AI and cloud computing might sound like a complex combination, but the two technologies have long been present in our everyday lives. When we ask Alexa to set a 15-minute cooking timer, use Google Maps to find a new route around a traffic jam or, more recently, ask ChatGPT to write us a tricky Excel formula, weโre depending on a seamless interplay between AI and the cloud. But AI is also integrating into the cloud in far more advanced and mission-critical ways, tooโbringing both big benefits and risks along the way, says Ravi Bindra, CISO at SoftwareOne, the cloud and data services company.
AI balancing act: managing the positives and pitfalls
Organisations in industries like e-commerce, banking, and manufacturing are using the AI-cloud combo to automate proprietary production processes and decipher sensitive datasets. Big tech players like Google are leveraging it to improve operations through predictive analytics and anomaly detection. Even healthcare is becoming AI and cloud-reliantโresearchers are using AI to trawl millions of cloud-based pharmaceutical papers to spot patterns and uncover ground-breaking biomedical relationships, which may lead to life-saving drug discoveries.
Simply, AI-driven cloud computing is cascading into many aspects of business and life. But as our dependence on it increases, and it grows in accessibility and power, so too do the methods that cybercriminals use to exploit it. AI technology is providing hackers with new waysโfrom sophisticated phishing emails to deepfake videosโto catch us off guard. Letโs explore these growing risks, and how your business can protect itself.
The changing landscape
By 2025, it is estimated that cybercrime costs will reach about $10.5 trillion annually – a 300 percent increase from 2015 levels. The National Cyber Security Centre has already warned that malicious AI use will drive the threat landscape in 2024. In an environment where AI is increasingly weaponised and providing ever evolving โupgradesโ to hacker toolkits, it’s no wonder that spending on information security and risk management hit $188.1 billion in 2023.
This new, highly complex threatscape is largely down to AIโs ultra-advanced capabilities. The most obvious malicious tactics are those that rely on the generation of text for social engineering attacks. But this goes beyond phishing to the potential threat of rapid dissemination of malware techniques. Malicious actors can use AI to identify vulnerabilities in the cloud and create malware to exploit them. It can detect weaknesses and exploit security flaws far faster than human IT teams can react. It can even generate sophisticated malware that learns to avoid detection, making it nearly impossible for traditional anti-virus defences to combat.
Keeping pace in the threat race
Considering these risks, a big responsibility of business leaders in 2024 is to provide employee training on how to spot the โtell-tale signsโ of an AI-enabled attack. Up-to-the-minute knowledge of the latest tactics will go a long way in preventing malware and ransomware from slipping through the cracks undetected. But training is only part of the puzzle. Businesses need to also need to bring security and simplicity to their cloud operations. Steps include:
โข Implementing strong access management that follows the principle of least privilege. This means providing all users or applications with the minimum level of access they need, with multi-factor authentication required at each level.
โข Encrypting all data at rest and in transit. This will help unauthorised actors from accessing and deciphering sensitive information. Meanwhile, encryption keys that unscramble the data should be regularly changed and stored securely.
โข Regularly assessing vulnerabilities. Tools such as penetration testing will allow businesses to simulate real-world attacks that help highlight weaknesses in their cloud infrastructure that can then be shored up.
โข Adopting a cloud-native strategy. Cloud-based businesses should make sure they only use security practices and technologies that are specifically designed for cloud, helping to plug any legacy gaps and build security into applications from the ground up.
AI versus AI: cyber battle
However, strengthening the cloudโs infrastructure is no longer sufficient to safeguard its data alone. As cyber criminals ramp up the use of AI across a range of different attack vectors, businesses need to do the same. By harnessing AI for threat detection and to spot โout-of-the-ordinaryโ behaviours and patterns, businesses can stay one step ahead of criminals, better securing their security perimeter.
AI can particularly help to protect data across hybrid cloud. It can spot shadow data and look for data access abnormalities, instantly alerting IT teams about potential threats. AI can analyse and verify login attempts via behavioural data, allowing access to users who are behaving as normal and flagging or even blocking those acting abnormally or suspiciously. AI can even perform real-time threat analysis and post-action risk analysis. Then, IT leaders can set up automatic incident responses that speed up attack prevention and investigations for watertight cybersecurity. Additionally, AI also has a role to play in automating many standard and time-consuming security processes, reducing the risk of human error and improving efficiency of staff.
Securing cloud in an uncertain landscape
Recently, the UK and US signed a landmark deal to work together on testing advanced AI and assessing its threats. Itโs the first bilateral agreement of its kindโhighlighting just how seriously two of the worldโs most powerful countries are taking this new technology. Businesses therefore should too. As businesses commit more resources to the cloud, we must all use the most advanced technologies available to protect it. AI-powered security is the fastest, most adaptable, and most intelligent tool we have at our fingertips. And to make sure you have the right AI shields in your arsenal, itโs worth partnering with an expert enterprise software and cloud advice provider. This way, you can access either built-in or added-on AI security that safeguards your business throughout this next great technological revolution.
