CNI and AI concerns

by Mark Rowe

Most, 76 per cent of the UK’s critical national infrastructure (CNI) bodies have identified the use of AI to drive cyber threats as a security concern, according to a survey by a cyber security services firm.

Bridewell, surveying 521 staff responsible for cyber security at UK CNI in sectors such as civil aviation, telecommunications, energy, transport, media, financial services and water supply, also found 78pc of respondents are worried about AI-powered phishing attacks in which criminals use artificial intelligence to radically improve the accuracy and wording of their email lures, on a large scale. Criminals can also employ AI to complement basic coding skills, reducing the barrier to entry for exploits and enhancing the sophistication of their malware, the cyber firm suggests. These developments are why 78pc of respondents also said they have fears about:

Adaptive AI cyber attacks that constantly evolve their tactics;
AI-driven exploit development; and
Automated hacking using AI.

All of the AI-driven threats listed in the research are of concern to more than 70 per cent of respondents – including polymorphic malware which mutates with every infection. Some 73pc said they fear this emerging threat.

The study looked at how the CNI sector is using AI to combat the increased use of AI by cyber criminal groups. AI-driven exploits or techniques are not yet as effective as conventional cyber tactics, and businesses are able to use AI-focused tools to protect their systems and infrastructure, the firm points out. With its ability to analyse large datasets rapidly, AI can be a useful tool in detecting malicious activity in a system or network, spotting anomalies and suspicious behaviour, Bridewell says.

The research found current deployment of AI in cyber defences is in its early stages. Fewer than three-in-ten respondents’ organisations are using AI-powered threat intelligence platforms (29pc), AI-driven data-loss prevention (28pc), AI-enhanced endpoint protection (27pc), or AI-based phishing detection and prevention (27pc). Almost all (94pc) are, however, using some AI tools. Bridewell says that’s a trend certain to gain momentum as cyber threats escalate and become even more sophisticated.

Martin Riley, Director of Managed Security Services at Bridewell, pictured, said: “While we are at the early stages of AI-driven cyber attacks, concern among CNI organisations is not unfounded as the technology presents itself as a future threat. Businesses can prepare for the impending AI arms race by incorporating the technology into their cyber defence strategies. AI can be a force for good by helping CNI organisations to enhance threat intelligence capabilities and accelerate detection and response strategies.”

On the third and final day of the Infosecurity Europe show at London Excel, Thursday, June 6 from 1.45pm, Emma Leith, Director of Consulting at Bridewell is speaking on evolving cloud compliance standards.

Related News

  • Cyber

    Data in an AI system

    by Mark Rowe

    Joe Michael, Solutions Architect at enterprise AI product firm IPsoft, covers the key considerations for businesses when it comes to securing customer…

  • Cyber

    Connectivity will be networkless

    by Mark Rowe

    The future of connectivity is networkless, writes Thomas Quinlan, Director of Transformation Architecture at the cyber company Zscaler, pictured. As part of…

  • Cyber

    The crypto-crime model

    by Mark Rowe

    With the ability to generate a staggering $1.5 trillion in revenues every year, cybercrime is big business! It’s the perfect model –…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing