cybercrime explained: fortinet talks about billions of threats a day, amped by ai
4 minute read
gordon phillips, vice-president western region, canada, of fortinet, in burnaby on sept. 18.
arlen redekop
/
png
the “threat map” that greets you at reception of cybersecurity firm fortinet’s metro vancouver hub is the easiest illustration for the layperson of cybercrime’s explosive growth.
high up on the wall, led streaks arc from location to location across a world map on a giant flat screen monitor showing the direction of detected threats: seattle to madrid; ashburn, va., to chennai, india. beneath the map, text of locations, threat type and type of organization targeted scroll by non-stop.
“it’s a live screen,” said fortinet vice-president gordon phillips. “you can see right now we’re analyzing, i don’t know, it looks like about 100,000 threats at this very moment across a whole bunch of different verticals globally.”
the map only shows a sliver of the billions of cyberthreats that fortinet’s webs of firewalls and systems are catching daily that are routed to the company’s operations centres, including metro, where they’re analyzed and dissected for defeat.
and their task is growing ever larger with the explosion of artificial intelligence that has amped up the capabilities of hackers and other bad actors.
phillips, the vice-president of the western region for canada, said fortinet’s metro operations have doubled over the last three or four years with almost 2,000 employees at a growing campus on still creek drive in burnaby and at the broadway tech centre in vancouver, including the company’s largest threat research team.
advertisement
“they’re the ones who deal with the malware (attacks) and hackers,” phillips said. “the number of threats we see is just growing exponentially.”
how big is the problem?
phillips said if anything keeps him awake at night, it’s the sheer number of attacks that are increasing daily.
“we had a day a few weeks ago where we hit seven trillion threats that our research team researched in one day, in one 24-hour period,” phillips said. “it’s incredible. i mean, a year-and-a-half ago, having this conversation, we thought the number of 10 billion was big.”
fortinet’s last cyberthreat report noted ransomware attacks have continued to be “a severe threat,” with attacks on manufacturers on the rise where criminals can interrupt production lines and extract larger payouts.
globally, the tech credentialing firm comptia cited an estimate that cybercrime’s costs, in payouts and losses to productivity, could top us$10.5 trillion in 2025.
how is ai making things worse?
“we see so many, so many threats now that are born from ai, that’s the biggest piece,” phillips said.
artificial intelligence’s large-language models give cybercriminals tools to research subjects, scour social-media posts and other online content to craft more-refined and more-convincing phishing attempts to lure victims, and do so in large numbers.
advertisement
“with ai, they’re getting really, really good at making sure the content is right, the grammar is correct, the link is very, very close,” phillips said.
hackers have also started making automated systems available that scammers can use to generate malware, and do so on a subscription basis like a lot of other software. instead of software as a service — saas in tech parlance — security experts refer to it as cybercrime as a service, or caas.
phillips said hackers make them available on the dark web through portals and mimic other ai programs with names such as wormgpt and fraudgpt.
“it’s very easy for people to become threat actors now,” phillips said. “it doesn’t require them to have the coding skills or the hacking profile from before.
“ai, from a hacker’s perspective, is a dream in the sense that they can do a much better job and a much faster job at engineering malware.”
fortinet’s metro operations have doubled over the last three or four years with almost 2,000 employees.
fortinet
how are cybersecurity firms using ai to catch the new threats?
fortinet wouldn’t be able to cope with the tidal wave of attacks crashing onto their firewalls daily without its own ai model, which phillips said the company has been developing for 13 years.
“obviously we use it on the other side (where) we can do a much better, much faster job on identifying, tracking and mitigating malware,” phillips said.
advertisement
he added that the company has its own “agentic ai,” automated security platforms with playbooks to handle certain threats that are triggered when they’re detected. the systems can make single analysts more effective in handling attacks when hackers engage in the favoured tactic of hitting an organization on a friday at 11 p.m. when nobody’s around.
“now, you can have a junior analyst respond aggressively to an attack because your playbook is leveraging ai,” phillips said.
what do individuals need to do to stay cyber-safe?
the buzzword in the cybersecurity industry that the ordinary computer users need to get used to is “zero-trust.”
that means constant vigilance, continuously verifying users on networks, only dealing with trusted devices and paying attention to anomalies in messages or requests coming in by email, even as they become harder to spot.
“probably 99.999 per cent of the time it is legitimate, but sometimes it’s malicious,” phillips said. “so identifying that, checking it out, notifying people that you know something new or something questionable is happening so that we can take action.”
share story
