For me, AI's role in cybersecurity and fraud prevention is both revolutionary and challenging. On the one hand, it helps detect and prevent fraud through real-time monitoring, pattern recognition, and predictive models, enhancing traditional defences. On the other hand, AI also empowers attackers, driving 42.5% of fraud attempts in the financial and payments sector using tools like deepfakes and synthetic identities. And what makes the situation even more challenging is that many organisations lack AI-driven defences due to resource constraints. 

First, let’s talk about the new risks or vulnerabilities that AI is creating/revealing.

At this point, you’ve probably seen at least one example of a deepfake—a digitally created version of someone, usually famous, put in a video or image depicting an event, statement, or action that never happened. Dove illustrated the harm social media can present to young teenagers by using deepfakes in this advertisement. 

As the name suggests, this is AI creating an audio version of you to access your accounts. In one example, a journalist successfully accessed her bank account by recording her cloned voice.

According to the UK’s National Cyber Security Centre, prompt injection attacks are one of the most widely reported weaknesses in LLMs. Basically, it’s when an attacker creates an input designed to make the model behave unintendedly. This could involve causing it to generate offensive content, reveal confidential information, or trigger unintended consequences in a system that accepts unchecked input.

AI makes everything more efficient, including hacking. Think more phishing texts, spear phishing emails, and polymorphic malware. 

Some security experts are concerned that companies might be tempted by the cost efficiencies of using AI to create code and thereby expose themselves to problems caused by inherent weaknesses in the code. While human-created code isn’t always 100% either, for me, the issue is that since AI can generate a lot of code, the problem this creates is that the more code there is, the more potential there is for vulnerabilities.

One of the best things about the internet is also perhaps one of the worst- everyone has access to information, but its accuracy is debatable. We know that there is a lot of false information, and AI is compelling, so asking people to read what it generates with a degree of scepticism is unrealistic. While some of its “hallucinations” are humorous, its ability to shape history is not.

However, there is some light.

One of the primary ways AI can help is by identifying potential risks.

Some top use cases, as noted here, include:

• AI can boost the spam filtering capabilities of email and messaging applications and help unearth hidden links contained in QR codes and PDF files, among other phenomena. 
• Similarly, predictive analytics can help gauge impending attacks based on historical traffic patterns, such as distributed denial-of-service (DDoS) attacks. At a more advanced level, it can predict zero-day vulnerabilities based on heuristic analyses of system logs and output data to detect patterns that deviate from normal system behaviour.
• Beyond analysing user messages and data traffic, AI also empowers security teams to run automated real-time scans to pinpoint fake websites.
• With AI, you can strengthen through periodic reviews of access rules and permissions of all IT assets to ensure adherence to the principles of least privileges and detection of access blind spots.
• Most organisations use third-party software programs, which can carry inherent vulnerabilities. However, AI can scan the source code and executables, looking for potential security loopholes or malicious code signatures. 
• AI can automate routine security chores such as audits and security posture scoring.

AI can further assist if you are subject to a threat or breach despite all of your measures. 

It can

• Complete an analysis of the event to help your IT team understand what happened and the impact and origin of the incident.
• Automate responses by isolating affected systems, blocking any further malicious activity and helping to contain the issue. 

While in most organisations, the responsibility for cyber security rests with the CTO, I believe it is in everyone’s interest to be informed and aware of the risks and how to reduce the likelihood of a breach.

In addition to requiring all employees to complete cybersecurity training, I also recommend sharing resources with all.

These government-provided sites offer resources, and I like them because they are not trying to sell me something.

https://www.ncsc.gov.ie/guidance/

AI and cyber security: what you need to know

In other words, AI is both part of the problem and the solution. And I do not doubt that as the technology evolves and its use cases further diversify, we'll see the list for both get longer.

As with all security matters, the key is to be alert and prepared.

Don’t forget the basics.

With all the hype around AI, you would be forgiven if you overlooked the fundamentals.

This, however, would be a mistake.

These are internationally recognised guidelines around software security.  The guiding force is the nonprofit foundation Open Web Application Security Project (OWASP), and its ASVS project provides a basis for testing web application technical security controls and provides developers with a list of requirements for secure development.

Here at All human, our development approach incorporates secure coding practices guided by the OWASP standards, ensuring that security is integrated into the software development lifecycle from the outset.

None of us are strangers to passwords - you need them now for just about everything you might do online.  

At All human, we always recommend that clients employ both:

Role-Based Access Control (RBAC): ensures that only authorised personnel- and not the entire organisation- can access sensitive content or administrative features.

Two-Factor Authentication (2FA): 2FA provides an additional layer of security by requiring users to verify their identity using a second method beyond just a password. This significantly reduces the risk of unauthorised access resulting from compromised credentials.

Educating your employees about security best practices, such as recognising phishing attempts and using strong passwords, is also essential.

One of the more common ways to protect data is to distort it so that if it somehow falls into the wrong hands, it won’t make sense and be useless to them.

Implementing Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols is the easiest way to do this. These rules or codes of conduct ensure that the data while travelling through the internet, remains encrypted and incomprehensible to interceptors.

Most websites highlight that they have these protocols in place via this sign:

Of course, now that you have encrypted your data, you must have a way to unlock it.

Who better to explain key management than the people who know it best?

SSL.com describes key management as the comprehensive processes and infrastructure required to control cryptographic keys throughout their lifecycle. This includes key generation (creating new cryptographic keys using secure algorithms), key distribution (securely delivering keys to authorised entities), key use (employing keys for cryptographic operations like encryption), key storage (storing keys securely when not in use), key revocation (revoking compromised or obsolete keys), and key destruction (securely destroying keys at end of life).

Record everything - all events and transactions within an application - to establish a detailed account of system operations, security incidents, and potential vulnerabilities. 

This record will be your playbook and the source of information, acting like an early warning system should something be amiss. Regularly review your server and application logs for unusual activities and perform vulnerability scans with tools like Nessus or OpenVAS.

However, having a record is not enough.

You must also consistently monitor and review your data and what you record in your real-time logs. This way, you can stay one step ahead and be aware early on if something unusual happens that may signify security breaches, operational failures, or other significant issues. Tools like Intrusion Detection/Prevention Systems (IDS/IPS) will help you spot and respond to suspicious activities in real time.

The process of regularly updating applications to their latest, secure versions is known as patching. While typically intended to boost safety, everyone probably knows what happens when patching goes wrong. Earlier this year, CrowdStrike, a US-based cybersecurity technology company, released a series of patches. While the update was intended to bring minor improvements that customers would have barely noticed, it caused significant problems due to a logic error in the update software. The CrowdStrike update incident had a profound impact, affecting nearly 8.5 million Microsoft devices across various user groups., By some estimates, Fortune 500 companies lost $5.4 billion in the outage.

For me, it further reinforces the complexity of security.

Here are some quick tips from Peter Fogarty, Senior Sales Executive, Ekco.

• Schedule regular backups of your website and check their integrity periodically. Set up disaster recovery measures by replicating your production VMs to another location to ensure a quick recovery time if needed.
• Deploy a Web Application Firewall (WAF) to protect against common web attacks, and ensure your team is regularly trained on the latest security practices. 

Ensuring the security of your brand is an ongoing process that involves multiple layers of defence and regular maintenance. It's about taking a layered approach, educating employees, and staying vigilant. And it's about staying current with AI's potential in enabling and preventing cybercrime.