Context
The ICO has published a blog by Ian Hulme, ICO Interim Executive Director for Regulatory Supervision, about how firms can protect themselves from AI-powered cyber threats. With similar messages to those in Nikhil Rathi’s speech at the FCA’s recent Financial Crime Conference, Hunter points out that cyber criminals are increasingly using artificial intelligence (AI) to carry out attacks that are faster, more advanced and harder to detect. As the data protection regulator, the ICO can provide clear expectations and practical support, but all organisations must take proactive steps to prepare themselves for emerging threats.
Key points to note
By investing in cyber resilience and ensuring appropriate security measures are in place, firms can build public trust and confidence in how their organisation protects the personal data they hold. The ICO’s five practical steps to strengthen resilience to AI-powered threats are:
- Know what you’re up against – horizon scanning and understanding potential threats is the foundation of effective security. The main AI-powered risks facing organisations include AI-enhanced phishing, deepfake social engineering, automated vulnerability scanning and exploitation, AI-powered malware, credential stuffing and password attacks, data poisoning, and indirect prompt injection attacks.
- Get the basics right and layer your defences.
- Restrict access points
- Improve detection, monitoring and incident response.
- Protect personal data. Measures could include data minimisation and storage limitation, data audits, staff awareness, AI governance, encryption, and pseudonymisation.