fbpx
Uncategorized

The 5 things you need to know about AI threats in Cyber Security for 2024

Following the Bletchley AI Safety Summit in November 2023, NCSC have assembled a fully-sourced report on the emerging and new AI threats to cyber security in the UK. The report outlines the key judgements that came from the summit and their contexts, and while we highly recommend reading the report in full, we understand that the overwhelming amount of information regarding AI can be intimidating. Here, we have provided the 5 most important takeaways from their report.

  • Expect an increased volume and impact of cyber attacks

AI has already significantly increased the capability of threat actors to commit cyber attacks, and will almost certainly increase the volume and impact of cyber attacks over the next two years. Hackers are already utilising AI to varying degrees, to speed up processes, try multiple types of attack all at once, and expand the reach and scope of their attacks across a single network. We recommend that cyber security professionals anticipate more frequent cyber attacks, and ensure they are putting the correct practises and policies in place to hold them off

  • Reconnaissance and Social Engineering will become more sophisticated

In the world of cyber security, the terms ‘reconnaissance’ and ‘social engineering’ are widely known and used. Reconnaissance refers to the research stage of a cyber attack. Before planning any actions, cyber criminals will mine information on their target network, including the services and versions in use, the network structure, and any valuable data available on users of the network. Social engineering refers to methods in which hackers will try to influence the behaviours of users, to make them more susceptible to their attacks. The most well-known types of social engineering are phishing emails, bait advertisements with enticing offers (e.g. free trials) and dummy user accounts to engage and interact with targets. AI provides a capability uplift in reconnaissance and social engineering, making these tactics more effective, efficient, and harder to detect. AI enables threat actors to interact convincingly with victims and create more convincing lure documents for phishing campaigns.

  • Less talent will be needed to become a successful cyber criminal

AI lowers the barrier for novice cyber criminals, hackers-for-hire, and hacktivists, enabling them to carry out effective access and information gathering operations without having sufficient experience in the field. This increased access will contribute to an increase in cyber criminal activity. Because of the lowered barrier, the NCSC predicts that AI is likely to contribute to the more ransomware threats over the next two years, due to being one of the more simple cyber attacks to implement.

  • The tech sector will capitalise on the need for AI-enabled cyber tools, catering to both cyber criminals and security professionals

Moving towards 2025 and beyond, the commoditisation of AI-enabled tools will lead to them dominating commercial markets. This means that AI-enhanced cyber tools will become more widely accessible. While this will further intensify the cyber threat landscape, there will be an equal and opposite growth in tools available in the cyber security field

  • Cyber defence teams will go through growing pains

AI will continue to innovate at a quicker and quicker rate, making it difficult for organizations to play catch up and ensure their defences are adequate enough to face cyber threats. Cyber defense teams will have to improve on how they assess the authenticity of emails or requests and how to identify phishing or social engineering attempts. Additionally, AI will accelerate the challenge of patching known vulnerabilities before they can be exploited, as reconnaissance becomes quicker and more precise, exacerbating cybersecurity challenges for both the government and private sector.

While these findings may paint a picture of doom and gloom, AI doesn’t mean the cyber security industry will fall apart. For every cyber attack AI assists with, it can also help in improving defenses and speeding up processes for cyber security professionals. One thing’s for sure – more and more businesses will seek to invest in cyber security from this year onwards.

If you’re interested in training as a cyber security professional, and learning about how to protect organisations from cyber threats, sign up for one of our cyber security courses today. We offer Level 2, 3 and 4 courses designed to give you all the skills you need to be a cyber security profession – apply today.

Author

Molly Forsyth

Leave a comment

Your email address will not be published. Required fields are marked *