The UK’s national cyber security centre (NCSC), part of GCHQ, has warned that AI will likely increase the global ransomware threat over the next two years, and that organisations need to implement protective measures to combat this growing threat.
Ransomware is already the most acute cyber threat UK organisations face, and the threat actors (or cyber criminals) continually adapt their business models to both gain efficiencies and increase their profits. AI is set to make them even more effective.
The NCSC’s report “The near-term impact of AI on the cyber threat assessment, published on 24th January, concludes that AI is already being used in malicious cyber activity and is expected to increase both the volume and impact of cyber attacks – including ransomware – in the near term. It can:
- increase the number of cyber criminals - lowering the barriers of entry to novice cyber criminals, hacktivists and hackers-for-hire; and
- enable relatively unskilled threat actors to be better cyber criminals – helping them carry out more effective access and information-gathering exercises.
The National Crime Agency has also seen cyber criminals starting to develop criminal generative AI and offer “GenAI-as-a-service”, building on the existing “ransomware-as-a-service” trend we have seen over the last few years.
What can organisations do?
- Follow existing cyber guidance – although AI makes cyber criminals more effective, it is still the case that most ransomware attacks exploit poor cyber hygiene rather than use highly sophisticated attack techniques. Useful resources include the NCSC’s guidance on ransomware (see blog), 10 steps to Cyber security and Guidelines for Secure AI System Development (see blog).
- Use AI to help solve the problem. Both the UK government, and many organisations, are already using AI to improve their threat detection and security by design processes and so it is useful to keep abreast of the latest tools and services available.
- Monitor other AI security threats which could impact your cyber preparedness activities – for example, the NCSC’s report also discusses cyber threats around social engineering and malware.