Cybersecurity Awareness Month: Essential tips to stay secure with advanced AI solutions and beyond

Welcome to Cybersecurity Awareness Month, the time of year that cybersecurity experts get to be the stars of the moment, sharing information about new scams and risks, giving people the knowledge and tools to defend against cyber threats, strengthen their passwords, spot phishing e-mails, and avoid business e-mail compromises. Since artificial intelligence (AI) has left no area of information technology untouched, today I will explore how advanced AI solutions can counter advanced AI threats in these four areas:

1. Password safety.
2. Phishing.
3. Threats in your network and daily activities.
4. Protecting your networks and environment.

I know that sounds like a lot to cover, but I promise to make it interesting and fun!

Really!

But first, if you have learned just one thing about me, it is that I strongly encourage and support cybersecurity awareness because everyone—from your kids to your colleagues to your clients—benefits from knowing more about the evolving and tricky cybersecurity threat landscape. While people who are not in the field of cybersecurity focus year-round on things like teaching, saving lives, learning, and other incredibly important jobs, cybersecurity experts are working year-round too, figuring out how to protect the technology that our jobs and lives depend on.

Let’s dive in!

Eight-character passwords are so 1980s

You know I am always writing about how you need to keep your computers and data safe?  One of the best ways to do that is by using strong, unique passwords for each of your online accounts.

Think about this for a second: you have one key for your car. Do you use the same key for your house, office, bank, and safety deposit box?

No? So why would you use the same password for all your online accounts?

Now, factor in the very fast computers that cybercriminals can rent from AWS or Azure, computers that can crack six, seven, eight, nine, and even ten-character passwords in seconds. And as time goes on, AI will make their “job” even easier and faster, which is where advanced AI solutions will come into play.

Remember that strong, unique passwords are essential for:  

• Better personal security: A stronger password is tougher for hackers to crack. There are free tools available that can crack (i.e., uncover) simple passwords in seconds. A resourceful bad guy with off-the-shelf hardware rented from Amazon, Microsoft, or Google, can crack an eight-character password in under a second. Even with upper- and lower-case letters, and some numbers, an eight-character password is just too short. NIST recommends  a minimum of 15 characters for a truly strong password. Complexity—i.e., using upper- and lower-case letters, numbers, and special characters (like %*&?)—is no longer a thing you should do, but if you can mind your 6s and #s, don’t let that stop you from using them.
• Minimizing your risk: If one of your accounts gets hacked, the fact that you used a unique password for each one of your accounts means the others are still safe. Like with our door analogy, you have one lock for your car, one or two for your house, and a different one for the office. If you lose your car keys, your house and office are not compromised.
• Blocking credential stuffing: Criminal gangs are lazy. They hope you are too. They want the easy way into your bank account and wallet. One way they do that is to use stolen passwords from one site to try them on other sites. Unique passwords stop this kind of attack. It prevents one stolen password from compromising your online accounts. The criminals are thwarted! Their nefarious tricks won’t work on your accounts.

Now that I have you alarmed you, I can also assure you that there are many ways to get secure. One way is to use advanced AI solutions. With tools that leverage the force multiplier of AI, you essentially have a personal security expert on call 24×7, one that is good at:

• Identifying weak passwords: Advanced AI tools can scan your identity and access management tool (think Active Directory) to check your company passwords, point out the ones that are weak or commonly used, and let you know which ones need strengthening.
• Detecting potential breaches: Advanced AI solutions can monitor criminal websites for stolen credentials and dumps from data breaches and then alert you if your username and password are found online. Endurance is a hallmark of these solutions: they never sleep, never get tired, don’t give up, and have your back 24×7.
• Generating passwords: Some people struggle to come up with unique passwords, which is understandable. Advanced AI solutions can create strong, random passwords for you, so you don’t have to think about it. These tools will help you create a unique password for each account site, one that meets all security standards.

Read more: The spooky dangers of reusing passwords

No go phish with advanced AI solutions

On to phishing and how to defend against arguably the most prevalent and consistent attack method in the cyber criminal’s playbook: Phishing e-mails.

I know phishing attacks can sound technical, boring, or routine, but it is an enduring and popular attack strategy because it works. Every single day, Google, Microsoft, and other major security vendors block millions and millions of phishing e-mails.

Phishing e-mails are fake e-mails that cyber criminals send with the intent of tricking you into giving away personal information—like passwords or credit card numbers—by pretending to be someone you know or trust or respect. Common examples include an e-mail from your bank that claims there is an unusual charge on your ATM card or credit card, or from your e-mail provider (like Gmail or Microsoft) warning that your account is going to be closed. In both cases, they want you to believe that you must click the link they sent and sign in to what is ultimately a fake site.

