cyber attack
RS Risk Solutions Favicon

CYBER RISKS AND LIABILITIES MARCH/APRIL 2024

The Impact of AI on the Cyber threat Landscape

The rapid growth of artificial intelligence (AI) is reshaping industries and revolutionising hoe people live and work. Its potential to propel scientific advances and bolster economic growth is apparent, but its implementation is not without significant risk. What’s more, the security risks associated with AI use are not yet fully understood, so the cyber threat landscape could become more treacherous over time/ Organisations should consider the following risks AI enhances in the cyber threat landscape:

  • Data poisoning: Cyber criminals could “poison” the data used to train AI tools to influence the tool’s decision making. Through corrupt training data, AI models may learn incorrect or biased information which threat actors can exploit for malicious gains. Moreover, data poisoning could lead to a rise in stealth attacks, where manipulated training data creates vulnerabilities that are difficult to detect during the testing process.
  • Automate malware: Although AI tools have protections to prevent users from creating malicious code, threat actors are rapidly finding ways to overcome these. As such, natural language processing (NLP) tools such as ChatGPT could help threat actors create automated malicious software (malware) at record speeds. As these tools advance, the barrier for entry for malicious actors may lower, even those with entry level programming skills may be able to create sophisticated malware, increasing the volume of successful compromises.
  • Social engineering attacks: AI can already facilitate convincing interaction with victims, and the persuasive nature of these social engineering attacks may only deepen as this technology evolves. For instance, NLP tools can help criminals craft plausible phishing emails without the spelling and grammatical mistakes that ordinarily reveal them as spam. Additionally, snippets of a targets voice can be used to train AI algorithms to create convincing deepfake attacks (eg mimicking a managers voice to trick an employee into revealing sensitive information).
  • Enhanced reconnaissance: AI’s ability to quickly summarise data can help threat actors gather information, exfiltrate data and identify vulnerabilities quicker.

Its worth noting that AI has also brought about significant advances in cyber security , particularly automated threat detection and response. Therefore, understanding both AI’s merits and its potential pitfalls is crucial for organisations across all sectors.

 

Managing cyber risks in a down economy

The Bank of England previously warned there was a 50-50 chance of  a recession in Spring. Regardless, after experiencing several shocks over the past few years, the economy remains uncertain, making it wise for organisations to bolster their financial resilience and brace for change. An economic downturn could pose a variety of cyber risks for organisations of all sizes and sectors. Such risks include:

  • Limited IT spending abilities – In preparation for a recession, organisations may implement strategies to decrease spending and scale back certain operational costs. This could entail cutting IT expenses and , in turn reducing available cyber security resources. Consequently organisations digital defences will likely degrade, making them increasingly vulnerable to cyber incidents and associated losses.
  • Increased insider threats – Poor economic conditions could place employees in troubling financial situations, potentially pushing them to engage in illegal activities they otherwise wouldn’t. Crimes conducted by insider threats may involve sharing confidential company data, distributing workplace login credentials or providing digital access to essential business assets in exchange for payment, all of which could result in costly cyber losses for impacted employers.

To combat cyber risks in a down economy organisations can consider these practices:

  • Have a plan. Cyber incident response plans can help organisations establish protocols for mitigating losses and acting swiftly amid cyber events. Successful plans should outline potential cyber attack scenarios, methods for maintaining key functions during attacks and the individuals responsible for such functions. Organisations should routinely review their plans to ensure effectiveness and make adjustments as needed.
  • Conduct training. Employees are often the first line of defence against cyber attacks. That’s why organisations must make cyber security training a priority. Cyber security awareness training should include identifying phishing and malicious websites, password management, data protection and privacy.
  • Purchase cyber cover. Especially during an economic downturn, its imperative for organisations to have sufficient insurance. Companies should consider purchasing dedicated cyber cover to ensure financial protection against cyber losses.

Understanding Tailgating and Piggybacking

Tailgating and piggybacking are relatively simpler methods employed by cyber criminals to gain access to a business’s secure data or equipment. Although resources are often devoted to complex digital hacking methods, businesses should not overlook the threats of tailgating and piggybacking.

Tailgating can occur when a malicious actor sneaks in by following an authorised employee into a secured area. On the other hand, piggybacking is a type of social engineering tactic that occurs when a malicious actor tricks and authorised individual into letting them into a secure area. To prevent tailgating and piggybacking attacks, organisations should:

  • Implement access control systems (eg badge readers, alarms, sensors and biometric scanners) to help prevent unauthorised individuals from entering secure areas.
  • Utilise surveillance cameras to monitor who enters the premises and to act as a deterrent.
  • Install physical barriers (eg turnstiles and security gates) to provide a perceptible obstacle to potential intruders.
  • Educate employees on physical security threats, train them in prevention techniques and ensure they know how to report suspicious activity.
  • Conduct regular security audits to identify vulnerabilities.

Legal Specific Disclaimer:
The following information is not exhaustive, nor does it apply to specific circumstances. The content therefore should not be regarded as constituting legal or regulatory advice and not be relied upon as such. Readers should contact a legal or regulatory professional for appropriate advice. Further, the law may have changed since the first publication of this information.

Add to my favourites

Speak to us

RS Risk Solutions Logo

Related Articles

SUBSCRIBE TO OUR NEWSLETTER

Registered office: 2 Windsor Mews, Crown Drive, Heathfield, East Sussex, TN21 8FP. Registered in England and Wales, No. 11899365.

RS Risk Solutions Limited is authorised and regulated by the Financial Conduct Authority. FRN 843988

We are an independent insurance broker regulated by the Financial Conduct Authority and operate in the UK, predominantly in London and the South East, Surrey, Kent, East Sussex, West Sussex.

Quick Links

Policies

Get Support

RS Risk Solutions Logo

Request a callback

By providing the above information you consent to RS Risk Solutions Limited contacting you by any of the methods that you have provided details for. We will process this information in accordance with our privacy notice.

RS Risk Solutions uses cookies to monitor the performance of this website and improve user experience. To find out more about cookies, what they are and how we use them, please see our privacy notice, which also provides information on how to delete cookies from your hard drive.