A New Era of Attacks on Encryption Is Starting to Heat Up
Over the past decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default while Zoom, Discord, and various other services all have options to enable the protection. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up. End-to-end encryption is designed so only the sender and receiver of messages have access to their contents governments, tech companies, and telecom providers can’t snoop on what people are saying. It is likely that criminals would find ways to continue to use self-made encryption tools to conceal their messages, meaning that backdoors in mainstream products would succeed at undermining protections for the public without eliminating its use by bad actors. Over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory.
Government publishes new AI Cyber Security Code of Practice and implementation guide
Purpose of the Code The Government explains that a voluntary Code of Practice focused specifically on the cyber security of AI is needed due to the distinct differences between AI and software, including security risks from “data poisoning, model obfuscation, indirect prompt injection and operational differences associated with data management”. It also note that software needs to be secure by design and that stakeholders in the AI supply chain require clarity on what baseline security requirements they should implement to protect AI systems. What is covered by the Code? The scope of the Code is focused on “AI systems”, including systems that incorporate deep neural networks such as generative AI. It sets out cyber security requirements for the lifecycle of AI, which it has separated into five phases: secure design, secure development, secure deployment, secure maintenance and secure end of life. The Code signposts relevant standards and publications at the start of each principle to highlight links between the various documents and the Code. Future global standard DSIT has developed the voluntary Code with the intention that it will form the basis of a new global standard for secure AI through the European Telecommunications Standards Institute (ETSI), which will set baseline security requirements. The UK Government plans to submit the Code and the implementation guide to ETSI so that the future standard is accompanied by a guide, and it notes that it will update the content of the Code and the guide to mirror the future ETSI global standard and guide.
Preserving Integrity in the Era of Generative AI
The Challenge of ensuring trust in online content has intensified with the rise of Artificial Intelligence. While AI technologies offer numerous advantages to society, the widespread accessibility of AI and machine learning tools, particularly generative models and deepfake technologies, allows individuals to create or alter data with relative ease, minimal expense, and heightened realism. Consequently, distinguishing between authentic and fabricated online content is becoming increasingly difficult. Content Credentials represents a developing technology aimed at addressing this decline in trust. This technology seeks to trace the origin of data, including its source and editing history, thereby facilitating the preservation and verification of authenticity. AI tools intended to identify synthetic or inauthentic data often prove to be ineffective and unreliable, necessitating additional technical measures to establish layered defenses for organisations, individuals, and society at large. Techniques for content provenance could play a crucial role in enhancing the integrity of information across various systems. While Content Credentials can assist organisations, systems, and users in making informed choices regarding the data they engage with, they alone will not fully resolve the issue. Nevertheless, as the technology advances, it will enhance systems’ capabilities to assess the authenticity of content more effectively.
7 Benefits of AI in Cyber Security
There are many concerns being cited about the use of AI within the Cyber Space….but let’s talk about some of the Benefits! 1. Detecting Vulnerabilities within Network Traffic by Analysing Patterns in Network Traffic Data, AI Systems can Identify Potential Threats & Alert Cyber Security Professionals. 2. Analysing a Large Amount of Data for Potential Threats. This can be particularly useful in Identifying Threats that might not be immediately obvious to Human Analysts. 3. Automating Routine Tasks to make them Less Time Consuming. 4. Automatically Patching & Updating Systems, freeing up Cyber Security Professionals to focus on more complex tasks. 5. Generating Reports & Alerts, Providing Valuable Information to Help Inform Cyber Security Decisions. 6. Improving the Speed & Accuracy of Threat Detection & Response, AI can Help to Reduce the Impact of Cyber Attacks. 7. Improving Efficiency of Cyber Security Operations, freeing up Valuable Time & Resources for Other Tasks.
