Recent research from Microsoft and Goldsmiths has found an alarming 87% of businesses are unprepared for cyber attacks.
In a survey interviewing 1,039 senior business decision-makers and 1,051 employees across the UK, the vast majority lacked the tools and skills required to protect them against risk.
While cyber security should have already been a concern for businesses, it has taken a new precedence in the age of AI. Criminals are now using AI to increase the scale of their activities, further their social engineering attempts and launch sophisticated, targeted attacks.
If your business isn’t ready for this new era, you’ll be vulnerable. Businesses who fall victim to attacks face disruption, data breaches, fines and reputational damage.
We explain how businesses can best protect themselves against AI-powered attacks and get ready for this latest change within the threat landscape.
Why are businesses so vulnerable to AI cyber attacks?
With so many businesses exposed to cyber risk, the simple question is ‘why?’.
According to the Microsoft research, 35% of UK organisations are struggling to fill permanent cyber security roles. This leaves a significant resource gap, with organisations unable to provide a consistent level of coverage without the necessary skills.
It means that security practices may become laxer, especially without designated staff to maintain it and analyse risks.
To worsen the situation, many businesses haven’t adapted to recent changes.
Firstly, the pandemic led to the need for remote working. With businesses needing to move fast, security was deprioritised.
As a result, many organisations haven’t altered their security provisions adequately, leaving homeworkers susceptible to attacks. There’s also the rise of shadow IT, with staff using their own tools and devices to complete tasks that aren’t necessarily in line with internal policies.
On top of this, AI has exploded in the last few years, with many organisations unaware of the potential dangers and how to leverage it safely.
The rise of the Internet of Things (IoT) has also introduced many new potential entry points for attackers with organisations. IoT devices can often have weak security protocols, making businesses easier to target.
Finally, cybercriminals are constantly developing new methods and tools. The barrier to entry for attacks is lowering, with services like ‘ransomware as a service’ making it easier for even less skilled attackers to cause damage. AI has enabled this manipulation further, creating a potential tidal wave of attacks.
Fighting fire with fire with AI cyber security_
Following Microsoft’s findings, it’s recommended that businesses leverage AI to fight back against cyber criminals.
Speaking on the topic, Microsoft UK CEO Claire Barclay said: “Unless we arm ourselves with AI-enabled cyber defences that are stronger than AI-enabled cyber threats, it will be difficult, impossible even, for us to grow and, ultimately, thrive as a nation.”
The research predicts that AI in cyber defence could save the UK economy £52 billion a year.
Moreover, organisations that use AI-enabled cyber security are twice as resilient to attacks and suffer 20% less costs when attacked. Yet only 27% of UK organisations are using AI in their cyber security.
While AI in the wrong hands can exacerbate security issues, it can also make it easier to identify, prevent and recover from attacks.
Here are some other benefits businesses can expect to receive:
- Faster threat detection and response: AI can analyse vast amounts of data from network activity and does it much quicker than humans. This allows it to identify abnormal behaviour and threats faster. Businesses can then take preventative action before they’re impacted.
- Improved accuracy and efficiency: AI can sift through data to find patterns that might be difficult for humans to spot. This leads to more accurate detection of malicious activity.
- Automation of tasks: AI automates tedious and repetitive tasks associated with cyber security, such as scanning for vulnerabilities and patching systems. This frees up security professionals to focus on more strategic tasks and incident response.
- Continuous monitoring: AI systems can monitor your network activity 24/7, providing constant vigilance against potential threats. This is especially helpful as cyber attacks can happen at any time.
AI in cyber security is also becoming more commonplace.
Earlier this year, Microsoft launched Copilot for Security, the first generative AI security product. This marks the beginning of a trend that is likely to grow in the coming months, making AI more accessible for businesses wishing to strengthen their security.
Our tips for protecting your business_
So, now you know the risk facing your business, what can you do to protect it?
