Will AI threaten the role of human creativity in cyber threat detection? - Related to human, threats, creativity, today, cyber

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

With cloud infrastructure and, more in the recent past, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.

However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.

As adversaries exploit an ever-wider range of potential entry points — both new and. Old — security leaders must strike a balance to ensure that they’re capable of addressing all risks effectively.

Despite overwhelming hype, technology is not a panacea. It can’t replace human expertise in every domain, and AI alone can’t match the innately human qualities of intuition and creative thinking. Adversaries know this too, which is why the smarter — and much more dangerous — ones use a blend of human- and technology-powered tactics.

While major technical vulnerabilities tend to make the headlines. The reality is that the weakest link is almost always the human element. Almost all attacks involve a social engineering element, and despite the buzz around generative AI and deepfakes helping scale such attacks, it’s human-to-human interaction where the greatest risks lie.

Synthetic content is now all around us. And people are getting superior at telling it apart. Whether we get to the point when that’s no longer the case is a topic for another discussion. But for now, the most dangerous and effective social engineering attacks still depend primarily on human conversations, whether by phone, email or even in person. After all, a seasoned attacker can build trust and forge sham relationships in a way that no AI nor deepfake can match.

Cyber espionage remains a serious threat.

Take state-sponsored cyber espionage. For example. Highly trained social engineers are a far cry from the typical rabble of independent cyber crime rackets operating off the dark web, who tend to rely more on scale than targeting specific enterprises and. Individuals. These attackers may target data systems, but when it comes to their own arsenals, their talents in manipulation and deception are by far their greatest weapons.

Technology still has a long way to go before it can come close to matching the age-old tactics of spycraft.

When facing an attacker who can pose effectively as an internal employee or any other trusted individual. Someone relying solely on technology to mitigate the threat stands little chance of protecting themselves. That isn’t a technology failure. It’s a process failure, hence why the human element must always be a key factor in any cybersecurity strategy.

Of course. That’s not to say technology doesn’t have a vital role to play in bolstering your cyber defenses. It most certainly does, not least, because more and more routine threats are being automated or are carried out en-masse by attackers who are less skilled or experienced. The value of technology — especially AI-powered cybersecurity automation — exists primarily in its ability to free up time for security leaders to focus on the threats that technology alone can’t solve.

The majority of business data is now stored in the cloud, and. The percentage continues to rise. Many businesses, especially smaller organizations and startups, exclusively use the cloud for data storage and other IT operations. The rise of AI, given how computationally demanding it is, is further accelerating cloud adoption.

Nonetheless, cloud computing isn’t the best option in all situations. On-premises remains the preferred choice for high-performance workloads that require extremely low latencies. In some cases, on-premises computing is also the cheaper option, and that’s unlikely to change in the near future.

Even though more companies are migrating to the cloud. That doesn’t mean they don’t keep sensitive data on-site. For instance, edge computing, which brings data processing closer to where it’s needed, has become a critical enabler in certain use cases. Examples include smart energy grids, remote monitoring of industrial assets and autonomous vehicles. These include cases where you can’t always rely on internet connectivity.

The smarter and superior-funded adversaries aren’t just targeting cloud-hosted infrastructure. They’re also setting their sights on local servers and cyber-physical systems, such as industrial control systems and hardware supply chains. The fact that there’s often minimal collaboration between logistics, production and cybersecurity departments makes these risks all the more serious.

Ransomware remains one of the biggest threats targeting on-premises systems despite the small reduction in attacks over the last year. While cloud systems aren’t inherently immune from ransomware attacks, the vast majority target bare-metal hypervisors and local servers. In one recent case, the Akira ransomware group reverted to its earlier double extortion tactics, experimenting with different code frameworks to target systems running ESXi and. Linux.

Botnets are another growing concern as the number of IoT devices continues to soar. Used to launch distributed denial of service (DDoS) attacks spanning thousands of devices, these botnets primarily target unsecured IoT devices, like those that monitor and. Operate industrial machines and critical infrastructure. One recent investigation discovered that DDoS attacks against critical infrastructure have increased by 55% in the last four years. These attacks don’t directly involve the exfiltration of sensitive data, but given how they can cause widespread disruption, adversaries may rely on them to draw attention away from more serious threats.

