How cyber secure are you?

/in /by

Just over four in ten businesses have reported experiencing a cyber security breach or attack in the last 12 months.

That equates to around 612,000 UK businesses and 61,000 charities, according to official UK figures.

Phishing attacks remain the most prevalent and disruptive type of breach or attack – experienced by 85 per cent of businesses.

Businesses say these types of attacks are time-consuming to address because of their volume and the need for investigation and staff training.

By harnessing artificial intelligence, scammers can create highly convincing emails and messages that trick employees into revealing sensitive information or transferring funds.

With only five simple prompts information technology giant IBM was able to trick a generative AI model into developing highly convincing phishing emails in just five minutes.

Here are some key pieces of advice from IBM to help businesses stay prepared:

• When in doubt, call the sender: If you’re questioning whether an email is legitimate, pick up the phone and verify.
• Abandon the grammar stereotype: Dispel the myth that phishing emails are riddled with bad grammar and spelling errors. AI-driven phishing attempts are increasingly sophisticated, often demonstrating grammatical correctness. That’s why it’s imperative to re-educate employees and emphasise that grammatical errors are no longer the primary red flag. Instead, train them to be vigilant about the length and complexity of email content. Longer emails, often a hallmark of AI-generated text, can be a warning sign.
• Strengthen identity and access management controls: Advanced identity access management systems can help validate who is accessing what data, whether they have the appropriate entitlements and that they are who they say they are.
• Constantly adapt and innovate: The rapid evolution of AI means that cyber criminals will continue to refine their tactics. Businesses must adopt that same mindset of continuous adaptation and innovation. Regularly updating internal TTPS (Tactics, techniques, and procedures), threat detection systems and employee training materials is essential to stay one step ahead.

Staff awareness is the first line of defence against phishing AI. Regular training will help employees recognise AI-driven scams, understand the risks, and respond appropriately. Multi-layered security.

That multi-layered security, including firewalls, antivirus software, email filters, and intrusion detection systems, will provide comprehensive protection against AI threats and other cyber security risks.