+44 20 363 016 59 info@preo-ag.com
  1. Home
  2. Blog
  3. Ai Risks For Companies

Date: 

9 Dec 2024

Author: 

PREO AG

On-Premise vs. Cloud

AI risk factors and how to guard against them preventively

Artificial intelligence offers companies enormous potential to develop new products and business models, increase the productivity of work and production processes or reduce costs through automation. The cloud-based AI models from Microsoft, Google, Amazon and others are already part of our everyday business and private lives. It's no wonder that AI development is advancing into ever new dimensions at great speed and that the hype that has existed for almost two years is continuing almost unabated


However, as with all new developments, the dangers and risks increase with the opportunities. The latter can quickly threaten the existence of affected companies, for example if cyber criminals train and use an AI in such a way that a successful attack not only threatens or paralyses the entire IT system, but also extracts highly sensitive data and uses it illegally or improperly. Active risk minimisation is therefore essential, especially in the area of critical infrastructure, such as the energy sector, the financial sector, healthcare or public administration, and investment in AI-supported cyber security tools is correspondingly high.


In this blog post, you can find out what other risks IT managers should be aware of when using artificial intelligence and how they can take preventive countermeasures with clever and controlled tool selection, continuous IT hygiene and employee sensitisation.


AI cybercrime risk - five threat scenarios for companies

Whether AI-supported or not - in order to effectively minimise risk, it is first necessary to know the specific cyber threats in the first place. Only then can the actual risk for a company be assessed and prioritised. This includes


1. Automated and scalable cyber attacks

AI enables attackers to carry out cyberattacks faster, more precisely and on a larger scale. For example, AI-powered algorithms can automatically identify and exploit security vulnerabilities in networks and systems without the need for human intervention. This can lead to an increase in zero-day exploits or phishing attacks that spread rapidly across the internet.


2. AI-driven phishing and social engineering attacks

Cyber criminals use AI to create phishing emails or social engineering attacks that look almost real at first glance. By using natural language processing (NLP), attacks can be personalised by analysing specific information about the victim, such as social networks or corporate communications. This makes it increasingly difficult to distinguish fake emails or messages from legitimate ones.


3. Deepfakes for fraud and reputational damage

With the help of AI, cybercriminals can create so-called deepfakes in the form of manipulated videos, audio files or images that look deceptively real. This technology can be used to produce fake statements from executives, manipulate confidential company data or carry out scams such as CEO fraud, in which fake orders are sent in the name of a high-ranking employee, for example to initiate illegal bank transfers or the sending of secret business documents.


4. AI-based malware and ransomware

Attackers are developing AI-powered malware that is able to adapt and bypass traditional security measures. Such intelligent malware can dynamically change its attack strategies to remain undetected or exploit targeted vulnerabilities that would be too complex for traditional malware. This makes it much more difficult for existing IT security systems to recognise and combat these threats.


5. Attacks on existing AI systems

Companies that integrate AI into their own systems run the risk of these AI systems themselves becoming the target of cyberattacks. For example, attackers could use adversarial attacks to deliberately feed manipulated input into AI systems in order to provoke incorrect decisions or malfunctions. In areas such as energy supply, finance or healthcare or the application of technologies such as autonomous driving, this could have catastrophic consequences.


Three effective measures to minimise AI-based threat scenarios

1. implementation of AI-supported cybersecurity infrastructure

One effective way to effectively combat AI-powered attacks is to use AI in cybersecurity. Companies or public administrations should use intelligent security systems that are capable of recognising and responding to threats in real time. AI-based security solutions can automatically detect


  • anomalies in network traffic and unusual user activity.
  • perform behaviour-based threat detection to detect potential attacks at an early stage.
  • better defend against phishing and social engineering attacks by analysing fake or malicious content and detecting suspicious patterns in communications.

These systems learn from previous attacks and dynamically adapt to new threats, making them an effective defence against AI-based threats. Important: Just because such a system has been implemented, it should not be relied on completely. It is not possible without professional monitoring and control by IT specialists.


2. regular employee training to increase risk awareness

The weakest link in the security chain will continue to be the employees, especially in the event of phishing and social engineering attacks. It is therefore essential to offer regular training courses or security workshops to raise awareness of new and potential threats. Important training content includes


  • Recognising phishing emails and suspicious behaviour, including the latest techniques used by cybercriminals.
  • Secure data usage and strong password practices, such as the use of multi-factor authentication (MFA).
  • Practising precautions when handling sensitive information and communication protocols, especially when dealing with suspicious requests or instructions.

