EDITOR ’ S QUESTION

JOSÉ ARAUJO , CTO , ORANGE CYBERDEFENSE

In 2024 , EU member states will be required to incorporate the NIS2 directive into national legislation by October , requiring organisations in more sectors to establish a higher level of cybersecurity , resilience and comply with incident reporting lead times . As the first sanctions and charges are applied , we anticipate a turning point into elevating cybersecurity as a key focus in boardrooms .

Similarly , we foresee a potential turning point on Cyber Extortion ( Cy-X ) activity driven by joint government policy . In a year where Cy-X activity level was the highest ever recorded by Orange Cyberdefense ’ s Security Research Team , over 40 countries members

In the creation of malware , Generative AI will provide valuable assistance .

of the International Counter Ransomware Initiative have agreed a joint policy declaring that member governments should not pay ransoms demanded by cybercriminal groups . They also agreed a shared blacklist of wallets used by ransomware actors , commitment of pursuing actors responsible , amongst other initiatives . We are yet to see its impact on Cy-X statistics but anticipate this cooperation may damper the viability of the Cy-X ecosystem in the future .

Artificial Intelligence cyberattacks are evolving

While AI has long been used in cybersecurity , it was mainly used to detect weak signals in large volumes of data or mixed sources . The performance of the algorithms used has greatly improved , thanks to today ’ s storage and computing capacities . As such , results have changed the situation not only in terms of protection but also in terms of the ability of attackers to take advantage of it .

For phishing attacks , it will become increasingly complex to identify a fraudulent message by its form or content . AI enables attackers to write content in the victim ’ s language , without syntax or grammatical errors and , above all , by adapting to their victims . In the future , these attacks will take other forms , such as ‘ vishing ’ ( phishing carried out by telephone or voice message ), which is even more complex to combat .

In the creation of malware , Generative AI will provide valuable assistance . It puts legitimate capabilities designed for developers within reach of cybercriminals . If today these technologies are not able to replace expertise , they facilitate and accelerate the software implementation work . When it comes to implementing the exploitation of a newly discovered vulnerability , the risk of finding unprotected systems will be even greater . We must anticipate an increase in the use of this type of solution , especially since the level required to take advantage of it will become easier , as the reliability of Generative AI advances .

Finally , we are already seeing the impact of Generative AI on the increase in ransomware in certain geographic areas . Until now , many targeted countries were English-speaking . We must now prepare for real-time , high-quality machine translation capabilities , as well as automation of the early phases of negotiation using AI technologies that will make it possible to target a wider variety of countries .

32 INTELLIGENTCIO EUROPE www . intelligentcio . com