Artificial Intelligence tools, although vital to businesses, have also heightened the risk of a company falling victim to a cyber attack.
That’s the view of two of the country’s leading cyber security experts – who are today speaking out to help reduce the soaring rate of incidents.
Marc Avery, CISO and Managing Partner of the Cyber Chain Alliance and Roy Shelton, the CEO of Connectus Business Solutions boast decades of combined experience in this area.
Yet both say the risk has never been higher from cyber terrorists – and that AI is creating new problems for security experts to solve.
Marc said: “In much the same ways as previous revolutions in technology, large language models and Artificial Intelligence (AI) more broadly, present fresh Cyber Security risks to consider. Since the Ancient Egyptians were using codes within hieroglyphics to keep their messages secret, we have founded security principles on trust. We limit access to sensitive things, only to those things that we trust, for example by sharing a unique key or code. However, when the keys are not physical, we look to rely on other things to build that trust; the familiar voice of somebody calling from a number we recognise, the face of somebody on a video call, a legitimate-looking email or the integrity of applications on our smartphones. The speed, sophistication and accuracy of AI leads us to question some of those things we previously trusted.
“Yet, the reality is that the time period during which attackers can conduct their reconnaissance on victims, compile their attack tools and launch a successful attack is now significantly reduced with the introduction of tools like ChatGPT. The process of attack is no different than it was before, but the tools, data and pre-compiled knowledge is far more widely accessible. Ultimately, this will require organisations to be more prepared for an attack and respond even faster when new vulnerabilities are announced. The race to defend ourselves before the attackers beat us has become more important.”
And Marc says this, in turn, has increased the importance for companies to accept there is an ever-increasing need to accept a cyber security cost exists in doing business.
He said: “In much the same way organisations budget for insurance, depreciation, and cost of goods or labour increases, organisations must also start to consider the cost of needing to protect information more diligently.
“For those organisations who consider themselves as consumers of technology, there is a need to ensure that appropriate measures are taken to protect the confidentiality, integrity and availability of important data or assets. With a continued increase in the number of organisations becoming the victim of attack, no matter what type of sector they are in, the threat of losing access to systems or customer data being exposed, the likelihood of being attacked is higher than ever.
“Organisations really need to consider how resilient they are against cyber-attacks. For those companies who are delivering technology services such as cloud service providers, software companies, manufacturers of tech-enabled products etc. they also need to recognise this increased likelihood of attack and consider how much they need to invest in their product or services to ensure that their customer data and systems is appropriately protected.”
And Marc said the post-pandemic environment makes this issue all the more important.
He said: “With the post-pandemic increase in online service adoption, more and more technology organisations are collecting large amounts of sensitive customer data and one data breach could impact the whole of their customer base. In a climate of increased attacks, it is more important than ever for service and product providers to ensure that they have recognised this important cost of doing business.”
Marc’s comments were echoed by Roy Shelton, the CEO of the Connectus Business Solutions (CBS).
Roy leads a team of the country’s most skilled experts in helping businesses prevent cyber attacks.
Revealing the three reasons he believes most companies fall victim, Roy said: “The first is naivety, and thinking a breach will not happen to them as they are too small to be impacted or targeted by a fraudster. They feel their data is not worth protecting, but when they realise they have employee’s personal information, customer information they become more concerned. It’s only when an attack or breach occurs and they are locked out of core systems (email, accounts, windows OS) or their unsuspecting accounts clerk has been a victim of phishing email do they panic and wish they had taken the advice given.
“Others fall victim because they turn down support on the basis they think it is too expensive to implement and they feel the loss would be less costly than the protection, which is totally ill-founded. Protection is so low cost these days and it’s not an excuse any more
“And the final reason we see, and one which is becoming more and more common, is that some businesses think it is too Intrusive to take preventive steps. They don’t want their machines ‘being spied on’. Yet basic education and awareness and tools are non intrusive; they run discreetly in the background proactively scanning for threats.”