This week marked the annual Infosecurity Europe conference, the leading event for the cyber security community held in London on 2-4 June. With the theme, “Building a Safer Cyber World”, Primary’s Senior Account Manager Renee de la Motte attended to learn about protecting people, assets and data in today’s rapidly evolving threat landscape.
It was clear from keynote presentations throughout the event that AI is the most undeniable cyber threat facing us today. The rapid speed at which AI agents like Chat GPT, Copilot and Gemini are making their way into our workplaces (and into the hands of attackers) is creating a minefield of risk. Just as businesses implement AI processed to automate manual tasks and improve productivity, attackers are using AI to speed up their cyber attacks, launching them with more ease than ever before.
As AI continues to make its way into every aspect of our professional and personal lives, it will become increasingly difficult to ensure it’s being used for good purposes only. That’s why the guardrails have to be put in place now. Organisations need to educate all employees on the dangers of unfettered AI use, asking questions like “What confidential data are they putting into these chatbots, and what could be the consequences if this were to be exposed?” Because of how widespread AI use has become, organisations need to set clear policies regarding the use of AI and monitor for employee breaches of this.
This brings us to another key trend from the event; cyber security is no longer an issue reserved for the IT department. It’s now a whole-of-organisation issue affecting everyone from interns, to accounting teams, PR and marketing, right up to C-level Executives. Jesse McGraw, a reformed hacker turned security professional, went even further during his panel session, saying that cyber security has now become a societal issue. He argues if it’s so easy to use AI for bad purposes, then we must educate and train people of all ages, walks of life, and professional backgrounds on how to use AI for good. Otherwise, disenfranchised groups may be attracted to cybercrime without knowing the full dangers associated with this.
Another concerning trend was the emergence of triple-extortion ransomware attacks and shift in attacker behaviour. These days, many attackers have moved beyond the traditional single-stage encryption attacks, where an organisations data is encrypted and held by attackers until the ransom is paid. Increasingly, ransomware attacks are now multi-pronged schemes involving psychological pressure and even physical attacks on individuals, to wear them down and increase the likelihood of ransomware payment. These attacks cross a new ethical line, making it more difficult for organisations to say no to ransomware. Even the most well-prepared CISO won’t tolerate a threatening message against their family.
Overall, the event taught attendees that as cyber criminals’ tactics rapidly evolve, we must continue to evolve alongside them. Although it feels like things are moving at an unstoppable pace, we must double down on cyber security education to help people
Renee de la Motte is Senior Account Manager