Sensitised and well-informed employees can recognise potential threats more easily and play a preventative role in successfully fending off cyberattacks on the company.


3. Consistent IT hygiene and adversarial testing

IT managers should regularly check their own AI systems for vulnerabilities and ensure that they are protected against cyberattacks and manipulation. This includes in particular


  • Regular updates and patches for all programmes, applications and systems used in the company to ensure that security gaps are closed as quickly as possible.
  • Implementing AI security levels, such as mechanisms for checking and securing proprietary models and algorithms, to ensure that they cannot be manipulated.
  • Simulating attack scenarios in which AI systems are specifically confronted with manipulated data in order to test their robustness. This helps to identify vulnerabilities and preventively fix them before they can be exploited by criminals.

These security measures strengthen the resilience of the respective AI systems and help to ward off attacks on their integrity.


Recognising and reducing further risk factors through AI applications

1. Shadow IT and cloud sprawl

Most companies now use cloud-based AI tools to make their work processes more efficient. It usually becomes problematic when individual organisational units or even employees and managers license and use cloud-based applications without the knowledge of the IT department. In larger and decentralised company structures in particular, new, unsecured gateways are constantly opening up via so-called shadow clouds and cloud sprawl. Centralised procurement structures and the restrictive allocation of access rights can be used to effectively counteract this.


2. Data security and compliance

In the digital age,company data and customer data are the decisive basis for economic success. In some industries and sectors, therefore, not only the legal requirements apply, but also additional security and compliance standards. As a result, more and more companies are not moving particularly sensitive data to the cloud or bringing it back from the cloud to their own data centre. This ensures that important company data is transferred to cloud-based AI tools that are not sufficiently protected.


3. licence management

Even medium-sized companies with a few hundred employees quickly have to manage a portfolio of several thousand licences from a wide variety of providers. Software is increasingly becoming a decisive competitive factor and represents a relevant asset. However, the constant availability of cloud-based solutions means that software is also becoming an ever greater security risk. This makes active, efficient and security-oriented licence management all the more important. More and more IT managers and software asset managers are discovering the possibility of buying or selling used software licences. The advantages are obvious: relieving the burden on the current licence budget, reducing cloud-specific security risks and promoting a resource-conserving circular economy as part of the ESG obligations for sustainable business.


Used software - benefit from PREO's experience and expertise

As one of the leading providers of used software in Europe, PREO offers companies, organisations and public administrations a large selection of used on-premise licences for current and older versions of standard software from market-leading manufacturers such as Microsoft and Adobe. Whatever the need, with PREO customers have all the advantages of the secondary software market on their side and benefit from


  • High savings on ongoing licence costs of up to 70 percent compared to the respective new version.
       
  • 100 percent legally compliant and audit-proof licence acquisition with maximum transparency in all processing steps, including complete documentation in the PREO licence portal ‘Easy Compliance’.

  • Personal advice on all questions relating to licence transactions or the integration of used software licences in classic network structures or hybrid cloud models.

  • existing software licence management capacities for large IT infrastructure projects with thousands of workstations and cross-border locations.

  • more sustainability in the IT sector by promoting an active circular economy and reducing the company's CO2 footprint. Speaking of sustainability: PREO is the only retailer of used software with a current scorecard listed by EcoVadis, the world's largest provider of sustainability ratings.

  • The expertise gained from numerous reference projects that PREO has already successfully realised for well-known companies from various industries and sectors.


Enquire now free of chargeDouble arrow

Press and Marketing

Press and Marketing Nina Steffens

Do you have questions about materials, press releases or events? Feel free to contact

Nina Steffens
Corporate Communication Manager

P +49 151 24066668
M n.steffens@preo-ag.com

CURRENT LEGAL SITUATION

Current legal situation

Everything you need to know about the legal situation regarding "trade with used software"

What is the current jurisdiction? Where do legally compliant licences come from? What has to be considered when buying used software? We answer this and much more information on our page "Legal situation".

The legal situation Double arrow

BUY SOFTWARE SAFELY

Purchase used software

What do you have to consider when buying used software?

Do you need information on buying used software licences, licence audits or about the cooperation with PREO? You will find answers on our page "Buying used software".

Purchase used software Double arrow

PRODUCT OVERVIEW

View PREOs products

Do you need a specific software for your company or project?

Browse our product portfolio and find the right licences. Simply select the used software you need and add it to your request list with one click.

View products Double arrowDouble arrow