Cyber criminals, some armed with the resources of a nation state, are ‘tooling up’ with AI to increase the sophistication and intensity of their attacks, the tech firm Microsoft warns. That’s by Paul Kelly, Director of the Security Business Group at Microsoft UK. He says: “This research outlines 52 billion reasons for organisational leaders to ‘fight fire with fire’. The same AI technologies can help leaders better secure their organisation and tip the balance back in their favour. AI has the potential to make your business and data more secure, but also, if a cyberattack were to occur, to lessen the impact on your bottom line.”
He was speaking to a report released by Microsoft with Dr Chris Brauer at Goldsmiths, University of London, titled; ‘Mission Critical: Unlocking the UK AI Opportunity Through Cybersecurity’.
The report points to work to be done, classing near nine in ten, 89 per cent of UK organisations as ‘vulnerable’ to cyberattacks. This includes 39 per cent who are in an even more precarious ‘At High Risk” state, based on self-reported performance against a new academic model of cyber resilience, as developed by the researchers. The report makes five points:
Support widespread adoption of AI in cybersecurity: Widespread facilitation of more rapid adoption of AI-enabled defences, while inspiring ever more creative cyber approaches among the nation’s security professionals.
Target investment: Investment must be prioritised and precise, with organisations encouraged to focus on buy-and-build configurations or off-the-shelf solutions.
Cultivate talent: The UK should use nationally incentivised skills programmes, on-the-job learning, and public-private partnerships with academic institutions to better cultivate UK talent. For its part, Microsoft announced a £2.5bn spend in data centres, AI skills and security in the UK late last year. But for the UK to unlock its true potential, the commitment to cyber security needs to be universal, the report argues.
Foster research and knowledge sharing: Continue to invest in public/private R&D partnerships while supporting entrepreneurs to innovate on AI’s frontier. Learnings from cyber attacks should form the basis of nationwide, cross-industry alliances for cyber preparedness, turning threat awareness into readiness and, ultimately, mitigation.
Support simple, safe adoption: Continue to work with business leaders across sectors — from healthcare to manufacturing, and from the military to finance — on simple, outcomes-based guidance, aligned to international standards, to encourage the safe and secure deployment of AI.
Dr Chris Brauer acknowledged that the UK has ‘phenomenal potential to lead the world in the use of AI – an unprecedented opportunity to supercharge our economy and transform our public services’. He said: “But that future must be built on secure foundations. To become an AI superpower, the UK must maintain its position as a cybersecurity superpower. With so many organisations shown to be vulnerable to cybercrime, our research surfaces both the urgency of the issue, and useful actions that leaders can take to boost the country’s cyber resilience.”
You can download the report at: Aka.ms/UKCyberOpportunity.
Comment
Matt Aldridge, Principal Solutions Consultant, Opentext Cybersecurity said the report findings were unsurprising given a rapid rise in cyber attacks on the UK public and private sectors. He said: “It is evident that industry needs to work together to fortify their defences and ensure robust cyber security systems in place.
“While it is great to see that the UK has been able to maintain its leadership position in cyber security and its position in international indices, the current efforts are not enough, especially in an age of rapid AI development. As there are only 13pc of organisations that are considered resilient to cybercrime, the UK’s AI ambitions, along with its goal to maximise economic growth in general, are in jeopardy. Strong cybersecurity needs to be seen as a baseline hygiene standard for doing business or operating an organisation in the current threat landscape. With more and more threat actors employing AI in their attacks, UK businesses must be able to defend themselves with advanced defence mechanisms. Without this, we can’t achieve global leadership in AI and we’ll risk our economic prosperity.
To facilitate responsible use and development of AI, both public and private sectors need to ensure they have clearly defined security policies and procedures in place to prevent and manage risks. It is also crucial that staff are properly trained, which underscores all effective cyber resilience and data protection strategies. Business leaders need to do everything in their capacity to ensure the technology is regulated, and the world is prepared for the wider use of AI. It’s encouraging to see that many security decision-makers recognise this issue’s importance. Collective and decisive action will be the only way for the UK to achieve its ambitions of being a technology superpower.”
Copilot
Meanwhile, April 1 is launch day for Microsoft’s generative AI (artificial intelligence) product Copilot for Security. Copilot is the firm’s ‘everyday AI companion’. At the business research company Forrester, Principal Analyst Jeff Pollard said: “Experienced practitioners will reap the most rewards from the capabilities Microsoft offers, and while it’s unlikely to identify threats SOC teams would miss, it does make investigation and response faster. The pay as you go model — a polite way of saying consumption pricing — will challenge already stretched CISO budgets, and it fits best for organisations already heavily invested in the Microsoft ecosystem of tools and technologies.
“According to Microsoft, Copilot will reduce the barrier to entry for those with different backgrounds and attract more and diverse talent into cybersecurity. Though LLMs [large language models] and generative AI may level the playing field and allow for accelerated security talent development, no amount of out-of-the box prompt books and guided response steps replaces fundamental security knowledge, skills, and experience. Expect continued investment in cybersecurity skills and training, mentoring, and job shadowing to remain a vital part of your talent management strategy. Also expect a fair amount of change management and training for even your most seasoned practitioners to take full advantage of Copilot.”
