AI cybercrime trends which could harm SMEs

SME business leaders must prioritise cybersecurity to keep up with the evolving threat landscape. The breadth and sophistication of attacks are becoming increasingly complex, leaving many organisations left behind, with weak defences and gaps in team knowledge.

Small organisations are just as likely to be targeted as large corporations and often lack the resources needed to protect themselves or respond quickly to a breach. To help SMEs keep up, the North East Business Resilience Centre (NEBRC), a police-led non-profit have collaborated with leading experts, creating an industry report to highlight where the next big threats might come from and how businesses can prepare.

As you can imagine, a key theme in the report was the emerging threat of AI and how this might develop further in the months and years to come. Martin Wilson, Head of Student Services at NEBRC commented that, threats from the development of deep learning systems could be used to extract sound data from keyboard inputs. Meaning that hackers might be able to guess your password by simply using the tech to “listen” to typing sounds. This would mean people using coworking spaces and public spaces such as cafes or libraries could be left at risk. Though Martin notes that this is just theoretical at the moment.

The report did however, mention some more immediate trends relating to the use of AI in cyber attacks. AI is being applied to existing cybercriminal activity, making threats such as phishing attacks “almost undetectable”. Martin Heart, MD at CyberShelter said,

“The days of grammatically bad phishing attempts are coming to an end. This can become an issue for businesses, as collecting social information is just step one. Once credentials have been exfiltrated then further, monetised attacks can start to happen.”

It’s not just traditional phishing scams to be aware of though, there is a growing trend in AI voice impersonation. Jock Cockcroft, Ethical Hacker, Service and Technology Supervisor at NEBRC discussed that phone calls which are often used to confirm an invoice could be threatened. Some banking systems and network providers use voice verification, meaning that these high-risk business areas could increasingly be targeted.

How to best protect SMEs against emerging cyber threats?

Three trends relating to dealing with such challenges and preventing breaches, were technology, training and reporting crime. Though guidance varied based on each prediction, these common threads were seen throughout.

Marcus Dempsey, Director at InfoSec Governance and CE Partner NEBRC predicts that there will be an “increased uptake of two-factor authentication within businesses, to reduce the risks posed by cybercriminals who are leveraging AI within attacks”. Suggesting that technology such as this, alongside awareness and training will help strengthen SME defences,

John Hay, Head of Information Security at Net-Defence and CE Partner at NEBRC, agreed that training and awareness are key, predicting that employee cyber training will become more comprehensive to combat emerging 2024 trends. John said,

“Despite cutting-edge technological solutions, the human element remains a critical factor in cybersecurity. Small businesses often lack the extensive resources of larger enterprises, making them particularly vulnerable. Cybercriminals recognise this vulnerability and increasingly target employees through sophisticated social engineering attacks.”

How SMEs react when an attack occurs is also a critical part of fighting cybercrime. Rebecca Chapman, CEO at NEBRC and Ex-police Superintendent states that it is worrying that businesses won’t report breaches to the authorities and that many go unrecorded, as this then limits police intelligence which is needed to help allocate resources to this ever-growing area of crime.

There are a few simple steps that can help reduce these risks and the NEBRC free core membership sets these out, to help protect small businesses from the majority of online crime.