The threat of a cyber-attack has never been greater and despite the best efforts of businesses and organisations to mitigate risk, many remain exposed as cybercriminals rapidly adapt to new technologies. This includes exploiting weakness in artificial intelligence (AI) technology at a much faster pace than industries are keeping up.
There is no doubt that organisations, and society more generally, have become more attuned to both emerging risks and the risk of traditional cyber threats including ransomware and phishing. Yet, the experience of businesses across industries and sectors is that both phishing and ransomware attacks are on the rise in Ireland. A small drop off in the volume of these attacks, likely influenced by geopolitical tensions in 2022, was short-lived as signs quickly pointed to a return to more consistent activity in recent months.
There is no one reason alone for the return to more typical volumes of these attacks but one important element is the emergence of AI technology which has opened up sophisticated, automated processes through which cybercriminals can prepare and execute attacks at much faster and more effectively than before. These criminals and criminal gangs are increasing automating sophisticated attacks, widening the net of potential victims in the process. Indeed, cybercriminals will harness the opportunity of AI much quicker than businesses will mitigate the risk it poses.
Cybercriminals are incorporating new AI technologies. For example, AI lowers the cost of malware generation, so attackers can deploy new variants of malware quicker, cheaper and with less skill. This will allow them to cast the net wider during attacks, and is possibly a reason behind the rising number of attacks on businesses within supply chains recently. The reach of these attacks, and deployment of automated processes has allowed attackers to increase the volume of attacks and potentially infiltrate and exploit data and information linked with multiple organisations within a supply chain network.
Of particular risk appears to be cloud based technology firms within supply chains who support multiple different businesses and therefore, if successfully compromised, drive a lot more return to criminals who hold them to ransom or exploit the data they’ve obtained in other ways.
The reality is, however, there are weaknesses across all sectors and industries. Ireland has been particularly slow to adapt and upgrade security controls in the wake of cyber threats – new and emerging.
Where heavily regulated industries such as financial services and telecoms tend to have slightly stronger controls by virtue of governing policy and regulations, others often aren’t held to the same standards and this hasn’t gone unnoticed. The clean-up in the wake of an attack is a lot more costly and time-consuming, than proactively mitigating against the potential for an attack and the subsequent fallout. Where consumer and personal data is compromised, the administrative task of cleaning up after an attack can be particularly burdensome, not to mention the legal and reputational damage that may also be incurred.
The question remains why so many have not moved to strengthen their controls and secure their operation. The short answer is that underinvestment and a shortage of skills in the cyber space have created challenges despite growing global cyber threats. In a heavily digitised society, we must continue to invest in upskilling our teams, upgrading our controls, and horizon scanning for new threats. In the meantime, good cyber hygiene and simple security protocols can go a long way to insulating against attacks, the absence of which will pose a much greater headache to organisations in the long run.
