Here at Payments Cards & Mobile Towers, news reaches us on a weekly basis of the AI-led solutions banks and service companies are creating to fight fraud. To deliver ever-greater customer service, and indeed to transform payments.
Yet such PR announcements ignore the equal and opposite possibility of the criminal fraternity also employing AI, from flawlessly imitating handwriting and signatures to deepfaking facial features that dupe biometric login solutions.
For all that AI has genuine benefits, it seems to be creating as many risks as it reduces.
As Oz Alashe, CEO of CybSafe, puts it, “While organisations explore the opportunities generative AI provides, it’s essential to consider the other side of that coin: the power AI gives cybercriminals to create more convincing phishing campaigns, deepfakes and more.
This puts the onus on organisations to equip people with the tools to identify and mitigate these growing threats.”
According to the Global Cybersecurity Outlook 2024 from the World Economic Forum, just 21 percent of people said they could differentiate an AI-generated written text from a human text – a fact that effectively makes handwritten signatures redundant in itself.
Worse than this, only one in ten of the 120 global cybersecurity leaders polled by the WEF believed AI gave defenders any advantage over attackers – for the simple reason that criminals are not bound by law in their use of AI.
Skills and awareness lacking for SMEs
The WEF’s report underlines the gap between major corporations and governments, which have the resources, experience and awareness to mount effective challenges to cybercriminals, and smaller organisations that may lack either the funds, awareness or skills to stop cybercrime via AI.
More than half the SMEs polled by the WEF said they did not know how to fight AI-led cyberattacks, or lacked the funds to do so.
The number of SMEs reporting they are unprepared for cyber-attack via AI has rocketed over the last two years from 5 percent to 37 percent.
Over the same period, the number of large organisations reporting that they are well-prepared to meet online fraud attacks has more than doubled, from 18 percent to 51 percent.
However, even that figure might be misleading, since large organisations tend to underestimate their vulnerabilities related to legacy systems, software patches and more.
“Just one in three SMEs said they had the skills in place to defend a cyberattack – and confidence has halved since 2022.”
That aside, the lack of confidence expressed by SMEs responding to the WEF’s survey is of serious concern.
Just one in three smaller companies said they had the right skills in place to respond to a cyber-attack, and the number of organisations confident in their readiness has halved over the last two years.
Furthermore, in the event of a cyber-attack, a mere one in five smaller companies have insurance: a level of cover four times lower than that seen in major corporations and governments.
Is systemic cover the answer?
Seasoned WEF-watchers may be less than stunned to learn that the organisation believes the answer to cyber-security, especially for SMEs, lies in a global system that levels the playing field, making sophisticated cybersecurity solutions available to all.
Such solutions would, according to the WEF, include the application of Large Language Models (LLMs) to cyber-threats – and creating threat archetypes that could then be promulgated among smaller organisations.
One can only imagine the implementation challenges of such a plan.
A more practical suggestion from the WEF comes in terms of upskilling existing employees.
Since most smaller companies cannot afford to hire cybersecurity professionals, the WEF argue that micro-credentialing and training existing employees should be made more widely available.
Finally, the WEF say companies of all kinds should transition away from legacy systems which are inherently more risky, not least because of the patching and tweaking that tends to occur while these systems are integrated with their more modern equivalents. T
hese last suggestions are eminently sensible, and should be adopted.
The post AI is generating new risks – what are the benefits? appeared first on Payments Cards & Mobile.