Strenghtening Cybersecurity in the Age of AI

National Cybersecurity Month: Strengthening Cybersecurity in the Age of AI

According to IBM (the cost of a data breach 2023), the average global cost of a data breach is 4,25 million dollars. We also know that in 74% of all data breaches, the human element is involved in, the breach through cases such as errors, privileged misuse, stolen credentials, or social engineering cases (2023 Data Breach Investigations Report – Verizon). Knowing this, one must prioritise awareness and risk management in a finely tuned harmony, rather than focusing too much on the technology itself.

Activities in National Cybersecurity Month

Throughout October, we've participated in the Norwegian National Cybersecurity Month by visiting several organisations from municipalities to financial institutions, where we've discussed the challenges associated with phishing, deepfakes, and voice cloning in the light of social manipulation. These threats continue to evolve, thanks to the application of AI tools.

According to IBM (the cost of a data breach 2023), the average global cost of a data breach is 4,25 million dollars. Attackers are now using AI to personalise attacks, making them more convincing.

Increasing sophistication in attackers' methods

Phishing, the well-known method of deceiving individuals into sharing sensitive information, is becoming increasingly sophisticated. Attackers are now using AI to personalise attacks, making them more convincing. The global rarity of the Norwegian language has inadvertently shielded Norwegians from digital scams like phishing. Historically, Google Translate and similar tools struggled to effectively translate Norwegian, making it less appealing to cybercriminals seeking to cast a wide net. This underscores the importance of awareness and digital literacy.

Deepfakes and voice cloning also pose significant concerns. With AI technology, malicious actors can create realistic forgeries of video and audio, which has the potential to cause considerable harm, especially in a time when we rely heavily on digital media for information and communication.

Framework for AI

To address these threats, we require frameworks and guidelines to steer us in the right direction. The National Institute of Standards and Technology (NIST) has developed a framework for AI risk management that can be immensely helpful. This framework offers a structure for assessing, controlling, and minimising the risks associated with AI implementation, serving as a critical tool to strengthen our digital resilience.

It’s evident that we cannot underestimate the significance of cybersecurity in our increasingly digitised world. We must work collectively as a society—comprising businesses, governmental entities, and academic institutions—to confront the challenges and opportunities that technology presents. Let's take responsibility and act now to ensure a safer and more reliable digital future.

Key characteristics to create a simple AI strategy

Tietoevry recommends that businesses create a simple yet precise AI strategy. The strategy needs to focus on key characteristics such as:

1. Business needs

What do we need AI to do for us and where can it generate value for our organisation?

2. Privacy and Compliance

Important external and internal demands the organisation needs to be compliant with should be defined and listed in the AI strategy.

3. Security

The strategy should be clear on how its use of AI is synchronised with its information security strategy.

4. Ethics

The strategy should define what kind of use is acceptable and what’s not.

5. People perspectives

The strategy should define company expectations and needs considering awareness and digital literacy.