Cyber Crime on Social Media in 2025
Cyber Crime on Social Media The Rise of Social Media in recent years has provided Cyber Criminals with an Additional Platform for their Illicit Activities. In 2022, Meta, the Parent Company of Facebook, Identified over 400 Malicious Applications for IOS & Android that aimed to Compromise Mobile Users by Stealing their Facebook Log-In Information. Among these Applications, 43% were Categorised as ‘Photo Editors, including those that Offered Users the Ability to Transform their Images. Additionally, 15% were Labelled as ‘Business Utility’ Applications, Purporting to Offer Features Not Available in Legitimate Apps from Trusted Sources. Cyber Criminals often Employ Tactics such as Creating Fraudulent Reviews to Enhance the Visibility of their Applications & Obscure Negative Feedback that points out Potential Risks. Consequently, unsuspecting Users may Download these Applications and are Prompted to Log in using their Facebook Credentials, allowing Hackers to Capture any Information entered. How Prevalent is Cyber Crime on Social Media? Cyber Crime is exceedingly prevalent on Social Media Platforms. In the 2nd Quarter of 2022, Facebook Removed 8.2 Million Pieces of Content that Breached its Policies regarding Bullying & Harassment. In the 1st Quarter of the same year, the Platform Removed 9.5 Million Instances of Policy Violating Content, marking the Highest Number Ever Recorded by Facebook.
Stricter GDPR Regulations in 2025!
Governments across the globe are implementing more stringent regulations to safeguard personal data held by organisations. By 2025, adherence to the General Data Protection Regulation (GDPR) will necessitate heightened vigilance. This may entail more rigorous reporting obligations for data breaches, stricter guidelines concerning data collection, and penalties for non-compliance. For non-profit organisations, maintaining compliance can be particularly challenging, especially in the absence of a dedicated IT or legal team. To effectively manage these changes, it is advisable to conduct regular assessments of your data protection policies and to invest in a cybersecurity audit to ensure that your organisation fulfills its legal responsibilities. In conclusion, Cyber Security in 2025 encompasses not only the protection of your systems but also ensuring that your team possesses the necessary training and knowledge regarding Cyber Security. It is imperative to take proactive measures now to counter emerging threats such as AI-driven attacks, phishing scams, and vulnerabilities in cloud services. Safeguarding your mission, your donors, and your reputation is of utmost importance.
5 Ways For Businesses to Prepare for Data Privacy Week
1. Update Privacy Policies Review all existing Data Privacy Policies, including those related to Password Management, Device Usage, Data Collection, and Cookie Usage, Ensuring they are Accurate, and Accessible to both Customers and Employees. Pay Particular Attention to Provisions regarding Data at Rest and in Transit, Data Deletion, Encryption Methods, Data Retention Periods, and Compliance Obligations. 2. Evaluate Data Controls The Effectiveness of your Privacy Practices is Directly Linked to the Robustness of your Security Measures. Assess the Current Controls for Data Collection, Storage, and Processing to Verify Adherence to Applicable Privacy Regulations. Examine your Access Controls and Enhance Existing Security Protocols to Safeguard Sensitive Information against Breaches and Unauthorized Access. 3. Implement Data Privacy Training With at least 74% of Businesses expressing concern over Insider Threats, it is Essential to Prioritise Data Privacy Training for Employees, particularly during Data Privacy Week. Seize this Opportunity to Initiate Training Campaigns focused on Privacy for both Employees and Customers. 4. Explore Compliance Tools Utilizing Compliance Automation Tools can address all the above-mentioned suggestions and provide Real-Time insights into your Privacy Controls. This Approach Eliminates the need to Coordinate with Multiple Teams or Utilize various Tools to Evaluate your Security Status, as all necessary Information will be on a single Dashboard for your Review. 5. Engage with Customers Data Privacy Week presents a Valuable Opportunity to Connect with Customers. You can Inform them about their Data Rights and the Measures your Company takes to Safeguard their Information, thereby Fostering Awareness and Enhancing your Relationship with them.
The 4 Essential Elements of AI-Driven Social Engineering Attacks
AI-Driven Social Engineering Attacks Generally Consist of 4 Essential Elements: 1. Data Acquisition: Cyber Criminals Meticulously Collect a Wide Array of Information about their Targets, which includes Social Media Profiles, Publicly Accessible Data, and any Information Leaked from prior Security Breaches. This Information serves as the Foundation for Training AI Models and Customising Attacks to Align with the Unique Traits and Behaviours of the Target. 2. Training of AI Models: With the gathered Data, Attackers develop AI Models Capable of Producing Realistic Synthetic Media or Automating Interactions with the Targets. For instance, AI Technology can Generate Deepfake Videos that Accurately Replicate a Target’s Voice and Appearance or create Personalized Phishing Emails that Address the Target Directly and Incorporate Specific Details about their Personal or Professional life. 3. Implementation of the Attack: The Content Generated by AI is Utilized in Executing a Social Engineering Attack. This could involve Dispatching a Deepfake Video Message from an Alleged Executive to Authorise a Fraudulent Transaction or Employing an AI Chat Bot to Interact with a Target in Real Time, Persuading them to Divulge Sensitive Information. 4. Exploitation and Aftermath: Once the Target has been Misled and the Desired Information or Action has been Secured, the Attackers Exploit the Compromised Data or Access for Financial Gain or other Malicious purposes. Additionally, AI can be Employed to Assess the Success of the Attack and Enhance Strategies for Future Endeavours.
