Cyber Crime, AI, and Protecting Your Firm

Introduction

• Speaker: Chris Rogers, Director of Research at SRA
• Session: Virtual conference on cyber crime focusing on AI
• Structure: Presentation followed by a live Q&A session

Panel Introduction

• Dr. Tom Wood: Lead Data Scientist at SRA
• Natasha Cromby: Detective Sergeant, City of London Police, National Fraud Intelligence Bureau
• Rowan Troy: Senior Cybersecurity Consultant at Littlefish UK Limited

What is AI?

• Explanation by Dr. Tom Wood
  • AI is essentially statistical modeling
  • Types of Models: Unsupervised (spotting patterns) and Supervised (predicting future)
  • Examples: Camera autofocus, spell check

Unsupervised Learning Example

• Scenario: Analyzing law firm matters over six months
• Results: Different clusters (red, green, blue, yellow) indicating various complexities and profitability

Supervised Learning Example

• Scenario: Predicting revenue based on department size in a firm
• Outcome: Red line (AI model) predicting future revenue

Modern AI: Large Language Models (LLMs)

• Examples: GPT, Bard, Llama
• Usage: Interacting with language, powerful APIs for integration
• Benefits: Democratization of AI, step change in AI service development

AI's Scary and Exciting Potential

• Pros: New products, automation, speed, accuracy
• Cons: Ethical concerns, deep fakes, misuse by bad actors
• Takeaway: Balance the excitement and fear around AI

Cyber Security and AI

Threats to Legal Sector

• Assessment by NCSC: Legal firms are prime targets for cyber attacks
  • Must protect sensitive client information, reputation, and financial assets
• Major Threat Actors: Cyber criminals, nation states, hacktivists, insiders

Role of AI in Cyber Security

• Concerns: AI supporting cyber attacks (finding vulnerabilities, creating phishing emails)
• Solutions: AI aiding cyber defense (tools like Security Co-pilot)
• Advice: Adhere to cyber security basics and frameworks like Cyber Essentials

Emerging Trends in Cyber Crime

Types of Cyber Crimes

• Cyber Dependent Crimes: Ransomware, DDoS attacks, hacking
• Cyber Enabled Crimes: Fraud via cyber means (e.g., remote access fraud)

Recent Statistics

• Cyber Attacks: Over 25,000 reports in the last 12 months
• Fraud Losses: 2.5 billion pounds from 300,000 fraud reports

Specific Trends

• Remote Access Fraud: Social engineering to gain device access
• Social Media Fraud: Exploited due to reduced in-person interactions
• AI and Deep Fakes: Increasing risk via voice cloning, automated phishing, etc.

Cyber Security Mistakes and Preventative Measures

Common Mistakes

• Ignoring basic security practices
• Over-relying on AI without understanding its limitations

Recommendations

• Frameworks: Cyber Essentials, NIST, ISO 27001
• AI Concerns: Monitor what you input, validate output, consider historical data relevance

In the Event of an Attack

• Immediate Action: Call 03001 12324 for the enhanced cyber reporting service
• Preventative Measures: Install Police Cyber Alarm for proactive monitoring

Lessons for Small and Medium Enterprises

• Use of AI: Many accessible AI tools (e.g., GPT, Microsoft Co-Pilot)
• Financially Viable Security: Utilize free tools, seek professional advice, focus on cyber security basics

Q&A Highlights

Common Questions Addressed

• Immediate Action in an Attack: Contacting proper authorities, not panicking
• Monitoring AI Usage: Policies, web filtering, user education
• Cyber Insurance: Importance and alternatives like DFIR services
• Giving Clients Cyber Security Tips: Encouraged to share basic tips, resources like NCSC guides

Conclusion

• Resources Available: On SRA’s OnDemand page
• Importance of Feedback: For improving future sessions
• Closing Remarks: Appreciation for participation and expertise shared by the panel

---

Additional Resources:

• Enhanced Cyber Crime Reporting Service: 03001 12324
• Police Cyber Alarm: www.cyberalarm.police.uk