image: ©Wanniwat Roumruk | iStock
Businesses and public sector organisations are being warned that a new generation of cyberattacks powered by artificial intelligence may be on the horizon
Cybercriminals are using AI to launch faster, harder-to-detect attacks. The Information Commissioner’s Office (ICO) has advised on ways to protect against cyber attacks.
There are concerns about how cybercriminals are using AI to automate attacks, impersonate trusted individuals, and exploit security weaknesses.
ICO warns that AI is changing the cyber threat landscape. Phishing scams are becoming more sophisticated, using AI-generated emails that closely mimic genuine communications from colleagues, suppliers, and customers.
Deepfake technology is also becoming a major concern, as attackers can create realistic audio and video clips designed to trick employees into revealing passwords or granting access to systems.
Criminals are also increasingly using automated AI tools that can scan networks for weaknesses and exploit vulnerabilities within minutes. AI-powered malware can also adapt its behaviour in real time, making it harder for traditional antivirus software to detect suspicious activity.
Basic security measures
Despite the rise in AI-driven threats, many successful attacks still exploit poor cyber hygiene and weak security controls.
ICO is encouraging organisations to focus on core protections, such as regular software updates, strong password policies, and multi-factor authentication.
Layered security is essential; relying on a single line of defence is not enough when attackers can use AI to rapidly identify vulnerabilities and test different attack methods.
Restricting access to systems and sensitive information is another key recommendation. ICO is advising businesses to apply the principle of least privilege, ensuring that employees and third-party suppliers can access only the data and systems necessary for their roles. Regular audits of privileged accounts and the swift removal of outdated access permissions are also considered critical safeguards.
Risks around personal data
AI-powered attacks are increasingly targeting personal data because stolen information can be used to support further cybercrime, fraud, and identity theft.
This means organisations handling customer or employee data are under increased pressure to ensure information is stored securely.
Regular data audits, encryption, and pseudonymisation are some of the measures being encouraged to reduce the impact of potential breaches. Businesses using AI systems that process personal data are also being urged to conduct detailed risk assessments and implement safeguards against attacks specifically targeting AI models and tools.
Training staff to recognise AI-enabled scams is becoming equally important. Cyber awareness programs are now expanding to include threats such as voice cloning, deepfake impersonation, and AI-generated phishing emails.
AI as a threat and a defence tool
Although AI is a significant risk, ICO also suggests using the technology to strengthen cybersecurity operations. AI monitoring tools can help identify suspicious activity more quickly, including unusual login attempts, abnormal data transfers, and suspicious system behaviour.
However, ICO warns that AI security systems should still operate under human oversight to prevent errors, misuse, or manipulation by attackers.
As cyber threats continue to evolve, organisations are being reminded that strong cybersecurity is no longer just an IT issue but a core business responsibility. Creating strong foundations, improving staff awareness, and preparing clear incident response plans are seen as essential steps in protection.
