Cyber Risks & Liabilities

The Impact of AI on the Cyberthreat Landscape

The rapid growth of artificial intelligence (AI) is reshaping industries and revolutionizing how people live and work. Its potential to propel scientific advances and bolster economic growth is apparent, but its implementation is not without significant risk. What’s more, the security risks associated with AI use are not yet fully understood, so the cyberthreat landscape could become more treacherous over time.
Organizations should consider the following risks AI enhances in the cyberthreat landscape:

Data poisoning—Cybercriminals could “poison” the data used to train AI tools to influence the tool’s decision-making. Through corrupt training data, AI models may learn incorrect or biased information, which threat actors can exploit for malicious gains. Moreover, data poisoning could lead to a rise in stealth attacks—where manipulated training data creates vulnerabilities that are difficult to detect during the testing process but can be exploited later.

Automated malware—Although AI tools have protections to prevent users from creating malicious code, threat actors are rapidly finding
ways to overcome these. As such, natural language processing (NLP) tools such as ChatGPT could help threat actors create automated malicious software (malware) at record speeds. As these tools advance, the barrier to entry for malicious actors may lower; even those with entry-level programming skills may be able to create sophisticated malware, increasing the volume of successful compromises.

Social engineering attacks—AI can already facilitate convincing interaction with victims, and the persuasive nature of these social engineering attacks may only deepen as this technology evolves. For instance, NLP tools can help criminals craft plausible phishing emails
without the spelling and grammatical mistakes that ordinarily reveal them as spam. Additionally, snippets of a target’s voice can be used to train AI algorithms to create convincing deep fake attacks (e.g., mimicking a manager’s voice to trick an employee into revealing sensitive information).

It’s worth noting that AI has also brought about significant advances to cybersecurity, particularly automated threat detection and response. Therefore, understanding both AI’s merits and potential pitfalls is critical. For more information, contact us today.

Managing Cyber Risks in a Down Economy

Although Canada’s economy grew unexpectedly in December last year and avoided a technical recession, the economic climate remains uncertain, making it wise for organizations to bolster their financial resilience and brace for change. An economic downturn could pose a variety of cyber risks for organizations of all sizes and sectors. Such risks include:

Limited IT spending abilities—In preparation for a recession, organizations may implement strategies to decrease spending and scale
back certain operational costs. This could entail cutting IT expenses and, in turn, reducing available cybersecurity resources. Consequently,
organizations’ digital defenses will likely degrade, making them increasingly vulnerable to cyber incidents and associated losses.

Increased insider threats—Poor economic conditions could place employees in troubling financial situations, potentially pushing them to
engage in illegal activities they otherwise wouldn’t. Such crimes conducted by insider threats may involve sharing confidential company
data, distributing workplace login credentials or providing digital access to essential business assets in exchange for payment, all of which could result in costly cyber losses for impacted employers.

To combat cyber risks in a down economy, organizations can consider these
practices:

Have a plan. Cyber incident response plans can help organizations establish protocols for mitigating losses and acting swiftly amid cyber
events. Successful plans should outline potential cyberattack scenarios, methods for maintaining key functions during attacks and the
individuals responsible for such functions. Organizations should routinely review their plans to ensure effectiveness, making adjustments as needed.

Conduct training. Employees are often the first line of defence against cyberattacks. That’s why organizations must make cybersecurity training a priority. Cybersecurity awareness training should include identifying phishing and malicious websites, password management, data protection and privacy.

Purchase cyber coverage. Especially during an economic downturn, it’s imperative for organizations to have sufficient insurance. Companies should consider purchasing dedicated cyber coverage to ensure financial protection against cyber losses. Organizations may encounter elevated cyber exposures in a down economy. However, businesses can reduce associated losses by better understanding these risks and taking steps to mitigate them.