- Professional Risk Insurance
- Private Clients
- Farms & Estates
- Commercial Clients
- Wholesale Insurance Broking
- Claims
- About
- Contact
- Log in
Log in
About us
Latest Insurance News
20.03.24
Cyber-threat Landscape – the impact of AI
Cyber-risk and liabilities update
The rapid growth of artificial intelligence (AI) is reshaping industries and revolutionising how people live and work. Its potential to propel scientific advances and bolster economic growth is apparent, but its implementation is not without significant risk. What’s more, the security risks associated with AI use are not yet fully understood, so the cyber-threat landscape could become more treacherous over time. Organisations should consider the following risks AI enhances in the cyber-threat landscape:
- Data poisoning—Cyber-criminals could “poison” the data used to train AI tools to influence the tool’s decision-making. Through corrupt training data, AI models may learn incorrect or biased information, which threat actors can exploit for malicious gains. Moreover, data poisoning could lead to a rise in stealth attacks—where manipulated training data creates vulnerabilities that are difficult to detect during the testing process but can be exploited later.
- Automated malware—Although AI tools have protections to prevent users from creating malicious code, threat actors are rapidly finding ways to overcome these. As such, natural language processing (NLP) tools such as ChatGPT could help threat actors create automated malicious software (malware) at record speeds. As these tools advance, the barrier for entry for malicious actors may lower; even those with entry-level programming skills may be able to create sophisticated malware, increasing the volume of successful compromises.
- Social engineering attacks—AI can already facilitate convincing interaction with victims, and the persuasive nature of these social engineering attacks may only deepen as this technology evolves. For instance, NLP tools can help criminals craft plausible phishing emails without the spelling and grammatical mistakes that ordinarily reveal them as spam. Additionally, snippets of a target’s voice can be used to train AI algorithms to create convincing deepfake attacks (eg mimicking a manager’s voice to trick an employee into revealing sensitive information).
- Enhanced reconnaissance—AI’s ability to quickly summarise data can help threat actors gather information, exfiltrate data and identify vulnerabilities quicker
It’s worth noting that AI has also brought about significant advances in cyber-security, particularly automated threat detection and response. Therefore, understanding the impact both AI’s merits and its potential pitfalls is crucial for organisations across all sectors.
Managing Cyber-threats in an uncertain economy
To combat cyber-risks in choppy economic waters, organisations can consider these practices:
- Have a plan. Cyber-incident response plans can help organisations establish protocols for mitigating losses and acting swiftly amid cyber-events. Successful plans should outline potential cyber-attack scenarios, methods for maintaining key functions during attacks and the individuals responsible for such functions. Organisations should routinely review their plans to ensure effectiveness and make adjustments as needed.
- Conduct training. Employees are often the first line of defence against cyber-attacks. That’s why organisations must make cyber-security training a priority. Cyber-security awareness training should include identifying phishing and malicious websites, password management, data protection and privacy.
- Purchase cyber-cover. Especially during an economic downturn, it’s imperative for organisations to have sufficient insurance. Companies should consider purchasing dedicated cyber-cover to ensure financial protection against cyber-losses.
Contact us today for more risk management guidance and insurance solutions.
The cyber-threat information provided by Zywave and contributed by Lisa Langley, Cert CII, Team Leader, Professional Risks, Cox Mahon Ltd.