As security leaders focus on locking down their cloud-hosted assets. They cannot afford to lose sight of the risks facing their physical infrastructure. Sometimes, the easiest way into the cloud is from within.

Even thin clients and dumb terminals — both widely used in high-security environments like healthcare and finance — can potentially give attackers a foothold in wider systems. Including cloud infrastructure and remote data centers. Edward Snowden proved that while working at the National Security Agency when he exfiltrated 20,000 government documents stored on the servers in NSA’s headquarters 5,000 miles away. He did so without using any advanced technology. While that happened way back in 2013, and the NSA has long since updated its physical security protocols, the risk is just as relevant today as it was then.

While most thin clients are now protected by multiple layers of security, including encryption and. Multifactor authentication, these solutions alone can’t fully protect against physical compromise. If an attacker gains access to a terminal — perhaps by way of social engineering — they may be able to compromise it using unauthorized peripherals or by directly manipulating the device’s firmware. This could give them access to the wider network, potentially allowing for the injection of customized malware that goes undetected by regular security scans.

IoT devices are another leading reason behind the expansion of attack surfaces. They often lack adequate security, also giving attackers a potential entry point into the broader computing infrastructures they’re connected to. The fact that these connected technologies are being rolled out en masse in areas like smart cities, critical infrastructure and transportation networks, greatly magnifies such vulnerabilities.

Ultimately, if an attacker is able to get past your physical safeguards, then these connected systems present far easier pathways to an organization’s so-called “crown jewels” than trying to break through multi-layered cloud defenses.

Cloud data is not always the true target.

Moving to another aspect, in other cases. Data hosted in the cloud might not be the attacker’s end goal. Many companies, such as those subject to stringent data residency regulations or that require high performance for real-time applications, still store their data on on-premises servers.

Some of these systems are air-gapped. Meaning they’re entirely disconnected from any other networks, including the Internet itself. While more secure than any cloud-hosted server, at least in theory, their security can’t be taken for granted. For instance, anyone with physical access to the servers may be able to compromise them, either maliciously or accidentally.

Physical security, such as CCTV and. Biometric security checkpoints, is as critical as ever in such cases. But it’s not just about protecting against intentional physical tampering. Indirect attacks orchestrated by highly skilled social engineers can also dupe unsuspecting employees into taking a desired action — such as lending them a biometric security access card.

These are not the sort of adversaries that usually work by email or use AI to scale their attacks – they’re far likelier to deceive someone in person. A tactic as old as humanity itself. In fact, the attacker could be anyone, such as a disgruntled former employee, a hacker operating in the interests of a rival enterprise or even a rogue state.

Bridging the gap between digital and human security.

Technology alone can’t protect an organization from the myriad threats out there, and neither can humans keep up with ever-expanding system logs and. Security information feeds if they’re relying solely on manual processes.

The reality is that you need both, starting with people and using technology to broaden their capabilities. A layered security strategy should typically start with locking down physical access to any data-bearing system or system that is connected to another.

The next layer of defense is the human one. This revolves heavily around security awareness training. But the reality is that many programs are ineffective, either because they lack practical application, are overly reliant on generic content or focus too much on technical factors that are beyond the target audience’s understanding.

Phishing simulations are often similarly limited in their scope, focusing on common lures like trending news topics. A sense of urgency or even outright threats. However, more sophisticated attackers tend to use subtler ways to elicit a response. This could be something as simple as sending messages about a routine policy revision regarding enterprise dress code or remote work guidelines. These topics might seem trivial, but they can pique interest, especially when they concern changes to daily routines and work-life balance. Attackers could then use this to dupe unsuspecting victims into divulging sensitive information via a sham survey.

Like any other security measure, physical systems and. Awareness training will only ever be effective if they’re tested regularly. That’s where physical red teaming comes in. Whereas red teaming in the context of IT focuses on technical measures like penetration testing, physical red teaming is all about having teams try to gain entry to restricted areas and. Systems. To do so, they might use a blend of simulated social engineering attacks and technology to hack into physical security systems. By attempting to bypass physical security barriers or impersonate staff, red teams can reveal gaps that might otherwise go unnoticed. That’s what makes them a valuable part of any comprehensive information security program.

