Among its many contested uses, Artificial Intelligence (AI) is arming cyber criminals anew. Nowadays, even the most inexperienced hacker has everything they need to wreak havoc across organisations right at their fingertips. Understandably, business owners are worried. But how much of the conversation around AI is scaremongering, and how much is of genuine concern?
How Cyber Criminals Are Using AI
According to the NCSC, every type of cyber threat actor is already using AI to some degree—predominantly, to go phishing.
Phishing—posing as a trusted entity to trick someone into handing over confidential information—has long been a favourite tactic of cyber criminals, and AI tools have made it even more dangerous. AI allows criminals to conduct reconnaissance on a massive scale, gathering publicly available information from your website and your employees’ social media profiles.
This data—ranging from geographical locations to organisational hierarchy, and even personal details like hobbies or recent social media announcements—can be used to personalise phishing attacks, making them far more convincing.
Generative AI (GenAI) enables criminals to produce far more phishing emails or messages in far less time, dramatically lowering the barrier to entry. In fact, AI has made it so easy that a criminal doesn’t even need to be anywhere near a computer to devise and execute an attack.
The Near-Term Future of AI and Cyber Crime
The impact of artificial intelligence on the small business cyber security landscape has been so profound that the 2024 Phishing Threat Trends Report by Northdoor even predicts that by the end of this year, nearly every phishing campaign will involve AI.
As well as being more frequent, the NCSC has also predicted that AI will make cyber attacks in the UK more impactful for businesses than ever before. But the outlook’s not all bad. As business owners become more aware and implement more effective defences, the frequency and success rate of these attacks are expected to decrease by 2025. So, how do you become part of those fighting back?
Fighting Bad AI with Good AI
While it can present significant challenges, it’s important to remember that AI can also be a powerful ally when it comes to preventing cyber-crime. When used responsibly, AI can be the ‘good’ AI battling the ‘bad’ AI—the Neo to your Agent Smith.
For instance, natural language processing (NLP) and understanding (NLU) are being used to flag linguistic markers of phishing in emails. AI tools can analyse emails for common phishing indicators, such as:
- Keywords in the subject line (e.g., “your,” “account,” “security,” “online,” “important,” “message,” “alert”).
- Unusual syntax.
- Overly urgent language.
This added layer of protection enhances your employees’ ability to spot potential phishing attempts.
AI is also crucial in detecting zero-day or emerging threats that might slip through traditional, signature-based detection methods. Machine learning algorithms can identify anomalous behaviours or unusual patterns in network traffic, flagging potential threats before they cause harm. This proactive approach is vital for small business cyber security, as it helps to mitigate risks before they escalate.
Proceed with Caution
You and your team play the most important role of all in ensuring the safety and security of your business. Even with AI cyber security tools in place, there are some best practices you should follow:
- Manage Your Online Presence Carefully
Be mindful of what you post online. Yes, it’s valuable to maintain an active and authentic online presence (because, ironically, a lack of evidence of actual humans at your company can make your business appear less credible), but you need to be cautious.
Over-sharing information about your business or employees can provide cyber criminals with the data they need to devise incredibly convincing phishing attacks. Encourage your team to be careful about what they share on social media, especially regarding their roles, schedules, or business activities.
- Implement Strict Protocols
Establish clear protocols for verifying the authenticity of communications, especially when it comes to financial transactions. For example, if someone receives a request to authorise a payment, they should always verify the request by calling the requester directly.
If you’re using AI tools in your business, develop and enforce AI usage policies to ensure that insiders aren’t accidentally leaking sensitive company information. Consider:
- Transparency and accountability: Ensure AI use is clear to relevant stakeholders and that there are clear lines of responsibility for AI-related activities.
- Verification of outputs: Have a human review decisions or actions, especially those involving financial transactions or sensitive operations.
- Employee training: Provide regular training on how to use AI tools responsibly and risks like over-reliance.
- Incident response protocols: Have a plan in place if AI malfunctions or is exploited.
Don’t forget to review and update these policies often to keep up with the evolving threat landscape.
- Educate Your Team
Education is ultimately the key to preventing cyber-crime. Regular training sessions can help your team learn to spot the signs of AI-driven attacks, like phishing emails or unusual communications.
Teach your employees to recognise red flags like unexpected requests, overly urgent language, or inconsistencies in communication. Simulation exercises can be particularly effective in helping employees practice their skills in a controlled environment.
Consider working with experienced IT support in London, Essex, or Hertfordshire to provide your team with the latest training and tools needed to stay ahead of cyber threats.
How Worried Should You Really Be?
So, how worried should you be about criminals using AI? The answer depends largely on your approach to small business cyber security. If you’re hoping the problem will go away if you ignore it, leaving your business exposed, then you should be very worried. The techniques available to digital criminals are becoming more sophisticated; AI and cyber-crime are on the rise, and more often than not, it’s small businesses that pay the price.
However, if you’re proactive—educating your team, implementing strong security protocols, and partnering with experienced IT support in London, Essex, or Hertfordshire—then you can dial down the concern. By taking action now, you can protect your business from the evolving threats posed by AI and move forward with the confidence to face those dangers that do come your way.
Virtual IT: IT Services and Digital Transformation Partners with A Cyber Security-First Approach
We’re partners with hundreds of businesses and schools across London, Essex, and Hertfordshire. We help them to profitably and sustainably grow with exceptional, secure-by-design IT services and solutions, delivered by a team of dedicated experts that you can count on.
Concerned about cyber security? By answering a few questions about your current measures, you can unlock recommendations based on any low-scoring areas. Then, we’ll work with you to improve your defensive posture. Get in touch with our team to get your Cyber Score Card today.
