Artificial Intelligence is both a help and a hindrance in attempts to secure businesses. UC Advanced asked a number of industry experts for their views and insights – and the good news is organisations can fortify their defenses and stay ahead of cybercriminals – they just need to follow the advice. Here is what some of the industry’s leading experts had to say:
Fiona Whyte, Founder & Co-CEO, Endida:
“When it comes to data breaches, it’s no longer simply about the theft or seizing of data by an attacker; a rapidly emerging threat is around “data tampering” also known “data poisoning”.
“This is the covert injection of poisoned data or manipulation of existing data; this is particularly dangerous because companies increasingly rely on data to make informed decisions, and therefore, the integrity of that data is paramount, with tampered data often going undetected for long periods, it can cause serious impacts. A mere fraction of tampered data can have a disproportionate influence, particularly the data that feeds AI models.
“One of the most alarming evolutions of attacks that we are seeing is around Malware. The sophistication of Malware is evolving at pace, especially with polymorphic and metamorphic types. These types of malware can alter their code to evade detection, and this is where AI and machine learning are critical to producing proactive responses to their types of attacks.
“We are also seeing a constant rise in the number of CVEs (Common Vulnerabilities and Exposures) released each week. CVEs are publicly disclosed identifiers assigned to a specific cybersecurity vulnerability. Currently, the average number of new CVEs reported each week is around 28, and it’s expected to rise to over 500 each week by 2025. Security teams that don’t update their cybersecurity platforms with these new CVEs could find themselves constantly exposed.”
Tim Freestone, Chief Strategy and Marketing Officer, Kiteworks:
“Hackers are utilising advanced technologies like AI and machine learning to automate attacks and evade detection. The proliferation of connected devices, cloud services, and remote work has significantly expanded the potential entry points for these threats.
“Compounding the issue is a shortage of skilled cybersecurity professionals, making it challenging for organisations to keep up with the ever-evolving threat landscape. Additionally, many employees still lack sufficient cybersecurity awareness, leaving room for human error.”
David Jani, Content Analyst, GetApp UK:
“Our findings show there are some areas of concern regarding the threats of phishing and inadequate password management practices affecting remote and hybrid employees.
“These factors, however, affect all businesses no matter their workplace set-up, and whilst hybrid companies may not have the same direct oversight over business devices, primarily in-person companies shouldn’t be complacent either.”
Stephan Robineau, Executive Vice President, Network Business Division, Alcatel-Lucent Enterprise:
“Enterprises today face a number of challenges in protecting their corporate data against the threat of cybersecurity attacks. Firstly, since COVID-19, working patterns continue to evolve. Employees continue to work across offices and remote locations, demanding connectivity to platforms and applications on the corporate network from anywhere and at any time with watertight security.
“Secondly, it only takes one unsecured device or application on the corporate network to compromise data secured on that network – and the increase in the number of devices, including a surge in IoT devices, on the corporate network is putting organisations at risk.
“The use of new devices and applications brought on by ‘shadow IT’ is almost inevitable in an organisation as employees adapt to digital transformation programs, many of which promote the use of IT by non-IT staff. Easy-to-use and set up technology that offers business benefit to individual departments is brought on board often without thinking of letting IT know.”
UC Advanced: How is Artificial Intelligence affecting the Cyber Security industry?
Fiona Whyte, Founder & Co-CEO, Endida:
“Attackers are harnessing advancements in technology such as AI and Quantum computing as powerful weapons. Phishing attacks are still the number one delivery method of Malware, and AI is being used to craft more convincing and personalised messages by employing machine learning algorithms to generate content that appears legitimate and tailored to each recipient.
“AI is also playing a growing part in identity theft attacks where attackers are investing more in AI to optimise their attack strategies; these types of attacks allow cybercriminals to just “log in” rather than having to hack into a system which is challenging itself as it makes it very difficult for security teams to distinguish between legitimate users and legitimate users.”
Stephan Robineau, Executive Vice President, Network Business Division, Alcatel-Lucent Enterprise:
“AI has the potential to take network monitoring and management to the next level. By monitoring activity on the network, it is capable of understanding and detecting any abnormalities before the IT team even notices a fault, providing a much better experience for users.
“It is early days for the technology, but AI is primed to transform network management: providing a new level of assurance that network operations are working smoothly and data on that network is secure. It also frees up resources to focus on other more strategic tasks.”