Preparing for the Future: The 2025 Work Plan!
As Regulatory Deadlines Approach, it is Imperative for Businesses to Promptly Adjust to the Changing Landscape of Cyber Security Requirements. Essential Actions Include: Identifying Obligations: Recognise Laws & Regulations that Impact Services & Products. This Critical Initial step Facilitates the Development of Effective Compliance Strategies Performing Gap Analyses: Evaluate the Differences between Existing Practices & Regulatory Standards. Utilise the results to Prioritise Actions & Formulate Practical Work Plans Establishing Governance: Clearly Define Roles & Responsibilities for all Stakeholders to ensure Effective Coordination, Minimise Redundancies, & Optimise Resource Allocation Integrating Cyber Security By Design: Embed Cyber Security considerations early in the Design Phase of Products & Services to Ensure Alignment with Regulatory Mandates Enhancing Operational Resilience: Fortify Risk Management Frameworks & Incident Response Strategies. Regular Testing & Prompt Updates are Essential to Counteract Evolving Threats Compliance: Compliance Transcends mere Regulatory Necessity, it Represents a Strategic Opportunity. By Aligning with these Frameworks, Businesses can reduce Risks, build Trust with Clients & Partners & Secure a Competitive Edge. Conversely, Non-Compliance may lead to Penalties & Damage to Reputation. Although the Breadth & Intricacy of these Measures are Considerable, they embody a Larger Goal of Standardising & Elevating Cyber Security Practices. The Urgency for Compliance is Evident as Cyber Threats Escalate, Businesses Must Take Proactive Measures.
5 Tips to Avoid Cyber-Attacks on Black Friday
Consumers are expected to spend hundreds of pounds during Black Friday, which has become an increasingly significant event for numerous companies and millions of shoppers. To ensure a smooth buying and selling experience, it is crucial for both businesses and individuals to effectively prevent cyber-attacks on Black Friday that could lead to the theft of personal information, financial losses, or fraud. Cyber Attacks targeting e-commerce during Black Friday, Cyber Monday, and the holiday season have emerged as a primary concern for malicious actors. These individuals are aware that consumers will engage in a higher volume of online transactions during this period, making them more susceptible to deceptive communications that impersonate legitimate entities. Furthermore, this is a time when they can inflict greater harm on businesses. It is noteworthy that many consumers are now more vigilant regarding phishing campaigns during this season. However, due to the overwhelming influx of emails and text messages, there remains a significant risk of being misled, even among those who are conscious of such scams. 1. Undergo Ongoing Security Audits First of all, it is essential that companies perform continuous security audits to analyze all their digital assets. This way, you can look for vulnerabilities in the technological infrastructure, prioritize their remediation and prevent them from being successfully exploited by malicious actors. 2. Conduct Continuous Vulnerability Management and Respond Rffectively to Emerging Vulnerabilities Along the same lines, it is critical for companies to conduct ongoing vulnerability management that takes into account all of the organization’s digital assets. Only in this way can attacks against the software supply chain be prevented. It also establishes an effective strategy to mitigate the weaknesses found, considering the level of criticality of the same and the possibility of being exploited. 3. Perform Denial-of-Service Testing Distributed denial of service (DDoS) attacks against e-commerce are a classic. Using this technique, malicious actors resort to a botnet to launch requests and saturate e-commerce resources. As a result, online stores cannot respond to requests from customers wishing to buy from them. 4. Conduct Social Engineering Tests and Promote Cyber Security Training and Awareness among Employees and Customers Social engineering tests are another very important security test that companies can carry out to prepare for Black Friday.