Charles Owen-Jackson Freelance Content Marketing Writer.

Der von Sicherheitsexperten, Bürgerrechtlern und Apple selbst kritisierte Investigatory Powers Act (IPA). Den die britische Regierung überarbeitet hat...

Sicherheitsforscher warnen erneut vor gewieften Stealer-Apps, die es auf Android- und erstmals offenbar auch auf iPhone-Nutzer abgesehen haben. Die Sp...

Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was...

Will AI threaten the role of human creativity in cyber threat detection?

Cybersecurity requires creativity and thinking outside the box. It’s why more organizations are looking at people with soft skills and coming from outside the tech industry to address the cyber skills gap. As the threat landscape becomes more complex and nation-state actors launch innovative cyberattacks against critical infrastructure, there is a need for cybersecurity professionals who can anticipate these attacks and develop creative preventive solutions.

Of course, a lot of cybersecurity work is mundane and. Repetitive — monitoring logs, sniffing out false positive alerts, etc. Artificial intelligence (AI) has been a boon in filling the talent gaps when it comes to these types of tasks. But AI has also proven useful for many of the same things that creative thought brings to the threat table, such as addressing more sophisticated threat actors, the rapid increase of data and the hybrid infrastructure.

However, many companies are seeing the value of AI, especially generative AI (gen AI). In handling a greater share of creative work — not just in cybersecurity but also in areas like marketing and public relations, writing and research. But are these organizations using AI in a way that could threaten the importance of human creativity in threat detection?

Why creativity is key to cybersecurity.

Creativity isn’t just coming up with new ideas. It is also the ability to see things through a big-picture lens and. Discern historical data or where to find information you might not know you need to look for. For example, creative thought is required for the following security tasks:

Threat hunting or predicting a threat actor’s move or finding their tracks in a system.

Finding buried evidence in a forensic search.

Understanding historical data in anomaly detection.

Ability to tell a real email or document versus a well-designed phishing attack.

Verifying new zero day attacks and other malware variants found in otherwise unknown vulnerabilities.

AI can augment human creativity. But gen AI gets a lot of things wrong. people have found themselves in situations where AI claimed plagiarism on original work or AI hallucinations offered false information that nullified the research of human analysts. AI algorithms are also susceptible to bias that could lead to false positives.

AI’s role in creative cybersecurity and beyond.

While many creative people, cybersecurity professionals and beyond, see gen AI as a mixed blessing. Many embrace the technology because it is a huge timesaver.

“Gen AI can help prototype much faster because the large language models can take over the refactoring and documentation of code,” wrote Aili McConnon in an IBM blog post. Also, the article pointed out, AI tools can help consumers create prototypes or visualize their ideas in minutes versus hours or days.

Creativity married to AI can help identify future leaders. , two-thirds of corporation leaders found that AI is driving their growth, with four specific use cases — IT operations, user experience. Virtual assistants and cybersecurity — most commonly favored by leaders.

“A Learner will typically copy predefined scenarios using out-of-the-box technologies,” Dr. Stephan Bloehdorn, Executive Partner and Practice Leader, AI, Analytics and Automation-IBM Consulting DACH, was quoted in the study. “But a Leader develops custom innovations.”.

As gen AI becomes more ubiquitous in the workplace and as more creative folks and leaders rely on it as a way to put their ideas in motion, are we also relying on the technology to the point that it could lead to a degradation of other critical necessary skills, like the ability to analyze data and create viable solutions?

It is unclear if organizations are over-relying on gen AI, , Field CTO at SlashNext Email Security+. But it is becoming more of a designed feature due to unintended consequences related to resource allocation in organizations.

“While AI excels at processing massive volumes of threat data, real-world attacks constantly evolve beyond historical patterns, requiring human expertise to identify and respond to zero-day threats,” revealed Kowski in an email interview. “The key is achieving the right balance where AI handles high-volume routine detection while skilled analysts investigate novel attack patterns and determine strategic responses.”.