Advanced AI solutions are getting very good at spotting these phishing attempts, quickly analyzing thousands, even millions, of e-mails and detecting patterns that indicate a phishing attack. For example, AI can look for AI-generated content, unusual conversation threads, spoofed domains, recently registered domains, or the way an e-mail is formatted and flag it as potentially dangerous.

Always STOP and THINK before you click to avoid falling victim to a phishing scam. Here are a few tips to keep in mind:

1. Red flags. Be instantly suspicious ofe-mails asking for personal or login information. Legitimate companies virtually never ask for sensitive information like your username, password, social security number, date of birth, mother’s family name, or other personally identifiable information (PII) via e-mail. Criminals are lazy; it costs them nothing to send out 10 million phishing e-mails asking for this information, and if just 1/10 of 1% respond, which amounts to 10,000 vulnerable people!
2. Check the sender’s e-mail address. Look for slight misspellings or unusual domains in the sender’s e-mail address like www.us8ank.com. Also, check the e-mail username of the sender; it might look like President@whitehouse.gov, but when you hover over the e-mail address, is it really Bob12334@gmail.com or JenPhisher@hotmail.com? If the address looks even a little fishy, it is phishing for your information.
3. Check the links! Scammers and criminals can make the link look legitimate, but if you hover over link with your mouse, you will be able to see where the link actually goes. For example, inspect these two links:
   1. www.google.com goes to Google.
   2. http://www.google.com goes to Yandex.ru
4. Turn on multi-factor authentication (MFA). Your username is your identity online and your password is your first authentication factor (something you know) and is a single factor for authentication. Adding a second factor, like something you have—your phone number, say—makes it significantly harder for criminals to break into your online accounts. This second factor—which is your phone receiving an SMS message with a code—adds an extra layer of security even if criminals steal your password. Up your protection with authentication devices, which are better than SMS. A FIDO2 compatible device is yet another option, and more secure.

If you don’t do anything else I suggest here, turn on MFA. You might think it’s a pain, but it is the way to make yourself a less attractive target for criminals.

But really, do everything I suggest.

But if you don’t, MFA.

Read more: Safeguard your inbox with Check Point Harmony Email & Collaboration security solutions

Patches are always in fashion: stay up to date and stay safe

On to number three on our playlist: patching your stuff, both software and hardware.

Think of your computer or smartphone like a house.

Just as you lock your doors and windows and keep them in good repair to keep out intruders, insects, and cold air, you need to secure your devices and keep them in good repair to protect against cybersecurity threats. One of the best ways to do this is by regularly updating your software.

Software updates often include patches that fix vulnerabilities that hackers can exploit. Imagine a door lock that a thief discovers they can easily pick with a credit card. A lock that is easy to pick is a vulnerability (check out the Locking Picking Lawyer on YouTube for examples of door locks you want to avoid).

When developers discover these vulnerabilities in software, they create patches to fix them. If you don’t install these updates, it’s like leaving a window open or an easily picked lock available for criminals to break into your house.

Now, keeping track of all these updates can be overwhelming, especially if you have multiple devices and applications. This is where advanced AI solutions can help you reduce risk and improve your cybersecurity posture. These AI solutions can automatically detect which software needs updating and apply the necessary patches with limited intervention on you and your team’s part. It’s like having a security robot that constantly checks your house for open windows and weak locks and then closes or replaces them for you.

For example, AI systems can scan your computer system and identify outdated software, both operating systems and applications, and prioritize updates based on the severity of the vulnerabilities in both platforms. AI tools can schedule updates during off-peak hours to minimize disruptions to your production environment. You still need to block out time for patching, but you don’t have to make that a task for your stretched IT team. Using these tools keeps your system secure and  ensures your company operations run smoothly.

By regularly patching your computer hardware and software, you can reduce the risk of cyberattacks by 50, 60, or even 70%. It is a simple and very effective way to keep your organization’s critical systems safe and secure.

Keeping your stuff patched makes you a much less attractive target for criminals and reduces risk for your entire organization.

Read more: Build a successful patch management program with these best practices

Trust AI to protect your networks and environment

With point number four, I will broaden the scope of our concern, because at this point you might be wondering, can advanced AI solutions help detect threats in your environment, or on the dark web?

No surprise, the answer is YES!

