AI will increase cyberattack risk
AI is expected to increase the volume and impact of cyberattacks over the next two years, and heighten the global ransomware attack, according to a report1 published by GCHQ’s National Cyber Security Centre (NCSC). This has prompted NCSC to urge organisations to implement protective measures.
The report, ‘The near-term impact of AI on the cyber threat assessment’, says that AI is already being used in malicious cyber activity and its use will increase in the near term.
Amongst its conclusions, the report suggests that by lowering the barrier of entry to include novice cyber criminals, hackers-for-hire and hacktivist, AI will allow relatively unskilled ‘threat actors’ to carry out more operations regarding access and information gathering. This, along with improved targeting, due to the use of AI, will contribute to increase the threat of ransomware, along with social engineering and malware.
Ransomware continues to be the main threat facing UK organisations and businesses, with criminals becoming more efficient in adapting their business models to gain more profits. According to the National Crime Agency (NCA), it’s unlikely another method of cybercrime will replace it, due to its financial rewards and established business model.
James Babbage, Director General for Threats at the National Crime Agency, said: “AI services lowers barriers to entry, increasing the number of cyber criminals, and will boost their capability by improving the scale, speed and effectiveness of existing attack methods.”
In the UK, the AI sector already employs 50,000 people and contributes £3.7 billion to the economy. Analysis from the NCA suggests that cyber criminals have already started to develop criminal Generative AI (GenAI) and offer ‘GenAI-as-a-service’, making it available to anyone who is willing to pay.
NSCS CEO, Lindy Cameron, says: “We must ensure that we both harness AI technology for its vast potential and manage its risk – including its implications on the cyber threat. The emergent use of AI in cyber-attacks is evolutionary, not revolutionary, meaning that it enhances existing threats like ransomware, but does not transform the risk landscape in the near term.”
She also commented: “We urge organisations and individuals to follow our ransomware and cyber security hygiene advice to strengthen their defences and boost their resilience to cyber attacks.”
Security hygiene advice
Law enforcement does not encourage, endorse or condone the payment of ransom demands, as there is no guarantee you will get access to your data or computer, which will still be infected. As you are paying a criminal group, you are more likely to be targeted in the future.
The advice given is to adopt a ‘defence-in-depth’ approach, which means building up layers of defence, giving you more opportunities to detect malware and stop it before it does real harm. You should also assume that malware will infiltrate your organisation and take steps to limit its impact and speed up your response.
The NCSC have produced some top tips for staying secure online, which can be viewed by clicking here.
Actions to take include:
- Protecting your email by sing a strong and separate password
- Installing the latest software and app updates
- Turning on 2-step verification
- Using a password manager
- Backing up your data
- Use three random words to create a password that’s difficult to crack.
We would urge any business or individual to look at cyber insurance as an essential cover, given the prevalence and ever-increasing risk of cyberattacks. To find out more and arrange cyber cover, please talk to NLIG – our business is your protection. Either call us
on 01992 703 300 or email us at insurance@nlig.co.uk
Sources
1. ncsc.gov.uk: The near-term impact of AI on the cyber threat
ncsc.gov.uk: Global ransomware threat expected to rise with AI, NCSC warns
ncsc.gov.uk: Top tips for staying secure online
ncsc.gov.uk: Mitigating malware and ransomware attacks
ncsc.gov.uk: 10 Steps to Cyber Security