Yet, Kris Bondi, CEO and. Co-Founder of Mimoto, isn’t worried about AI leading to a degradation of skills — at least not for the foreseeable future.

“One of the biggest challenges for cybersecurity professionals is having too many alerts and too many false positives. AI is only able to automate a small percentage of responses. It’s more likely that AI will eventually automate additional requirements for someone deemed to be suspicious or the elevation of alert so that a human can analyze the situation,” Bondi mentioned via email.

However. Organizations should watch out for AI’s role in defining threat-hunting parameters. “If AI is the sole driver defining threat hunting parameters without spot-checks or audits. The threat intelligence approach could eventually be focused in the wrong area. The answer is more reliance on critical thinking and analytical skills,” revealed Bondi.

Embracing creativity in an AI-driven world.

AI overall, and. Gen AI in particular, are going to be part of the business world going forward. It is going to play a vital role in how organizations and analysts approach cybersecurity defenses and mitigations. But the soft skills that creative thought depends on will still play an essential and necessary role in cybersecurity.

“Rather than diminishing soft skills, AI integration has the opportunity to elevate the importance of communication, collaboration and. Strategic thinking, as security teams must effectively convey complex findings to stakeholders,” mentioned Kowski. “The human elements of cybersecurity — leadership, adaptability and cross-functional partnership — become even more critical as AI handles the technical heavy lifting.”.

Legaltech-Startups bieten ihren Kunden juristische Dienstleistungen an, die teil- oder vollautomatisiert sind und können so hocheffizient viele Fälle ...

“A computer can never be held accountable. Therefore a computer must never make a management decision.”.

Sicherheitsforscher warnen erneut vor gewieften Stealer-Apps, die es auf Android- und erstmals offenbar auch auf iPhone-Nutzer abgesehen haben. Die Sp...

Hacking the mind: Why psychology matters to cybersecurity

In cybersecurity, too often, the emphasis is placed on advanced technology meant to shield digital infrastructure from external threats. Yet, an equally crucial — and underestimated — factor lies at the heart of all digital interactions: the human mind. Behind every breach is a calculated manipulation, and behind every defense, a strategic response. The psychology of cyber crime, the resilience of security professionals and the behaviors of everyday customers combine to form the human element of cybersecurity. Arguably, it’s the most unpredictable and influential variable in our digital defenses.

To truly understand cybersecurity is to understand the human mind — both as a weapon and as a shield.

Peering into the mind of a cyber criminal.

At the core of every cyberattack is a human, driven not just by code but. By complex motivations and psychological impulses. Cyber criminals aren’t merely technologists. They are people with intentions, convictions, emotions and specific psychological profiles that drive their actions. Financial gain remains a primary incentive to launch attacks like ransomware. But some are also driven by ideological motives, or they relish the chance to outsmart advanced defenses so they can later brag about it in dark web forums.

Many cyber criminals share distinct personality traits: an inclination for risk-taking, problem-solving prowess and. An indifference to ethical boundaries. Furthermore, the physical and digital distance inherent in online crime can create a psychological disconnect, minimizing the moral weight of their actions. This environment enables cyber criminals to justify their behavior in ways they might not if they had to face their victims in person. Equipped with these psychological “advantages,” cyber criminals excel in social engineering tactics. They manipulate people instead of systems to gain unauthorized access.

Exploiting the human factor with social engineering.

One of the most powerful weapons in a cyber criminal’s arsenal isn’t high-tech malware but. The vulnerability of the human mind. Social engineering attacks, like phishing, vishing (voice phishing) and smishing (SMS phishing), exploit non-technological human factors like trust, fear, urgency and curiosity. And these tactics are alarmingly effective. A recent study from Verizon found that the human element factored into 68% of data breaches, underscoring the vulnerability of human interactions.

The mental fortitude of cyber professionals.

Defending against cyber threats requires more than solid technical skills; it demands resilience, ethical conviction and. A keen understanding of human behavior. Cyber professionals operate in a high-stakes environment and face unrelenting pressure. Mental resilience enables them to rapidly respond to breaches, restore security and learn from the incident.

