There continues to be huge hype around advanced attack techniques using AI. Even though this is the new hot topic to talk about, old-school attacks continue to makeup the majority of what is a real threat to your organization. Darkreading posted about this HERE.
The summary of the post is automation and AI isn’t creating new attacks. Instead, it’s improving the classic attacks such as phishing and credential compromise. This means the classic defense concepts are also in play and should be your focus. Dark reading references the Cybersecurity and Infrastructure Security Agency (CISA) report that backs up this concept via this findings.
- Valid account credentials are at the root of most successful threat actor intrusions of critical infrastructure networks and state and local agencies
- Valid credential compromise combined with spear-phishing attacks accounted for nearly 90% of infiltrations last year
- Valid accounts were responsible for 54% of all attacks studied in the agency’s annual risk and vulnerability assessment
Check out the post and use this data when speaking about what your organization should be most fearful of. It isn’t the new shiny AI threat, its the classic attacks.