Artificial Intelligence (AI) is expected to radically transform cyber risks in months, not years, requiring urgent action from governments and companies.
The warning was contained in a rare statement from the Five Eyes multinational intelligence alliance.
“While AI will help us improve cyber defence over time, it also accelerates the speed, scale and sophistication of cyber threats,” the statement notes.
“Frontier models are anticipated to exceed current expectations, fundamentally transforming offensive and defensive cyber capabilities. The timeline is not years, it is months,” they say.
WHAT IS FIVE EYES? A legal intelligence alliance now comprising Australia, Canada, New Zealand, United Kingdom and United States. It was established during WWII (1941) between the UK and US for collaborative intelligence sharing and surveillance. After the war, the other three countries joined.
The alliance says success will come from getting the basics right, acting quickly and incorporating cyber security into core business strategies.
“The urgency is clear. AI is not a future consideration – it is already here,” the statement reads.
“It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly.”
Click here for more information about cybercrime
USING AI TO DEFENCE AGAINST IT
It also noted that it can be a “powerful tool” for strengthening defence but requires a ‘whole-of-organisation/society’ response.
“Cyber risk can no longer be treated as a purely technical issue,” the alliance warns.
“This is a core business risk and leadership responsibility.”
It says there has to be cyber defence in place: “Leaders must be confident those controls will perform during a real incident. This requires reassessing long-standing trade-offs and using AI deliberately to strengthen defence, not just improve efficiency.”
It warns that cyber breaches are inevitable and that preparation now will prevent them from becoming major operational and financial crises.
The alliance also highlights practical actions that can be taken to reduce technical, operational, financial and reputational risks. These actions are:
Limit unnecessary system access to external connections.
With the time between vulnerability discovery and exploitation closing, any delay in patching increases risk, especially for operational systems with long update cycles, and that security updates must be a priority.
Older (legacy) systems are easy targets and can be liabilities.
Strengthen access with limits on access to critical systems, enforce strong authentication and regularly review permissions.
Plan for incidents by testing response plans, train teams and assume that breaches will occur and implement fast containment and recovery.
2022 CYBER REPORT: 9.8 million at risk in Optus cyber attack
