April 18, 2024

How to deal with cyber risk in the era of Artificial Intelligence

When most people hear about cyber-attacks, they imagine suspended monitors, ransomware demands, ransomware and DDoS attacks that disrupt connectivity for hours or even days. But some experts fear that with the advent of widespread artificial intelligence in the hands of hackers – both lone wolves and states – we may be entering an era of “cyber-physical attack.”

A few months ago, Chinese hackers broke deep into the U.S. cyber infrastructure to do serious damage. They attacked water treatment plans, the electrical grid, transportation systems and other critical infrastructure in the US.

All told, with the widespread emergence of generative artificial intelligence, concerns have grown that physical attacks will be the next phase of cybercrime.

There have even been simulations of cyberattacks in the lab that have ended in explosions. It has been possible to hack into computer-controlled pump motors and cause them to burn out. Attacks that cause temperature gauges to fail, jam pressure values and bypass circuits could also cause explosions under laboratory conditions. Such an outcome would bring much more than a temporary shutdown of the system, as is the case with a typical cyber-attack.

If a power plant is stopped by a typical cyberattack, it will come back online quickly, but if hackers cause it to explode or burn down, there will be no way to get it back online a day or two after the attack; it will take weeks and months because many parts of these specialized systems are custom-made, so downtime can be significant.

Technology, backed by artificial intelligence, can wreak havoc on physical systems. However, for such attacks to occur, three elements must be present: opportunity, opportunity, and motivation – and it is this last element that is the only thing stopping attacks.

Artificial intelligence could make it easier for someone who lacks the skills and patience to attack industrial control systems themselves. Hackers could use generative AI to create code for various controllers, and once a bad actor takes control of a controller, it can wreak havoc on industrial systems. And while industrial controls are difficult to hack, there is a real risk that artificial intelligence provides even inexperienced hackers with tools that can improve their attack.

Many industrial systems still rely heavily on legacy systems that have had poor security for many years. The advent of artificial intelligence makes it much easier to exploit these vulnerabilities. It is important to keep in mind that cyber-attacks using artificial intelligence can happen very quickly, and will be complicated to detect and mitigate.

However, we must keep in mind that the use of artificial intelligence does not only have negative consequences, but artificial intelligence also plays a key role in strengthening cyber defenses, detecting and responding to threats more effectively by analyzing vast amounts of real-time data and identifying malicious activity.

 

So, what should you do to protect your organization from the possible effects of cyber-attacks using AI?

Preventive measures are key here:

– regular security audits,

– penetration tests,

-verification of the functioning of technical as well as organizational solutions that have a direct impact on the security of the organization, information, data, ICT systems and devices.

These are standard methods. In addition to specific actions, the focus should be on strategy. Only a comprehensive approach to threat topics will make it possible to realistically counter threats.

It is also important to remember that in order not to be left behind, it is necessary to keep up to date with technical innovations and follow trends.

Hackers are constantly looking for new solutions, opportunities for attacks, so why shouldn’t we do the same? Because to defend ourselves effectively, it is first necessary to know the types of threats we face.

 

Photo: Unsplash

Read more:

NaviRisk’s Comprehensive Due Diligence for Business Partners in Far East

Companies are increasingly operating across borders, thus the complexity and scope of potential risks have grown. NaviRisk gives them a comprehensive background screening of potential business partners. One of the most critical applications of international, multi-juridical investigations is in the vetting process of potential business partners. Ensuring a business associate’s credibility and ethical standing has […]

One-stop whistleblower system from NaviRisk

Starting September 25, the provisions of the “Law on the Protection of Whistleblowers” go into effect in Poland. If your company has more than 50 employees, you have little time to implement the new regulations and choose a tool for receiving notifications! Our team in NaviRisk offers a simple and cost-effective technology solution that will […]

OSINT Passport: Comprehensive Digital Footprint Analysis of Your Organization

In today’s world, where the volume of data in the digital space is growing exponentially, open sources are crucial for more than just information. They also represent potential backdoors for data leaks, the creation of compromising materials, and the acquisition of a comprehensive picture of individuals or companies. NaviRisk offers a complete overview of an […]

CONTACT

NaviRisk Sp. z o.o.

ul. Huculska 5/6
00-730 Warsaw

+48 605 19 11 19 info@wearenavirisk.com

CONTACT FORM

Do you have any questions? Write to us!