Report: AI-driven Cyber Threats – The Next Twelve Months
Artificial intelligence is making existing cyber threats harder to defend against. Organisations need to act faster, strengthen the cyber security fundamentals, reinforce governance, improve information sharing and fight AI with AI. These are the conclusions of a new report from IVA. The report focuses on what needs to be done over the coming twelve months.
Fighting AI-driven cyber threats with AI
The report AI-driven Cyber Threats – The Next Twelve Months explains that AI can find and exploit vulnerabilities on a scale that far exceeds human capability. That capability now risks becoming available to anyone. This changes how attacks are automated and scaled up. Taken together, this means that organisations need to act swiftly and work differently to meet the new threat – not least by integrating AI into their cyber defences.
“AI makes it easier for anyone to carry out cyber attacks, and therefore harder for organisations to protect themselves. The most critical thing in the near term is to quickly close the most important security gaps and to integrate AI responsibly into our defences against AI-driven threats,”
Pontus Johnson, Professor at KTH, IVA Fellow and Chair of the working group.
Priorities for action:
- Increase the speed. Organisations must shorten the time it takes to act. In an environment where attackers test and scale up quickly, waiting for the perfect solution can become a risk.
- Invest in the basic cybersecurity work. Multi-factor authentication, access control, patching, logging and incident management become even more important, because AI-driven cyber threats can find and exploit weaknesses quickly and automatically.
- Strengthen governance. Decisions need to be made at a faster pace. Organisations also need to know which services, systems and suppliers are truly critical to their mission. This is a key issue for senior management.
- Improve information sharing and collaboration. Information about threats and lessons learned must move more quickly between government agencies, businesses, researchers and operators of critical infrastructure – as part of day-to-day operations, not only during a crisis.
- Fight AI with AI. It is not enough to do the same work faster. AI should be used as a productivity tool and needs to be integrated into cyber defences in a tested, controlled and responsible way.
Read and download report
About the report:
The report has been produced within IVA’s vision project Swedish Futures, in close dialogue with the National Cyber Security Centre and AI Sweden.