Subscribe to our newsletter and stay informed

Check out our list of top companies

Check out our carefully compiled lists of the most relevant and impactful companies within their fields.

Check out our list of top unicorns

Read and learn about the biggest companies that various countries have produced, how they made it, and what the future looks like for them.
August 30, 2023

Cracking the Cyber threats: An interview with LogRhythm’s CISO Andrew Hollister

As cybersecurity threats increasingly take on new sinister turns, we find out how one company is taking the fight back

Cybersecurity is a top priority for businesses, large and small. A breach of any size can do irreparable harm to a company's reputation and its bottom line. In this interview, we explore strategies for building a resilient cybersecurity framework. We sit down with Andrew Hollister of LogRhythm, to discuss how AI chatbots are contributing to the new wave of sophisticated cybercrime and, more importantly, what can be done to prevent it. We discuss the role of AI in detecting threats and how businesses can advance security within their organizations.

LogRhythm are security information and event management (SIEM) solutions specialist. They provide log management, network and endpoint monitoring, and analytics to help firms detect, respond to, and mitigate cybersecurity dangers. Their platform aims to give organizations the knowledge and insight to identify and handle these threats.

Neil: How is generative AI contributing to the rise of sophisticated cybercrime, particularly in the context of phishing attacks?

Andrew: Generative AI is becoming faster and more accurate and this is transforming the ways that threat actors are deploying phishing attacks. What began decades ago as “pray and spray” email blasts designed to trick recipients into visiting malicious sites or giving up credentials has grown into a worldwide industry, and this is only accelerating with the rise in AI technologies. The evolution of AI is enabling threat actors to now engage with targets in more sophisticated ways to manipulate the conversation. Attackers can show generative AI tools a multitude of legitimate emails, then request it to create original phishing emails based on those examples. Natural language processing (NLP) allows the AI to create believable written content. This is changing the game when it comes to creating realistic phishing attacks.

Neil: Can you discuss specific techniques or strategies in which generative AI is employed in cybercrime activities and how it exploits vulnerabilities in security systems?

Andrew: Generative AI is employed to refine the tricks fraudsters have relied on in phishing scams of the past. We are seeing threat actors leveraging AI to write content that uses specific phrasing to create a sense of urgency. Generative AI can easily create content that provokes an emotional response with the goal of manipulating recipients into following a set of instructions. Even though this is a tactic already used in phishing attacks, using generative AI takes this to the next level with very little effort required from threat actors. Generative AI can correct imperfect spelling and grammar, both of which are commonly associated as signs of a phishing attempt. To take this one step further, it can mimic communication patterns with the intent to extort information from their chosen target. They can write text for specific audiences, for example, in a corporate tone, in line with spear phishing attacks.

Neil: Are there any tools, software, or actions that leave organizations particularly vulnerable to this form of cybercrime?

Andrew: With AI-based phishing attacks on the rise, organizations need to be aware of their biggest areas of weakness. Conducting regular phishing attack simulations is an important exercise for organizations to carry out, and those who fail to do so are missing out on an essential education opportunity. Through this activity, they can assess how well their users perform in identifying phishing attacks, and provide additional targeted training to help users operate more safely. Whilst many solutions for email filtering are available today, none are perfect, and the user will continue to be an important factor in defending the organization. Many organizations now operate hybrid working models yet lack a Bring Your Own Device (BYOD) policy. This means that if an employee’s device is compromised, attackers can gain access to sensitive data not only on that device but across the organization’s entire network. A lack of regular patching on employees’ devices can also leave organizations in a vulnerable position. Employees that fail to remove unused applications and plug-ins from their devices are also opening up opportunities for threat actors, giving them more angles to exploit.

Neil: What are the key challenges organizations and individuals face in spotting AI-powered phishing attacks, and why is it becoming increasingly complex?

Andrew: The use of generative AI is rewriting the rules when it comes to spotting phishing attacks. Many people associate phishing emails with poorly worded English and clunky phrases. The rise of generative AI has turned this on its head, with content distributed by attackers now sounding much more natural and genuine. This has the potential to trick people who are looking for the usual tell-tale signs of a phishing attempt. To add to this new challenge, AI powers rapid, intelligent responses to messages from its targets. It allows threat actors to respond in real time with deep-faked voice clips taken from real voice recordings. All of these factors contribute to the growing challenge organizations are facing when it comes to identifying and detecting AI-powered phishing attacks.

Neil: What tools or technologies should organizations and individuals utilize to enhance their cybersecurity defenses against AI-powered cyberattacks, specifically targeting phishing attempts?

Andrew: The most important line of defense against all phishing attacks remains the same – the user. It is vital that organizations streamline the education and reporting process of phishing attempts. This means all users must be aware of cybersecurity best practices and how to spot and remain vigilant to malicious activity. Users should always question urgent calls for action and verify the origin of the email. Beyond staying up to date with the latest warning signs associated with AI-generated phishing attacks, organizations should closely follow their information security program and ensure they have effective tools in place to analyze and mitigate these attacks. Sixty percent of organizations who experienced a ransomware attack did not have a security information and event management (SIEM) platform in place. Whilst the threats and threat actors change over time, doing the basics continues to offer a solid basis of risk reduction, and organizations should not be distracted from implementing the processes and technologies to deliver on that basic security defensive posture, which of course includes SIEM, as well as other technologies such as multi-factor authentication (MFA) and endpoint detection and response (EDR).

Neil: What are the future implications of generative AI in cybercrime, and how should organizations adapt their security measures to stay ahead of evolving threats?

Andrew: Generative AI will only continue to evolve and become more sophisticated. The hard truth is that there is no silver bullet for keeping your organization safe against attacks. Cybersecurity is an ongoing journey, not a destination. Keeping on top of evolving phishing threats requires the continuous evolution of defenses, and organizations must be prepared to invest an ongoing amount of time and money to remain secure. With this in mind, organizations must do more than just implement a solution. They must focus on achieving long-term cyber resilience where the basics are the staple of their security foundation. It is imperative that organizations stay informed on the latest phishing tactics and maintain a culture of security awareness across their entire organization. They should also be prioritizing essential measures such as security hygiene, patching, and backups. This then creates a strong posture that they can build on with the appropriate threat detection tools.

Neil Hodgson Coyle
Neil Hodgson-Coyle
Editorial chief at TechNews180
Back to top

Related articles

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram