ICO Unveils 5-Step Plan to Defend Against AI Attacks

Getting the fundamentals right, knowing your adversary, and building layered defenses are essential steps for any organization looking to fend off AI-powered cyber threats, according to the UK’s Information Commissioner’s Office (ICO). Concerned by the rise in AI-driven attacks, the data protection watchdog released a five-step action plan today, pushing businesses to get ahead of these fast-evolving dangers.

“By investing in cyber resilience and ensuring appropriate security measures are in place, you can build public trust and confidence in how your organization protects the personal data you hold,” said Ian Hulme, executive director of regulatory supervision at the ICO. He pointed readers first to the National Cyber Security Centre’s updated Cyber Assessment Framework (CAF) to better grasp how adversaries are weaponizing AI or targeting corporate AI systems.

The specific threats flagged by the ICO should be familiar to cybersecurity professionals. They include AI-enhanced phishing aimed at colleagues, clients, or suppliers; deepfake-powered social engineering targeting employees; automated vulnerability scanning and exploitation; AI-powered malware that adapts in real time to evade detection; credential stuffing and password attacks that exploit weak passwords; data poisoning of AI models; and indirect prompt injection attacks.

Getting the Cybersecurity Basics Right

The ICO said it expects organizations to have the five controls of Cyber Essentials and the UK’s Cyber Governance Code of Practice in place as a bare minimum. But it stressed that extra layers of defense are “essential,” including a “solid patching and updating process” to counter the machine-speed vulnerability research and exploit development that attackers can now achieve.

“As part of vulnerability management, an organization should be considering the impact of an exposed vulnerability and prioritizing remediating action based on that assessment,” an ICO spokesperson told Infosecurity. “This includes reviewing other compensating controls if an update is not available, and the timing will depend on the risk assessment carried out. If a decision is taken to not take action but there is still risk exposure, then the rationale should be fully documented and agreed at senior levels.”

Additional security layers cited in the blog include multi-factor authentication (MFA) on all remote access, admin accounts, and email; strong password policies; and auditing and enforcing the principle of least privilege. Organizations should also understand the security and privacy implications of using AI tools for access controls, the ICO added.

Security teams must include supply chain partners in these access policies and wider security vetting. “The ICO would expect organizations to not rest on the achievement of a point-in-time assessment and instead adopt a dynamic threat-based approach to security,” the spokesperson explained. “This will depend on the criticality of the supplier, the types of services it offers and the type of data they process on behalf of the organization it is supplying services to.”

The basics should also include a regularly tested incident response plan, plus comprehensive security monitoring and vulnerability scanning. Hulme argued that using AI tools to improve outcomes is fine, but human oversight remains essential.

The Basics of Data Protection

Finally, Hulme urged organizations to meet their obligations under the GDPR by implementing “appropriate technical and organizational measures” to protect personal data. This could include data minimization and storage limitation; regular data audits; staff awareness training that covers AI-powered social engineering; AI governance including safeguards and a data protection impact assessment (DPIA) for any AI tools that process high-risk personal data; compliance with the government’s AI Cyber Security Code of Practice; and encryption and pseudonymization to reduce the impact of a breach.

When asked how the ICO decides whether enforcement action is needed after a breach, it explained that the organization’s “attack surface, sector, and data held” are key factors. “The [Cyber Essentials] controls will be considered when an organization is investigated but that does not necessarily mean that we would not take regulatory action,” the spokesperson said. “A key consideration will be whether an organization has put in place appropriate technical controls commensurate to the level of risk that organization faces and whether it can demonstrate how cyber risk has been governed.”