The emergence of AI and new regulations, two of the great keys of the year
The new Generative AI tools force the industrial sector to advance in cybersecurity to avoid complex attacks that compromise their competitiveness, while at the same time they must comply with a series of standards in an increasingly regulated sector.
The rise of Artificial Intelligence and the approval of new regulations are being two of the most relevant aspects of cybersecurity of the year. Most sectors, including the industrial sector, have incorporated Generative AI tools in different areas such as the supply chain, as stated in the latest report published by ZIUR, the Industrial Cybersecurity Center of Gipuzkoa. “By 2026, organizations that practice AI transparency, trust, and security will see their AI models achieve a 50% improvement in adoption, business objectives, and user acceptance,” according to Gartner.
In recent months, the use especially of ChatGPT, but also of Bard, Youchat or Copilot, recently published by Microsoft, has spread among industrial organizations. Many of these tools can be used by organizations, but also by cybercriminals. Thus, while those with defensive purposes can improve security, there are also offensive ones available on the 'deep web', which can be acquired "by any user without the need for advanced technical knowledge," as stated in the document. ZIUR. As an example, since the birth of ChatGPT in 2022, an increase of 1,265% has been detected in the launch of 'phishing' campaigns via email, according to SlashNext.
“The presence of this second category of tools as well as their growing use to increase the sophistication of current attacks is forcing industrial organizations to acquire tools included within the first category to be protected. However, as new tools and techniques are developed, the available tools must be updated to be able to identify these new attacks and be able to respond to them," they warn from ZIUR, who point out that "third parties that are involved in the supply chain and may affect the continuity of the organization's processes."
New regulations
The appearance of new tools based on the use of Generative Artificial Intelligence has not been the only relevant event that has occurred during the year 2024 in the field of cybersecurity. The different organizations involved in the definition of standards and regulations at the European level have worked to create new regulations and directives applicable to industrial organizations.
Among them, the NIS2 directive stands out, which establishes a minimum level of cybersecurity for all Member States of the European Union; the AI Law, which regulates its use based on the risk associated with each scenario in the EU; and the Cyber Resilience Law, which establishes the minimum cybersecurity requirements for all products marketed in the EU.
“These advances mean that industrial organizations have to work not only on updating their systems, implementing the procedures and technical measures necessary to deal with the new attacks developed, but also on identifying the requirements of the new regulations that will come into force. force in the coming months to guarantee compliance,” says ZIUR in its 'Relevant aspects 2024' report.
Download the report here.