Navigating the cloud risks in the growing AI threat landscape
Collaboration without concern
AI and cloud computing might sound like a complex combination, but the two technologies have long been present in our everyday lives. When we ask Alexa to set a 15-minute cooking timer, use Google Maps to find a new route around a traffic jam or, more recently, ask ChatGPT to write us a tricky Excel formula, we’re depending on a seamless interplay between AI and the cloud. But AI is also integrating into the cloud in far more advanced and mission-critical ways, too—bringing both big benefits and risks along the way.
Data fast-tracked: Our increasing reliance on AI and the cloud
Today, organizations in industries like ecommerce, banking, and manufacturing are using the AI-cloud combo to automate proprietary production processes and decipher sensitive datasets. Big tech players like Google are leveraging it to improve operations through predictive analytics and anomaly detection. Even healthcare is becoming AI and cloud-reliant—researchers are using AI to trawl millions of cloud-based pharmaceutical papers to spot patterns and uncover ground-breaking biomedical relationships, which may lead to life-saving drug discoveries.
Simply, AI-driven cloud computing is cascading into many aspects of business and life. But as our dependence on it increases, and it grows in accessibility and power, so too do the methods that cybercriminals use to exploit it. AI technology is providing hackers with new ways—from sophisticated phishing emails to deepfake videos—to catch us off guard. Let’s explore these growing risks, and how your business can protect itself.
CISO, SoftwareOne,
AI is elevating the threat landscape
By 2025, it is estimated that cybercrime costs will reach about $10.5 trillion annually - a 300 percent increase from 2015 levels. The National Cyber Security Centre has already warned that malicious AI use will drive the threat landscape in 2024. In an environment where AI is increasingly weaponized and providing ever evolving ‘upgrades’ to hacker toolkits, it's no wonder that spending on information security and risk management hit $188.1 billion in 2023.
This new, highly complex threatscape is largely down to AI’s ultra-advanced capabilities. The most obvious malicious tactics are those that rely on the generation of text for social engineering attacks. But this goes beyond phishing to the potential threat of rapid dissemination of malware techniques. Malicious actors can use AI to identify vulnerabilities in the cloud and create malware to exploit them. It can detect weaknesses and exploit security flaws far faster than human IT teams can react. It can even generate sophisticated malware that learns to avoid detection, making it nearly impossible for traditional anti-virus software defenses to combat.
Training and infrastructure must keep pace with developments
Considering these risks, a big responsibility of business leaders in 2024 is to provide employee training on how to spot the ‘tell-tale signs’ of an AI-enabled attack. Up-to-the-minute knowledge of the latest tactics will go a long way in preventing malware and ransomware from slipping through the cracks undetected.
But training is only part of the puzzle. Businesses need to also need to bring security and simplicity to their cloud operations. Steps include:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
1. Implementing strong access control management that follows the principle of least privilege. This means providing all users or applications with the minimum level of access they need, with multi-factor authentication required at each level.
2. Encrypting all data at rest and in transit. This will help unauthorised actors from accessing and deciphering sensitive information. Meanwhile, encryption keys that unscramble the data should be regularly changed and stored securely.
3. Regularly assessing vulnerabilities. Tools such as penetration testing will allow businesses to simulate real-world attacks that help highlight weaknesses in their cloud infrastructure that can then be shored up.
4. Adopting a cloud-native strategy. Cloud-based businesses should make sure they only use security practices and technologies that are specifically designed for cloud environments, helping to plug any legacy gaps and build security into applications from the ground up.
Fighting AI with AI
However, strengthening the cloud’s infrastructure is no longer sufficient to safeguard its data alone. As cyber criminals ramp up the use of AI across a range of different attack vectors, businesses need to do the same. By harnessing AI for threat detection and to spot ‘out-of-the-ordinary’ behaviors and patterns, businesses can stay one step ahead of criminals, better securing their security perimeter.
AI can particularly help to protect data across hybrid cloud environments. It can spot shadow data and look for data access abnormalities, instantly alerting IT teams about potential threats. AI can analyze and verify login attempts via behavioral data, allowing access to users who are behaving as normal and flagging or even blocking those acting abnormally or suspiciously.
AI can even perform real-time threat analysis and post-action risk analysis. Then, IT leaders can set up automatic incident responses that speed up attack prevention and investigations for watertight cybersecurity. Additionally, AI also has a role to play in automating many standard and time-consuming security processes, reducing the risk of human error and improving efficiency of staff.
Unlocking complete confidence in your cloud
Recently, the UK and US signed a landmark deal to work together on testing advanced AI and assessing its threats. It’s the first bilateral agreement of its kind—highlighting just how seriously two of the world’s most powerful countries are taking this new technology. Businesses therefore should too.
As businesses commit more resources to the cloud, we must all use the most advanced technologies available to protect it. AI-powered security is the fastest, most adaptable, and most intelligent tool we have at our fingertips. And to make sure you have the right AI shields in your arsenal, it’s worth partnering with an expert enterprise software and cloud advice provider. This way, you can access either built-in or added-on AI security that safeguards your business throughout this next great technological revolution.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Ravi Bindra, CISO, SoftwareOne,