Pinsent Masons warns of rising AI-driven cyber threats

The report underscores the challenges posed by the evolving cyber criminal landscape, emphasising the difficulty in attributing incidents to specific groups. Despite concerns, the report acknowledges the potential benefits of emerging technologies like AI in detecting and mitigating cyber threats. With tightening regulations on the horizon, businesses are urged to make cybersecurity a top priority in 2024 to safeguard against financial losses, reputational damage, and legal repercussions.

In the rapidly evolving realm of cybersecurity, Pinsent Masons has sounded a clarion call to businesses in Northern Ireland, urging them to reinforce their cyber defences in the face of escalating threats fuelled by Artificial Intelligence (AI) and the fragmentation of 'threat actor groups.' This call to action came during the fifth annual Cyber Report presentation in Belfast as part of CyberNI Week, where representatives from various sectors, including energy, finance, transport, and housing, gathered to assess the cybersecurity landscape.

Titled 'Cybersecurity Landscape, Risks and Challenges,' the comprehensive report delves into the sophisticated cyber threats encountered by Pinsent Masons' UK cyber team over the past year and sheds light on potential scams looming in the coming months. The breakfast briefing, held at the Soloist building offices in Lanyon Place, was chaired by Laura Gillespie, a partner at Pinsent Masons leading the cyber team in Northern Ireland.

One of the central findings of the report is the notable increase in ransomware attacks, constituting 58% of all incidents handled by the cyber team. This surge in ransomware incidents, affecting entities ranging from Small and Medium Enterprises (SMEs) to multinational corporations, has compelled businesses to intensify their efforts in developing robust cyber readiness programs.

Financial institutions emerged as the primary targets, accounting for 40% of breaches. The attractiveness of financial sectors to cybercriminals lies in the wealth of monetisable data they hold. Disturbingly, in 43% of confirmed cases, criminals successfully extracted sensitive data, which could be sold on the 'dark web' or used for identity and financial fraud.

The report also draws attention to the fragmentation of threat actor groups, some operating on a franchise model. This organisational shift complicates the attribution of incidents, posing challenges for threat intelligence reliance.

In an era marked by technological advancements, the report recognises the dual nature of Artificial Intelligence. While it presents new challenges, AI also offers benefits such as the detection of cyber-attack techniques and the identification of emails with rogue traits.

On the regulatory front, the impending EU Network and Information Systems Directive, slated to become national law by October, aims to establish a common, high level of cybersecurity. However, uncertainties persist in the UK, with slow progress on proposed changes to the NIS Regulations and no references in the King's Speech last year.

Laura Gillespie emphasised, "Organisations need to make cybersecurity their number one priority in 2024," given the relentless pursuit of new methods by cybercriminals. Regardless of a business's size, cyber attacks do not discriminate, and the fallout can result in lost revenue, reputational damage, fines, and follow-on litigation. The report serves as a stark reminder for businesses to fortify their defences and stay vigilant in the ever-evolving cybersecurity landscape.