A new digital divide is threatening UK businesses, with those that fail to keep up with AI-powered cyber crime at risk of being targeted by would-be hackers.
In a newly-released report, dubbed the Impact of AI on cyber threat from now to 2027, the UK’s National Cyber Security Centre (NCSC) warned threat actors are “almost certainly” using AI to support existing tactics.
The use of AI tools by hackers spans a number of key areas, the agency warned, including vulnerability research, victim reconnaissance, the development of malware, and the use of AI to ramp up social engineering techniques.
“To 2027, this will highly likely increase the volume and impact of cyber intrusions through evolution and enhancement of existing TTPs, rather than creating novel threat vectors,” the NCSC stated.
It added that while only “highly capable state actors” will have the resources to build their own offensive AI models, the remaining groups – which make up the majority of threat actors – will make use of off-the-shelf AI models to “uplift their capability”.
When it comes to protecting against these threats, not all companies are on a level footing. The NCSC warned that “over the next two years, a growing divide will emerge between organizations that can keep pace with AI-enabled threats and those that fall behind”.
The agency didn’t expand on which businesses are most likely to be affected by the adoption of AI tools by threat actors, but said “a large proportion” would be more vulnerable.
AI-powered attackers aren’t the only risk
It’s not just malicious actors using AI that presents a risk, however. When businesses implement AI systems they increase the available attack surface, which is something organizations need to be aware of.
“AI technology is increasingly connected to company systems, data, and operational technology for tasks [and] threat actors will almost certainly exploit this additional threat vector,” the report said.
“Techniques such as direct prompt injection, software vulnerabilities, indirect prompt injection and supply chain attack are already capable of enabling exploitation of AI systems to facilitate access to wider systems.”
Ultimately, organizations using these systems need to ensure they keep as on top of their cybersecurity strategies here as they would anywhere else in the business.
MORE FROM ITPRO
-
Public sector IT leaders lament sluggish digital transformation progressNews Research from SolarWinds shows public sector transformation is progressing at a snail's pace despite IT leaders pushing for rapid improvements.
-
Why SAS is ringing the alarm bell on AI governance for enterprisesNews Demonstrating responsible stewardship of AI could be the key differentiator for success with the technology, rather than simply speed of adoption
