AI will increase cyberattack risk
AI is expected to increase the volume and impact of cyberattacks over the next two years, and heighten the global ransomware attack, according to a report1 published by GCHQ’s National Cyber Security Centre (NCSC). This has prompted NCSC to urge organisations to implement protective measures.
The report, ‘The near-term impact of AI on the cyber threat assessment’, says that AI is already being used in malicious cyber activity and its use will increase in the near term.
Among its conclusions, the report suggests that by lowering the barrier of entry to include novice cybercriminals, hackers-for-hire, and hacktivists, AI will allow relatively unskilled ‘threat actors’ to carry out more operations regarding access and information gathering. This, along with improved targeting due to the use of AI, will contribute to increasing the threat of ransomware, social engineering, and malware.
Ransomware remains the primary threat to UK organisations and businesses, as criminals are getting more adept at adjusting their business strategies to maximise profits. According to the National Crime Agency (NCA), it is unlikely that another form of cybercrime will overtake ransomware due to its financial rewards and established business model.
James Babbage, Director General for Threats at the National Crime Agency, stated, "AI services are lowering barriers to entry, increasing the number of cyber criminals, and enhancing their capabilities by improving the scale, speed, and effectiveness of existing attack methods."
In the UK, the AI sector currently employs 50,000 people and contributes £3.7 billion to the economy. NCA analysis suggests that cybercriminals have already begun developing criminal Generative AI (GenAI) and offering 'GenAI-as-a-service', making it accessible to anyone willing to pay.
NSCS CEO Lindy Cameron stated, "We must harness AI technology for its potential and manage its risks, including its implications on the cyber threat. The emergent use of AI in cyber-attacks enhances existing threats like ransomware, but does not transform the risk landscape in the near term."
She also commented, "We urge organisations and individuals to follow our ransomware and cybersecurity hygiene advice to strengthen their defences and boost their resilience to cyber attacks."
Security hygiene advice
Law enforcement does not encourage, endorse or condone the payment of ransom demands, as there is no guarantee you will get access to your data or computer, which will still be infected. As you are paying a criminal group, you are more likely to be targeted in the future.
The recommended approach is to implement a "defence-in-depth" strategy, which involves creating multiple layers of defence. This provides more opportunities to detect malware and prevent it from causing significant damage. It's also important to assume that malware will penetrate your organisation and to take measures to minimise its impact and respond quickly.
The NCSC has produced some top tips for staying secure online, which can be viewed by clicking here.
Actions to take include:
- Protect your email by using a strong and separate password
- Install the latest software and app updates
- Have 2-step verification
- Use a password manager
- Backup your data
- Use three random words to create a password that’s difficult to crack.
Talk to TMD
We would urge any business or individual to look at cyber insurance as an essential cover, given the prevalence and ever-increasing risk of cyberattack. To find out more and arrange cyber cover, please talk to TMD – our business is your protection.
Either call us on 01992 703 000 or email us at insurance@mcdonaghs.co.uk
Sources
1. ncsc.gov.uk: The near-term impact of AI on the cyber threat
ncsc.gov.uk: Global ransomware threat expected to rise with AI, NCSC warns
ncsc.gov.uk: Top tips for staying secure online
ncsc.gov.uk: Mitigating malware and ransomware attacks
ncsc.gov.uk: 10 Steps to Cyber Security