“Let’s Fight Fire With Fire: Why Businesses Need To Harness GenAI Now” – Barracuda

By Mark Lukie, Director of Solution Architects, Barracuda APAC

As the Director of Solution Architects at Barracuda APAC, I find myself at the forefront of the fight against cyber threats affecting businesses in the Asia-Pacific region. I have seen at first hand the full cost to a business of containing, neutralising and recovering from an attack.

This theme is explored in Barracuda’s recent Cybernomics 101 report, which sheds light on the financial forces surrounding cyberattacks across the world, and the sobering reality of the cumulative costs businesses are forced to bear in this ongoing struggle.

According to the report, the average annual cost of responding to cybercrime for businesses with 100 to 5,000 employees, can be as much as USD$5.34 million – encompassing the myriad costs associated with the theft of IT assets, damage to infrastructure, operational disruptions, customer service impact, and more, arising from successful cyber compromises such as ransomware or phishing attacks.

This revelation underscores the urgent need for robust cybersecurity measures in today’s interconnected business environment. It’s not just about protecting data; it’s about safeguarding the fabric of our digital existence.

With this in mind, let’s take a step back and look at some of the trends contributing to this situation, and what businesses can do to mitigate risk and recover faster in this increasingly complex landscape.

1. Most ransomware victims pay the ransom

Ransomware, a persistent and evolving menace, takes centre stage in the report. Worryingly, 71% of respondents said they’d experienced at least one, if not more, ransomware incidents in the last year, with 61% admitting to paying the ransom. The average cost for the highest ransom paid for a single attack was US$1.38 million. it’s a high-risk strategy to assume that paying a ransom will get your data restored. Firstly, there’s no guarantee hackers will unencrypt data when a ransom payment is made, and even if they do, our earlier research shows that 80% of organisations that paid a ransom were attacked again.

2. Businesses underprepared for GenAI-enabled attacks

One alarming trend that the report highlights is the increasing availability of generative AI (GenAI) technology to hackers. As someone deeply immersed in the cybersecurity realm, this development raises significant concerns. Half of the security professionals surveyed in the report (50%) believe AI will empower hackers to launch more potent attacks, and only 39% feel confident that their security infrastructure is adequately equipped to counter GenAI-powered security threats.

3. The good news: We can fight fire with fire

The Cybernomics 101 report lays out a sobering reality facing businesses of all sizes in this region and across the world. However, it also highlights a glimmer of hope in the form of a subset of respondents it identifies as ‘High Performers.’ These organizations model best practice behaviours and security measures that successfully mitigate risks, vulnerabilities, and attacks. One commonality between these organisations? Their willingness to fight fire with fire.  For example, 61% of High Performers say they have an adequate budget to mitigate cyber risks and have a strong security posture compared.

With advancements in GenAI, cybercriminals will be able to attack networks faster, more cheaply and in greater numbers. The good news is that AI is also revolutionising the way we’re able to prevent, detect and respond to attacks, allowing businesses to fight fire with fire.

There are a number of best practices you can take to make it harder for cybercriminals, while helping to speed up your recovery time in the event of an incident.

1. Protect your emails from phishing attacks with AI detection to pre-emptively spot suspicious emails. AI sifts through vast data to uncover potential threats like malicious attachments or other known indicators of compromise, safeguarding your network.
2. Safeguard your web applications with continuous machine learning-powered web application firewalls. Even non-e-commerce sites are vulnerable to attacks like bot impersonation, API vulnerabilities, and brute-force assaults, necessitating proactive protection.
3. Bolster security with Zero Trust, which links user credentials to trusted devices, thwarting access even with stolen login details.
4. Strengthen your defence through targeted employee training and AI-driven simulations. Educating staff to identify phishing attempts coupled with AI-enhanced training can fortify resilience against evolving attack methods.
5. Establish regular, segregated backups of critical data, shielded with robust encryption and access controls to ensure swift recovery from ransomware attacks.
6. Deploy AI-powered security solutions like XDR for real-time detection and response to ransomware threats, drastically reducing detection times from weeks to hours.

7. Maintain up-to-date software and system patches to minimize vulnerabilities and enhance overall cybersecurity posture.

Conclusion

Barracuda’s Cybernomics 101 report underscores the significant impact cyberattacks can have on organisations—a blow that some may struggle to recover from. Cyber-resilience needs to be a top priority, especially as technology continues to advance, enabling hackers to harness the power of GenAI to amplify the efficiency and effectiveness of their attacks. What we must do in response is to be proactive in our approach to attack detection and prevention by harnessing this very same technology to significantly reduce the impact and cost of these attacks.