Over the past month or so cyber attacks have hit the headlines left, right and centre.
Coinbase was hit by a cyber attack in May that could cost it as much as $400m. In the same month, the UK’s Ministry of Justice revealed that the personal information of legal aid claimants as far back as 2010 had been exposed by cyber criminals.
But the highest-profile attack by far was that on British high street retail icon Marks and Spencer (M&S).
M&S revealed this month that the cyber attack, which began in mid-April and has prevented online orders for over a month since, wouldn’t be fully resolved until July. It’s estimated to be costing the company £4m in lost sales every day, and M&S thinks this could translate into a £300m hit to its profits this year.
Cyber attacks can be devastating over even longer timeframes. The British Library was hit by a ransomware attack in October 2023 and is still not fully recovered; a recent Government cyber resilience report estimated the cost of its response at £7m to date.
Plainly, cyber security is more important now than ever. That counts double in the age of artificial intelligence (AI).
In some respects, AI increases the danger of cybercrime. But it can also be a valuable weapon in cyber defence. Let’s take a look at this double-edged sword, and how it’s used both by cyber criminals and the cyber security experts seeking to thwart them.
AI in cyber crime
AI poses a fresh set of challenges for organisations and cyber security teams looking to protect themselves from hackers.
There’s two types of AI. What we’ll call “traditional” AI which has been around for decades, and involves very sophisticated computational techniques like machine learning.
Then there is “generative” AI, which includes platforms like ChatGPT, Dall-E, DeepSeek and Gemini. Generative AI is a distinct branch of AI that generates (hence the name) new content based on human, natural language inputs. While it’s been in development for years too, it’s really exploded onto the scene since ChatGPT’s launch in November 2022.
Both types are used by cyber criminals, in different ways.
Traditional AI can be used to gather large sets of data (such as personal information) at speed, or to mass-produce emails that are used in phishing campaigns. Data science and machine learning approaches can even be used to teach malware how to evade traditional cyber security systems.
But generative AI also has plenty to offer cyber criminals. It can mass-produce and personalise the text for those phishing emails, or be used to create deepfake videos that impersonate key people.
Voice cloning is an especially pernicious new approach that can replicate an individual’s speech closely enough to override voice-activated banking security. Very scary stuff.
And of course, all these different forms of AI can interact with one another. Cyber criminals have a lot of possible weapons up their nefarious sleeves.
AI in Cyber Security
Thankfully, though, the good guys also have access to AI tools, and there are plenty out there that make sophisticated use of the technology in order to protect users and organisations.
AI cyber security tools can effectively monitor business’ systems and respond to threats constantly. There are basic forms of this everywhere: your email inbox is deploying this kind of technology when it automatically designates some emails as spam.
But cyber security specialists are taking the technology to all new levels, creating systems that learn how organisations function on the back end. There is an awful lot of data involved in identifying and responding to a cyber threat, and traditional AI is particularly adept at analysing and understanding big data sets.
Crowdstrike outlines five of the key uses of AI in cyber security:
-
Threat detection: analysing vast amounts of data to detect subtle signs of malicious activity, such as unusual network activity or suspicious user behaviour, that traditional tools or human analysts might miss.
-
Response and mitigation: instantly and automatically responding to security threats, even outside of business hours, meaning that threats can be mitigated sooner – hopefully before causing too much damage. Its ability to learn from past incidents means its accuracy improves over time.
-
Vulnerability management: continuously monitoring systems for weaknesses and providing automated guidance for remediation, enabling organisations to stay ahead of existing and emerging vulnerabilities.
-
AI-Assisted threat hunting: combining AI’s analytical power with human intuition to make threat hunting more precise and efficient. AI also supports managed detection and response (MDR), aiding in threat analysis, prioritisation, and remediation.
-
Streamlined analyst experience: simplifying complex security data through natural language interfaces, allowing analysts to make faster, more informed decisions and focus on higher-level strategic work.
Cambridge-based cyber security firm Darktrace, for example, learns what normal patterns of email usage look like for a given organisation and screens out any communications that don’t match.
Darktrace also develops an autonomous response system called Antigena, which takes immediate action against threats. This includes automatically interrupting malicious activity, such as slowing down or isolating affected devices, while allowing normal business operations to continue.
Cyber Security and People
As much as AI is providing both cyber attackers and cyber security teams with new challenges and opportunities, it’s humans that remain on the front line of defending against cyber attacks.
Most successful hacks, including most of those we outlined in the intro, are made possible because of human error. The Coinbase hack was only possible because the attackers bribed a group of its overseas support staff into handing over customer data, which was then used to trick these users into believing the criminals were from Coinbase and transfer crypto to them.
Creating a watertight cyber security environment requires having the right tools, but those tools also have to be in the hands of the right people to use them and to educate the wider business on the key cyber security risks and best practices.
Oho Group specialises in connecting innovative businesses with the key hires to drive their organisations forward, and we have deep expertise in placing the following cyber security roles:
So if you are looking to bolster your organisation’s cyber security team – or if you’re a cyber security professional looking to join an innovative, security-minded organisation – contact Oho Group today to speak to one of our dedicated consultants.
