How can you rise to the AI-enabled cyber threat?

This article is part of our Algorithm to Advantage campaign.

AI is rapidly reshaping the cyber security landscape. While threat actors evolve their tactics, using AI for advanced social engineering and deepfake attacks, to customise and automate cyber attacks, and speed up development of their malware and ransomware tools, so too do their targets. Organisations are leveraging AI for improved threat detection, analysis and assessment. All the while, trends such as the use of open source to develop tools continue to evolve threats and dynamics on both sides of the cyber divide.

As the stakes, and levels of regulatory scrutiny, continue to rise in parallel, Carolyn Bigg, Global Co-Chair of Data Protection, Privacy and Cyber Security, and Hong Kong partner, shares the four priorities for organisations evolving their cyber defence.

1. Elevate your cyber governance to board-level business exposure and strategic threat

Cyber security is fundamentally a question of operational resilience and, as such, is a critical matter of corporate governance and core to business strategy and commercial success, not just a matter of IT hygiene or a regulatory compliance issue.

Moreover, regulations like NIS2 have introduced increased risks of personal liability for board members.

Leadership, therefore, must steer a cross-functional, robust cyber governance programme, with adequate senior oversight.

Cyber governance programmes need to be agile to ensure cyber governance addresses new threats and evolving regulations, noting there are regional/local variations to navigate in both regards.

AI-driven threats, such as deepfake impersonations and automated reconnaissance, require boards to understand – and implement governance programmes to address - not just the risks, but the speed and sophistication of modern attacks, and to take the lead in ensuring cyber resilience is well-funded and rigorously stress-tested.

2. Respond to rapid evolution in AI-driven cyber threats

AI allows threat actors to automate both their identification of targets and execution of cyber attacks, so as to improve accuracy of their research and exploit vulnerabilities more quickly. AI algorithms also learn and continuously evolve in real time, allowing threat actors to improve their attack techniques and avoid detection.

In turn cybersecurity teams must invest in up-to-date and customised (e.g. sector-specific) threat intelligence, track common and emerging tactics and techniques, and ensure defences are calibrated to counter AI-enhanced attacks. Of course, using AI-driven cybersecurity solutions can support in this regard.

3. Put ID and credential protection at the centre of your strategy to manage AI-driven phishing attacks, while being alive to evolving threats

One current trend is for cyber incidents to involve legitimate credentials, often obtained through AI-enhanced social engineering such as voice phishing (vishing), deepfake calls and realistic email spoofing, rather than malware. Cyber actors leveraging AI to mimic employees and bypass authentication has rendered the securing of identity infrastructure absolutely paramount.

Organisations must deploy advanced identity protection across cloud and hybrid environments, and ensure contracts with third-party providers reflect a shared responsibility for credential security.

4. Test recovery alongside reaction – resilience is as important as defence

Successful cyber resilience is also about recovery, not just prevention. As AI accelerates the pace of attacks, intrusion detection must match this pace.

Organisations must now conduct regular and realistic tabletop exercises that simulate AI-driven threats.

These should involve all critical service providers, and challenge often generous assumptions around recovery time objectives, which are frequently missed despite contractual guarantees. Contracts with service providers should also be reviewed to ensure they appropriately address the evolving risks – and consequential liabilities – arising from both AI-driven cyber incidents and use of AI tools to protect against cyber incidents.

Significant downtime, as seen in headline attacks this year, could prove existential for organisations, so mitigating challenges to getting back online and operational is critical.