Artificial Intelligence & Machine Learning , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development
Social Engineering Defenses in the AI-Enabled Attacker Era
Attackers Scale Up Automation, Use of Stolen Personal Data, Says Sharon ConheadyCriminal use of social engineering at scale continues to surge, as AI-driven automation and easy access to stolen personal information enables attackers to create ever-more sophisticated and tough-to-detect assaults, says Sharon Conheady of First Defense Information Security.
See Also: 2024 CISO Insights: Navigating the Cybersecurity Maelstrom
"Nearly every hack we see now has a social engineering aspect," said Conheady, a Black Hat Europe conference review board member in charge of the human factors track.
"When social engineering started out, it was kind of a nice thing. It was a fun thing. People got a bit of a kick out of it from our side of things," she said, referring to the research community.
All of that has changed, thanks to attackers' ability to combine automation and artificial intelligence-driven tooling with the inexpensive availability of people's stolen personal information to rapidly create very sophisticated and customized phishing campaigns and other schemes. "Now the sheer scale of it, the tools and technology that attackers have to support them, it's just off the charts," she said. "Eventually, it's always successful."
In this video interview with Information Security Media Group at Black Hat Europe 2023, Conheady also discussed:
- How and why the cybersecurity industry needs to be kinder, especially as criminals get "nastier and nastier";
- The inevitable tension between employees whose job it is to help people - such as help desk staff or hotel receptionists - and the need to defend against social engineering attacks against them;
- How technical controls can best be used to blunt attacks that include a social engineering component.
Conheady specializes in the human side of security and has socially engineered her way into dozens of organizations across the U.K. and abroad, including company offices, sports stadiums, government facilities and more.