Microsoft: The UK is woefully unprepared for future AI cyber threats

Organizations in the UK that incorporated AI tools within cyber security practices are twice as resilient to attacks as those that don’t, according to new research investigating the impact of AI on security in the region.

The report from Goldsmiths University, in partnership with Microsoft, was based  on surveys of over 1,000 senior leaders at UK private and public sector organizations, including testimony from 200 senior security professionals.

Just 13% of UK businesses can be described as ‘resilient’ to cyber crime, according to the report, which found businesses that deployed AI-enhanced defenses were able to reduce the costs associated with a successful attack by 20%.

The research estimated that increased use of AI in cyber security could save the UK economy £52 billion annually, down from the £87 billion that cyber attacks currently cost domestic businesses.

Paul Kelly, director of the Security Business Group at Microsoft UK, said the financial impact alone should be enough motivation for companies to ‘fight fire with fire’ and integrate AI in their security strategies, just as threat actors are doing. 

“Cyber criminals, some armed with the resources of a nation state, are ‘tooling up’ with AI to increase the sophistication and intensity of their attacks. This research outlines 52 billion reasons for organizational leaders to ‘fight fire with fire’”, Kelly explained.

“The same AI technologies can help leaders better secure their organization and tip the balance back in their favor. AI has the potential to make your business and data more secure, but also, if a cyberattack were to occur, to lessen the impact on your bottom line.”

UK’s ‘AI superpower’ goals are contingent on security improvements

The British government’s ten-year plan for the UK to become a ‘global AI superpower’, announced in 2021, depends on organizations upping cyber resilience capabilities, according to the report.

The report showed business leaders in the UK recognize this fact, with 69% of decision-makers acknowledging that their organization will need to improve security capabilities to achieve the goal of international AI leadership.

In order to accelerate this shift, the report identified 5 opportunities for the UK to ensure its cyber resilience levels keep moving in the right direction, recognizing an ‘AI superpower’ must be a ‘cyber security superpower’.

The first opportunity is to further support the widespread adoption of AI in cyber security in a bid to inspire more creative approaches to using the technology to defend organizations.

Investment in AI needs to be prioritized and should be focussed on buy-and-build configurations or off-the-shelf solutions, the report added, and the UK needs to also invest in cultivating the talent to leverage these solutions.

The report raised nationally incentivized skills programmes, upskilling, on-the-job learning, as well as better public-private partnerships to help address skills shortages related to AI.

Finally, the UK needs to continue to work with business leaders across sectors and establish simple, results-based guidance that is in-line with international standards, to encourage the safe and secure deployment of AI.

How AI is already boosting cyber resilience

Goldsmiths and Microsoft’s findings demonstrated how AI enhanced security tools are already having a material impact on the cyber-readiness of organizations in the UK. 

Speaking to ITPro, founder and CEO at AI prompt management platform AIPRM, Christoph Cemper, said AI has helped the company stay on top of a wave of DDoS attacks targeting its servers.

“Our traditional security measures, like firewalls and monitoring systems, just weren't enough to effectively handle these sophisticated attacks. That's when we decided to start using AI to boost our protection, specifically neural networks”, Cemper noted.

“One big advantage of neural networks is their ability to analyze huge amounts of data and notice patterns that would be almost impossible for humans to catch on their own. For DDoS attacks, we trained these neural networks by showing them records of our past traffic patterns so they could learn to tell the difference between real users and attackers.”

Cemper reported the deployment was a success and allowed AIPRM’s security teams to dedicate more time to fleshing out a robust security strategy rather than having to constantly put out fires as they occur.

“Ever since implementing this AI-driven solution, we've seen a big reduction in how much DDoS attacks impact our systems. The neural networks keep learning and adapting to get even better at catching even the sneakiest DDoS techniques”, he explained 

“The automation from these AI models has let our security team focus more on proactive strategies rather than just constantly putting out DDoS attack fires manually.”