Let’s use a standard city as a metaphor for your company network. Picture that network as a bustling city with traffic lights, stop signs, divided streets, and highways, with security cameras helping the police officers who maintain order. In the same way a city protects its citizens from “run-of-the-mill” human threats—thieves, reckless drivers, vandals, etc.—your organization requires similar security controls to protect against cybersecurity threats. Enter advanced AI solutions, which can function as your digital police force and enforce the policies you have established for your company to follow. And in following your policies, AI can simplify threat detection in some pretty amazing ways.

First, advanced AI can monitor network activity in real-time, just like a police officer can monitor traffic on a highway and see who is following the law and who is speeding or driving erratically. Easily trained AI tools can keep a digital eye on all your network traffic with an eye toward anything unusual or dangerous.

A subset of AI, called machine learning (ML), can “learn” what is good traffic and what is bad traffic. Machine learning tools do not get tired, do not sleep, and can learn very, very quickly. Machine learning monitors in real time, which is crucial because criminals are constantly attacking your external assets looking for a way to break into your computers and systems. Criminals also constantly target your employees, trying to trick them into clicking on a malicious link. Cybersecurity attacks can strike any time, so you need a tool to monitor your network, external attack surface, and users to detect these criminals quickly.

Machine learning works by analyzing patterns in network activity and helps advanced AI solutions identify normal network behavior and compares it with malicious or potentially malicious network activity. As an example, if your AI tool detects a spike in data being sent to an unfamiliar IP address, it can flag the traffic as suspicious and fire off an alert. Imagine a state highway patrol officer on the side of the highway spotting a drunk driver. Only the officer of the law is not just at mile marker 5, it’s at every mile marker, always watching, always alert.

One of the most helpful aspects of AI and machine learning for your environment in terms of threat detection is the ability to detect unusual activity, or anomalies. Anomalies are red flags for you and your security team. Red flags signal something isn’t right and you need to investigate. If an employee’s account suddenly starts accessing sensitive files at odd hours of the day, your advanced AI tool can detect this anomaly and fire off an alert. It’s like having a team of ninjas watching your network, servers, and workstations looking for trouble before it fully manifests.

Another good example is how a bank monitors transactions to detect fraudulent activities. By analyzing transaction patterns, ML and AI can spot unusual behavior and alert the fraud team to spring into action.

Read more: AI in Cybersecurity: Navigating complexity in the digital age

Rest easier with advanced AI solutions working on your side

The constantly evolving threat landscape of cybersecurity can feel hopeless or overwhelming to a lot of people who might also feel like throwing in the towel rather than battle all these threats.

But have no fear, dear reader, AI can help here as well.

Let’s use a classic cybersecurity metaphor: a castle. This castle has your family and your most valuable treasures inside that you need to protect from Atilla the Hun or maybe some Viking raiders. Traditional defenses like walls and moats are great, but what if you had a team of super-intelligent, ever-vigilant guards and secret agents with eyes and ears at all the guard towers and walking around the castle grounds? These guards and agents can predict and adapt to new threats because they are connected to continuously updated data feeds. That’s what advanced AI solutions can do for your cybersecurity strategy.

AI and ML can make your defenses more proactive and not just reactive. Instead of reacting to attacks after they happen, a well-trained AI tool can predict potential threats by analyzing threat feeds from dozens of sources very, very quickly. It’s like having a person who reads and analyzes 100 newspapers constantly, every hour of every day.

Advanced AI solutions can show you where the next attack is likely to originate by identifying patterns in reported cybercriminal behavior, MITRE attack information, CISA alerts, ISAC threat intelligence, and alert you when suspicious activities are detected, but before they escalate into full-blown attacks.

AI can also help your defense strategies react more quickly by adapting and adjusting—shapeshifting, if you will—to different types of attacks before the attacks are documented, based on the indicators of compromise. With cyber threats constantly evolving, AI tools will learn from the information in their training data as well as from each new threat and update your defense strategy accordingly. This way, your cybersecurity controls will always be working to stay one step ahead of criminal gangs.

Another major bonus of advanced AI in cybersecurity is that it can easily automate routine tasks, an advantage over regular humans who might not like routine tasks, or get bored and skip a task, don’t immediately recognize an anomaly, or not really analyze a new threat or new IOC.

In the real world, businesses are already leveraging AI to future-proof their cybersecurity. For example, financial institutions use advanced AI solutions to monitor transactions and detect fraud, while healthcare providers use it to protect sensitive patient data.

AI is like having a team of tireless robots that easily executes and completes boring, routine tasks like patch management, threat detection, and cybersecurity response, freeing up your human experts to focus on more complex issues and making your overall defense strategy more efficient and effective.

For more information or to see how we can help secure your business, contact us today.