We’ve listed our top tips to keep you safe against AI-powered cyber threats.
1. Implement strong security practices_
Strong security practices are crucial to preventing successful attacks. Examples of provisions you need include firewalls, intrusion detection systems and data encryption. These will all safeguard your network and data.
If you want advanced protection, you might even consider setting up a cyber security operations centre. It’s a central hub for cyber security, with a team of professionals who continuously monitor systems for threats and respond to incidents to minimise damage.
A SOC is also extremely comprehensive. It provides 24/7 coverage to keep your network protected. The average SOC also receives over 1000 alerts a day. However, this also requires a lot of resource to set up and maintain, which is why many businesses choose to outsource theirs to external security professionals.
You should also consider using AI-powered tools where possible to support your efforts, like Copilot for Security.
2. Maintain software updates_
Updates are designed to address vulnerabilities within systems, as well as adding better functionality.
That’s why it’s recommended that you regularly update operating systems, software applications and firmware on all devices. Aim to keep on top of updates as soon as they’re announced, even if it means scheduling them outside of working hours.
Doing so will reduce the chance of weak points that attackers can exploit. It’ll also make sure you benefit from any new security features.
3. Make sure you have the resource you need_
Your security measures are only going to be as strong as the people behind it. You need employees with the right skills and the capacity to monitor your network and maintain best practices. If not, it will quickly be deprioritised.
However, with skills gaps in the industry, it can be a struggle to get this resource. Due to this, many companies opt to outsource their security to external experts. Alongside easing recruitment burdens, this can often be more cost-effective and efficient.
If you are considering outsourcing, aim to find a partner who is knowledgeable over the latest security measures (including the role of AI) and that you can rely on.
4. Control access_
In the hybrid working world, a common IT issue businesses face is access. You need to ensure only authorised people can get into your systems, and block anyone who shouldn’t have access.
If employees work remotely, implement secure methods for accessing company systems, such as multi-factor authentication and virtual private networks (VPNs).
You should also limit physical access to devices and servers to only authorised personnel, such as IT colleagues and engineers.
5. Security awareness training_
Your employees are your first line of defence. So, you need to make sure they’re educated on security matters.
Train employees to identify phishing attempts, social engineering tactics and other cyber threats. This is on top of other security practices, like strong password creation, safeguarding of data and use of non-authorised software or devices.
You should also set up processes where employees are encouraged to report concerns and suspicious activity. This will allow you to identify and respond to hacking attempts or other security breaches.
6. Have a response plan_
Despite your best efforts, incidents happen. You should develop a clear incident response plan that outlines how your organisation will respond to a cyber attack.
This plan should include steps for containing the attack, mitigating damage and recovering data. You’ll also need to communicate with customers and stakeholders if they’re affected.
Regularly test this plan to ensure it’s effective and ready to go, should the worst happen.
Get cyber security support_
We know an increasing volume of cyber attacks is concerning, especially with question marks still lingering over the role of AI.
Nobody wants their business to be negatively impacted, given the huge repercussions at stake. That’s why it’s crucial businesses prepare themselves now.
The cyber security landscape is also changing rapidly, making it hard to pinpoint the best practice for your business.
Recruiting the support of a cyber security consultant can help you to identify the right approach, while easing the burden of prevention and detection from your staff. You’ll benefit from up-to-date expertise, knowledge across security solutions and 24/7 support.
And when it comes to cyber security, Infinity Group are leaders.
Our expert team of consultants look at all areas of cyber security. Whether remotely or onsite, our team can help seamlessly mitigate cyber security risks using specialist technologies in line with best practise.
We can also help operate your SOC, without internal pressure on your resource, and find AI-powered solutions that offer you total protection.
Our Infinity UNBOUND: Get to Secure video series is a programme of bite-sized, expert-led sessions giving you practical advice to strength your security posture. Covering the current threat landscape and modern solutions to help, you’ll gain actionable guidance to protect your business.