Creativity and adaptability are also indispensable in cybersecurity. As cyber criminals constantly refine their tactics, security professionals need to anticipate these moves. They, too, must innovate by developing new countermeasures before an attack even occurs. Like a chess match, staying ahead of intruders requires ingenuity that goes beyond technical skills. The best security teams have the ability to see beyond conventional approaches and the courage to pioneer novel defenses.

Finally, ethics play a defining role. Particularly as security professionals are entrusted with sensitive data and powerful tools. Through misuse or negligence, these secrets and tools could cause substantial harm. Adherence to a strong ethical code serves as a psychological anchor, helping cyber pros to navigate the moral complexities of their work while prioritizing user privacy and security.

In a nutshell. Working as a cybersecurity professional is one of the hardest jobs on earth.

Building a psychologically aware cybersecurity strategy.

A truly effective cybersecurity strategy doesn’t just block attacks; it anticipates and adapts to human behavior. Therefore, aligning security measures with natural human tendencies can elevate an organization’s defenses significantly. This works superior than relying on people to remember overly complex protocols.

For instance, training and. Awareness programs that incorporate psychological insights are far more impactful than traditional “box-ticking” sessions. The principles of Nudge Theory, which employs subtle prompts to influence behavior, offer a potent alternative. Well-designed programs make secure behaviors easy, attractive and timely. This guides employees toward safer practices without the punitive undertones that can breed resentment and. Resistance.

Creating a culture of psychological safety within an organization can also encourage employees to address security concerns proactively. When people feel safe discussing potential threats and even mistakes, the early identification of risks and a collective commitment to security becomes second nature. This “human firewall” effect, where individuals collectively protect digital assets, strengthens organizational resilience.

Behavioral analytics: The fusion of psychology and. Technology.

User behavior analytics is where technology meets psychology in a powerful way. By analyzing behavioral patterns and detecting deviations, organizations can preemptively identify potential threats. This approach operates on the principle that individuals, even in digital spaces, follow predictable patterns. Behavioral analytics can detect anomalous behaviors — such as a sudden attempt to access restricted files or logins at unusual times — signaling a potential breach.

This combination of psychology and technology allows for dynamic. Adaptive security measures that can catch threats early, often before they escalate into full-fledged incidents. By weaving human insight into the fabric of digital security, behavioral analytics represents a major step forward in cybersecurity defenses.

Rethinking the rhetoric of cybersecurity.

The cybersecurity industry has long relied on fear-driven messaging to encourage secure behavior. However, experts argue that this approach, while effective in the short term, may actually discourage engagement in the long run. By using dramatic language to describe threats, the industry may be creating a sense of helplessness among the general public. Portraying cybersecurity as a field too complex and overwhelming for normal individuals to understand promotes failure.

Instead. Fostering a sense of civic responsibility can empower anyone to participate in cybersecurity efforts. When people understand that their actions contribute to a safer online community, they’re more likely to engage in secure practices. Reframing cybersecurity as a shared responsibility rather than a source of fear can transform public engagement with online security.

Bridging technology and psychology for a secure future.

Today. Cybersecurity is no longer solely a technical issue — it is a fundamentally human one. Security strategies must weave technology and psychology together to create a comprehensive defense that accounts for both system vulnerabilities and human behavior. Cyber criminals leverage psychological tactics to manipulate individuals. A deeper understanding of this will make security stronger. Meanwhile, cybersecurity professionals rely on their mental resilience, creativity and ethical fortitude to counter these threats.

From training programs based on psychological principles to implementing behavioral analytics, incorporating human insights into cybersecurity strategies leads to a more adaptive and. Robust defense. By embracing psychology alongside technological advancements, we can transform cybersecurity from a reactive discipline into a proactive. Resilient force.

Jonathan Reed Freelance Technology Writer.

In relation to this, in den Universal-Druckertreibern für PCL6 und Postscript von HP klaffen kritische Sicherheitslücken. Angreifer können dadurch Schadcode einschleusen u...

Microsoft has shared a workaround for customers affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 syst...

Die US-amerikanische IT-Sicherheitsbehörde CISA warnt vor jüngst beobachteten Angriffen in freier Wildbahn auf Schwachstellen in Linux, Apache OFBiz. ...