks. For example, phishing was already among the most common and financially destructive cyberattacks, and AI-enabled tools like LLMs and deepfakes will make these attacks even more effective. By enabling cybercriminals to create polished and personalized phishing content — and even follow up on this content with deepfaked "confirmation" communications — AI gives a more threat actors the ability to launch sophisticated cyberattacks that have a much greater chance of success.
人工智能減少或消除了定製化社交工程攻擊的門檻。例如,釣魚早已是其中最常見的和最具破壞性的網絡攻擊之一,而人工智能工具如LLM和Deepfakes將使這些攻擊更爲有效。通過使網絡犯罪分子能夠創建精細和定製化的釣魚內容,並甚至用Deepfakes跟進這些內容進行“確認”溝通,人工智能給更多的威脅行爲者提供了發動複雜網絡攻擊的能力。最常見的和最具破壞性的網絡攻擊之一。
2. Cybersecurity awareness training must adapt to the AI era.
2.網絡安全意識培訓必須適應人工智能時代。
Thanks to AI, it has never been more difficult for employees to distinguish between real and malicious content. Over two-thirds of successful breaches already involve human beings, and AI makes social engineering attacks even harder to detect. CISOs and other security leaders must help employees adapt to these changes by explaining real-world cyberattacks such as deepfaked robocalls and LLM-generated phishing messages. Employees can no longer rely on red flags like misspellings and other errors. They must be capable of identifying coercive language, a sense of urgency, and other signs of psychological manipulation.
多虧了人工智能,員工很難區分真正的和惡意的內容。已有超過的成功入侵攻擊涉及人類,而人工智能使社會工程攻擊更難以檢測。CISO和其他安全領袖必須通過解釋深度僞造電話和由LLM生成的釣魚郵件等真實世界關於網絡攻擊的實例,幫助員工適應這些變化。員工不能再依靠拼寫錯誤等紅旗信號。他們必須能夠辨別強制性語言、緊迫感和其他心理操縱的跡象。三分之二的成功入侵攻擊
3. CISOs must maximize the impact of cybersecurity awareness training.
3.CISO必須最大化網絡安全意識培訓的影響。
While the threat of AI-powered social engineering is intimidating for employees, the right cybersecurity awareness training can empower them to keep their organizations safe. Beyond concrete examples that demonstrate how much damage AI social engineering can cause and how these attacks can be resisted, security leaders must ensure that training is personalized and accountable. By developing unique behavioral profiles for each employee, security leaders can address psychological vulnerabilities and track performance across the organization.
儘管人工智能動力的社交工程威脅對員工來說有點令人生畏,但正確的網絡安全意識培訓可以讓員工掌握讓他們的組織保持安全的能力。除了演示AI社交工程能夠造成多大的破壞以及如何抵禦這些攻擊之外,安全領袖還必須確保培訓是個性化和可追溯的。通過爲每個員工開發獨特的行爲檔案,安全領袖可以解決心理脆弱性,並跟蹤整個組織的績效。
At a time when AI-powered social engineering attacks are surging, an organization-wide focus on preventing these attacks has never been more vital. To learn more about how security leaders can help employees adapt to the AI era, download the full report here.
在網絡犯罪分子發起人工智能動力社交工程攻擊的數量激增的同時,整個組織防範此類攻擊的意識也變得越來越重要。有關安全領袖如何幫助員工適應人工智能時代的更多信息,請下載完整報告。在此處下載完整報告.
About NINJIO
關於NINJIO
NINJIO is a cybersecurity awareness training company that lowers human-based cybersecurity risk through personalized and engaging training and phishing simulations. The NINJIO platform uses data on individuals' emotional vulnerabilities, learning styles, and security behavior to develop personalized learning plans that help organizations improve cybersecurity behavior. Our multi-pronged approach to training focuses on the latest attack vectors to build employee knowledge and the behavioral science behind social engineering to sharpen users' sensibilities around cybersecurity.
NINJIO是一家網絡安全概念的培訓公司,通過個性化和引人入勝的培訓和網絡釣魚模擬降低基於人的網絡安全風險。 NINJIO平台使用個人情感易感性、學習風格和安全行爲的數據來制定個性化的學習計劃,幫助組織改善網絡安全行爲。 我們的多管齊下的培訓方法集中於最新的攻擊方法,以建立員工知識和社會工程背後的行爲科學,以提高用戶對網絡安防-半導體的敏感度。
Press contact:
媒體聯繫人:
Tom Richards:
[email protected]
Phone: 805-864-1999
湯姆·理查茲:
[email protected]
電話:805-864-1999
SOURCE NINJIO
來源NINJIO
譯文內容由第三人軟體翻譯。