AI will increase volume and impact of cyberattacks in next 2 years says NCSC

AI will increase volume and impact of cyberattacks in next 2 years says NCSC

Report highlights a heightened global ransomware threat

A recent assessment by the National Cyber Security Centre (NCSC) has highlighted concerns about the increasing impact of AI on cyberattacks over the next two years. The report emphasizes that AI is already being used for malicious cyber activities and is expected to amplify the frequency and severity of cyberthreats, particularly ransomware.

The NCSC says that the use of AI lowers the entry barrier to less skilled cyber criminals, including hackers-for-hire and hacktivists. This allows them to conduct more effective access and information-gathering operations. The enhanced access, combined with AI's improved targeting capabilities, is anticipated to contribute to a heightened global ransomware threat in the near term.

NCSC CEO Lindy Cameron says: "We must ensure that we both harness AI technology for its vast potential and manage its risks - including its implications on the cyber threat.

"The emergent use of AI in cyber attacks is evolutionary not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term."

UK ransomware threat

Ransomware remains a significant cyber threat to UK organisations, prompting the UK government to invest £2.6 billion in its Cyber Security Strategy to enhance the country's resilience. The NCSC says, along with private industry, it is already leveraging AI to improve threat detection and implement security-by-design practices.

While the report acknowledges the evolving use of AI in cyberattacks as evolutionary rather than revolutionary, it underscores the need for managing the risks associated with AI's implications for the cyber threat landscape. The Bletchley Declaration , announced at the UK-hosted AI Safety Summit, outlines a global effort to ensure the safe and responsible development of AI.

Emergence of generative AI

The report also highlights the emergence of criminal Generative AI (GenAI) and 'GenAI-as-a-service,' enabling cyber criminals to access improved capabilities. However, the effectiveness of GenAI models is constrained by the quality and quantity of the data on which they are trained. It seems that the cyber criminals have the same challenges with underlying data quality and integrity as every other organisation.

The National Crime Agency (NCA) warns that advancements in AI are likely to increase the ransomware threat in the coming years. The NCA notes that AI services reduce entry barriers, attracting more cyber criminals, and enhance their capabilities by improving the scale, speed, and effectiveness of existing attack methods.

To address the growing threat, the NCSC advises organisations and individuals to follow cybersecurity best practices. The report emphasises that most ransomware incidents result from cyber criminals exploiting poor cyber hygiene rather than sophisticated attack techniques.