Ai helps hackers in attacks. The expert indicates how a cyberstress can become

Yesterday, the world has circulated information about a non -ceremonial cyber attack on one of the most popular online payments in the world. Data on almost 16 million PayPal users were put up for sale, after a group of hackers boasted their acquisition on one of the online for online. This is one of the millions of incidents to which companies are exposed every day. We talk to Robert Ługowski, Cybersecurity Architect from Safesqr about how business can defend themselves against them.

Beata Anna Święcicka, “Wprost”: Information related to the attack on one of the largest online transaction operators was alarming because it concerns a giant, which at least by definition should have the best possible security. And yet he did not. Let’s start our conversation with the question: what does it look like, can a cyber attack look like?

Robert Ługowski, Cybersecurity Architect, Safesqr: Cyber ​​attack is often a well -thought -out operation, consisting of several phases: reconnaissance, access, escalation of permissions, movement of the network, data exfiltration or sabotage. In practice, this can mean a phishing e-mail with an infected attachment, which after opening installs malware. Then the attacker wins passwords, gain access to key servers, copy data or encrypts systems, demanding a ransom. Cyber ​​attack can be targeted (AFT), random or mass – its effects depend on the preparation of the organization and the speed of response.

What sectors are currently the most exposed to attacks and what can the potential effects of these activities be for society and the economy?

Critical infrastructure sectors are the most exposed: energy, water supply, health care, finance, transport and public administration. Their disturbance can lead to serious effects – from lack of access to electricity to the paralysis of hospital systems and disturbance in supply chains.

In the case of attacks sponsored by you, destabilizing activities – e.g. information manipulation, citizens’ data leaks or impact on democratic processes are also a threat. Financial, reputational and social effects can be huge.

And does not help in these attacks? Do, if so, how do cybercriminals use artificial intelligence to automate attacks, create advanced phishings and deepfakes? Does AI change the Cyberzagrovisation landscape?

AI allows automation and personalization of attacks on an unprecedented scale. Cybercriminals use language models to generate realistic phishing e-mails, automate the recognition of gaps in security, and also create deepfakes that can impersonate members of the board or opinion leaders.

What are the biggest challenges for companies in defense against attacks supported by AI?

This is primarily the speed of reaction, detection of anomalies in the sea of ​​data and counteracting more and more difficult to recognize manipulations. AI in the hands of criminals is a tool of mass disinformation and social engineering.

Therefore, the development of AI poses new risk of danger, including manipulation of information or the security of critical systems mentioned by you?

Of course. Along with the development of AI, challenges related to data privacy (e.g. biometric data processing), the risk of creating manipulated content (Deepfake, Voice Spoofing), as well as threats to industrial control systems.

AI can also be used to break the security in an unpredictable way.

That is why it is important that the development of AI -based systems is in line with the principles of so -called Responsible AI – i.e. transparency, auditability and compliance with data protection regulations.

However, we also have the other side of the coin – the development of AI creates opportunities to improve cyber security, even in anomalies detection, analysis of threats and automation of response to incidents.

Definitely yes. Artificial intelligence is also a huge ally in defense. SI systems can analyze real -time network movement, identify unusual behaviors and suggest reactions before an incident occurs.

Ai supports the so -called Threat Hunting, automates the classification of threats, and can even initiate reactions – such as account lock or machine insulation – without human participation. Solutions based on machine learning significantly reduce the time of detection and reaction to incidents, which in the realities of today’s threats is crucial.

How can companies use AI for the role of cyberstabler?

AI can act as a digital guard who 24/7 monitors infrastructure, reacts to threats and supports SOC (Security Operations Center) teams. For example, SI can analyze logs, identify unauthorized logins, detect sampling attempts or data encryption. It can also use correlations between events in various systems to indicate potential attacks hidden in the information noise. This approach does not replace people, but supports their action, shortening the time between detection and reaction.

So how do you turn the possibilities of AI into effective protection by creating a business strategy of cyber security? What will be crucial in it?

The most important foundation of an effective cyber security strategy is a comprehensive approach that integrates people, processes and technologies.

In the context of growing geopolitical tensions, perimeter protection is not enough. Organizations must build immunity – that is, the ability to quickly detect, reaction and reproduce operation of the incident. Key elements include: risk assessment (including geopolitical risk), identity and access management, network segmentation, strong incident response procedures, employee education and regular system resistance tests.

Cooperation with technological partners and participation in domestic and international initiatives of the exchange of information about threats (threat Intelligence Sharing) is also extremely important.

How does this strategy relate to the obligations of enterprises arising from the NIS2 Directive?

The NIS2 Directive significantly extends the scope of entities covered by duties. Companies from key and important sectors (Essential and Important Entities) will be required to implement technical and organizational measures adequate to the level of risk. The main obligations include: risk assessment, incident management, supply chain management, data encryption, ensuring continuity of action and reporting serious incidents within 24 hours. In addition, companies must appoint people responsible for cyber security and take into account high financial penalties for failure to fulfill their duties.

How do the new regulation affect purchasing processes and tenders in the IT sector?

The new regulations need to verify suppliers not only in technical terms, but also organizational and geopolitical. The contracting authorities must check that bidders meet certain cyber security standards, have appropriate certificates (e.g. ISO/IEC 27001), pursue the policy of incident and risk management. Increasingly, the tender procedures are criteria for the country of origin of software or hardware, which is related to the risk of so -called backdoors or sabotage. Cyber ​​resistance and transparency in the supply chain become strategic, not just technical criteria.

I will ask about an extremely sensitive supply chain and cooperation with digital service providers. What does this space look like in the light of new requirements?

The supply chain has become one of the main attack vectors – which was shown by loud incidents like Solarwinds or Kasey. Monitoring of the supply chain is a duty today – not just good practice.

Organizations must assess what data or services are transferred to suppliers, what security they have and whether they agree with applicable regulations. It is also important to establish clear contractual terms regarding security, conducting suppliers’ audits and maintaining emergency plans in the event of their inaccessibility. Cooperation with suppliers should be based on mutual trust, but also systematic verification.

So I have legislation, I have a cyber security strategy, and what about employees? How should companies prepare them for potential cyber attacks?

People are the weakest, but also the most important firefighter. The key is to build consciousness – through regular training, information campaigns, phishing simulations, as well as the introduction of simple rules: strong passwords, MFA, reporting incidents, not to be valid for suspicious links.

The management of the management is also important – because cyber security is not only an IT problem, but a strategic issue. Employees must know that they are part of a security team and have a real impact on the company’s protection.

Thank you for the interview.