Andy Syrewicze, Security Evangelist at Hornetsecurity:
“The rise of Generative AI has permanently changed the cybersecurity threat landscape for businesses in the UK. A race has emerged between malicious actors and cybersecurity specialists who are both using the power of AI for opposing reasons.
“Cybercriminals, armed with sophisticated AI tools, can now target organisations at an unprecedented pace by automating attacks and adopting new strategies to bypass traditional defences. The progression of malicious versions of widely used large language models (LLMs) such as DarkBERT and WormGPT has led to a rise in phishing attacks over the past year.
“Research from Hornetsecurity has found that nearly half of UK businesses have been victims of a cyberattack, showing the need for cyber professionals to fight back and utilise AI to enhance their threat detection, response, and mitigation offerings.
“On top of developing practical detection and defence packages, many providers are also utilising AI to create comprehensive solutions that include proactive threat detection, pattern recognition, and behavioural analysis, which give organisations the ability to identify cyber-attacks with increased accuracy and speed. They also produce AI-based solutions focused on educating employees and increasing awareness of the potential look and feel of AI-powered cyber-attacks.
“This approach, partnered with traditional technical defences, will help organisations to establish a secure and robust security culture to ensure they stay protected from developing attack methods.”
UC Advanced: What effect has Hybrid Working had on Business Security?
Tim Freestone, Chief Strategy and Marketing Officer, Kiteworks:
“The shift to a hybrid workforce model has introduced new cybersecurity challenges. Employees using personal devices and home networks, which often lack the robust security measures found in corporate environments, expand the attack surface and complicate IT teams’ ability to maintain visibility and control over data access.
“Home routers and public WiFi networks are prime targets for hackers seeking to gain access to corporate networks. The blurred lines between work and personal life in a hybrid setting also increase the risk of sensitive data being accessed or shared inappropriately.”
Fiona Whyte, Founder & Co-CEO, Endida:
“Undoubtedly, the evolution of remote working has created a new threat landscape. Computers and networks have had to evolve at a rapid pace to facilitate the new Modern Workplace, which could be a user’s home, a public space or a shared office.
“One of the biggest advancements is the widespread adoption of Cloud services; this means that the traditional network security of a perimeter-based outer layer of protection around the outside of your network does not necessarily apply now.
“Remote workers and Cloud-based applications mean that your network technically spreads far and wide and therefore can be hacked at many different points with hackers often using valid credentials to blend in with normal user activity, making breaches harder to detect.”
Kevin Williams, Technical Director, GAIN LINE:
“The more people’s lives become digitally based, the more data there is at risk of being targeted as part of cyber security attacks. This is both for customer-facing systems as well as internal ones; anything that stores personal details needs to ensure it has the right protection and processes in place to ensure its safety.
“As a large amount of the workforce has moved to a hybrid or remote working model, cyber security becomes a more difficult problem to manage for businesses. No longer are employees sat at a desk connected to a network within an office; they are able to access the systems to conduct their roles from anywhere. This then opens up gaps in processes which can no longer be adhered to, it can be a challenge to manage an individual’s access when they are sat in a coffee shop rather than within an office.”
Simon Langdown, co-founder of ERP implementation business, Essenkay:
“Hybrid working is becoming a new “normal,” with employees embracing the flexibility of working from home and the office. In my opinion, hybrid work does not create more of a cybersecurity threat; it just creates another opportunity for bad actors to exploit an organisation’s security.
“The biggest threat, as usual, would be the human factor in the hybrid working equation. The security blanket of working from the office would be gone, and cybersecurity threats could come from working on personal devices or unsecured networks. An employee working from home may be less likely to identify phishing attacks or similar security threats that may be encountered.”
UC Advanced: How can Businesses overcome these threats?
Kevin Williams, Technical Director, GAIN LINE:
“Businesses can look to overcome these challenges by ensuring that all of their processes are reviewed and updated to cover remote-based working. There may be additional tools put in place for all employees to ensure they are protected whilst working remotely, from using a VPN to protect their connection to enabling Multi-Factor Authentication with the systems that they log into.
“Businesses can look to secure their network by reviewing the correlating and tools they have set up for managing this. They should look to validate this by applying for Cyber Essentials and Cyber Essentials Plus certification or taking this further by looking at ISO 27001.”
Tim Freestone, Chief Strategy and Marketing Officer, Kiteworks:
“Ensuring a secure network requires a proactive, defence-in-depth approach. Multiple layers of security controls, such as firewalls, intrusion detection/prevention systems, and virtual private networks (VPNs), form the foundation of a robust network infrastructure.
