Artificial intelligence (AI) is considered the greatest technological revolution that will change our era as we know it. According to experts, this revolution will only be comparable to the changes brought about by the First Industrial Revolution and the arrival of the internet.

This October, CSIRT-CAN joins the ENISA initiative to celebrate European Cybersecurity Month. We've discussed other future challenges: cybercrime, money laundering, the shortage of professionals... but how will the imminent arrival of AI affect our cybersecurity?

According to a report by the UK National Cyber Security Centre (NCSC), AI is being used for potential cyberattacks on critical national infrastructure, that is, basic infrastructure for citizens.

Among the advice the NCSC offers, we highlight the following:

• Strengthen critical systems.
  They insist that constant software updates actively monitor for vulnerabilities and prioritize the protection of critical systems or those that manage sensitive data.

• Apply strong authentication.
  Implement phishing-resistant multi-factor authentication mechanisms. Also, monitor non-human or machine identities operating in your infrastructure.

• Secure communication channels.
  Trusted solutions to ensure email hygiene so that phishing messages don't reach your users' inboxes. Maintaining strict policies for document sharing and collaboration is essential.

• Adopt a Zero Trust approach.
  Applying this type of model strengthens cyber resilience and explicitly verifies each connection, limits access to the minimum necessary, and always operates under the assumption that a breach may exist.
  Monitoring and alerting are essential to detect intrusions early on, allowing you to act and mitigate damage in the early stages of an attack.

• Third-party and supply chain risk management.
  Monitor your suppliers and their supply chain.

• Promote human resilience:
  Training is essential to have a team prepared against cyberattacks. You will strengthen your human firewall and improve its ability to detect social engineering attempts.

• Ensure data protection and recovery
  Make sure you have verified backups of all relevant corporate data, stored in immutable systems that prevent attackers from modifying or deleting them. Test your attack response systems.

• Prevent data leakage
  Use tools like AI Recipient Validation to prevent users from sending sensitive information to the wrong recipients.

We are still on the cusp of seeing the true impact of AI on cybersecurity, and as British intelligence warns, if you are not aware of the risks and take steps to mitigate them, your defenses are likely to be inadequate.