“Regular vulnerability scans and penetration testing aid in identifying and addressing weaknesses before attackers can exploit them. Implementing network access control (NAC) ensures that only authorised devices and users can connect to the network. Continuous network monitoring and log analysis are essential for detecting anomalous activity and potential threats. “Investing in advanced threat protection solutions that leverage AI and machine learning is crucial for identifying and blocking sophisticated attacks. Regularly updating and patching all network devices, operating systems, and applications is necessary to close known vulnerabilities.
“Multi-factor authentication should be mandatory, and data encryption should be employed both in transit and at rest. Investing in secure content collaboration platforms with granular access controls, data loss prevention, and integration with existing security tools is also essential.
Simon Langdown, co-founder of ERP implementation business, Essenkay:
“An organisation needs to strengthen its defence measures and monitoring systems in an environment of hybrid working. As well as the basic security practices we discussed above, Microsoft often talks about a “Zero Trust” security strategy, which means having an approach of “Never Trust, Always Verify.” This means protecting the organisation by granting access to systems based on continual verification of identities, devices and servers.
“However, as the human element is a big area of weakness, the education of the hybrid workforce is massive in combatting threats. Give your staff instructions on what to look out for using phishing simulations or introduce programs that will create a more cyber-aware workforce. As usual, your people are the key to most things in your organisation.”
Andy Syrewicze, Security Evangelist at Hornetsecurity:
“As software and hardware systems become increasingly complex and interconnected, the likelihood of undiscovered vulnerabilities grows. This provides more opportunities for malicious actors to exploit weaknesses in IT systems. With threat methods becoming increasingly advanced and AI-powered attacks often being unpredictable – these attacks can strike with little warning.
“Not only does this highlight how much AI has developed in the past few years, but it also shows the importance for organisations to be proactive and adaptive in their approach to cybersecurity to protect their data and employees and stay one step ahead of evolving threats. All businesses, regardless of sector, should ensure regular software updates, strong password management, and ongoing user education.
“Ultimately, empowering employees with the knowledge and skills to recognise potential cyber threats through effective, continuous security awareness training is crucial to building a sustainable security culture.”
Stephan Robineau, Executive Vice President, Network Business Division, Alcatel-Lucent Enterprise:
“Generally, to protect themselves against cyberattacks, IT teams need to implement not only the right technologies but also the right approach. For example, in order to reduce their vulnerability to security risks, many organisations seek diverse security technology from multiple vendors to add a number of ‘layers’ of security. These need to be integrated with common firewalls and identity services.
“On top of this, to ensure all elements work together well, IT teams need to implement an approach based on openness and interoperability. Unfortunately, cyber security is a concept we will need to work with, as hackers and cybercriminals are relentlessly looking for new ways and technologies to intercept important data, but by taking these measures and adopting new network monitoring technologies, we can hugely reduce the risk of cyberattack.”
Fiona Whyte, Founder & Co-CEO, Endida:
“The people within the organisation often pose the greatest threat to security. Robust access policies and continuous security awareness training can make all the difference, especially around Phishing Attacks and general bad security practices. The best way to protect the business against cyber attacks is to have a proactive approach and implement an ongoing adaptive cybersecurity regime.
“The best starting point for this is a Pen Test, a simulated cyber attack. We recommend initially running an enumeration test, which shows you exactly how many devices you have and where; people are often surprised at how high this figure is. Once armed with this information, businesses can proactively fix all these weaknesses and strengthen their defences.
“A Pen test will Uncover blind spots in your security posture that go beyond known and patchable vulnerabilities, such as easily compromised credentials, exposed data, misconfigurations, poor security controls, and weak policies. With the advancement of AI, there are tools and services that can offer continuous pen testing, which is affordable and in no way as labour-intensive as traditional pen testing methods.
“It’s important that the data you get from your security platforms is meaningful and doesn’t end up overwhelming you or distracting you from what is critical. For larger organisations, implementing a robust XDR platform is a game changer. These platforms manage large amounts of data from various sources, make sense of them using AI and Automation to manage incident response, and give intelligence by correlating attacks and sources.”
David Jani, Content Analyst, GetApp UK:
“There are various ways to fight back against these problems. Training is an important step, as are clear company policies on how to handle password management securely and safely and how to respond to phishing attacks.
“This can be especially useful in preparing employees for what they should do when something goes wrong, and a system is compromised so that it can be quickly and cleanly dealt with.”