The expert named the main mistakes in cybersecurity when implementing AI

More than half of cyber attacks start with phishing. Even with advanced security systems, the human factor remains the deciding factor: an employee opens a malicious email, and the infection occurs inside the corporate perimeter. Sergey Grachev, Deputy Director of the Metallurgy and Materials Department, told Izvestia on November 5 how to avoid threats and protect corporate data.

"63% of companies do not assess the security of new technologies before they are implemented, including AI agents and other digital solutions that are increasingly becoming part of corporate processes. The formation of ethics and culture of cybersecurity includes several basic elements: leadership and involvement of management, systematic training of employees, formation of responsibility at all levels and integration of cyber protection into every business process," the expert said.

Grachev also highlighted the growing risks associated with the use of artificial intelligence. According to him, more than 60% of companies are already using AI, but 77% of them do not comply with basic security requirements. The expert cautioned that many organizations are implementing AI models without taking into account data sources and possible vulnerabilities.

"Typical threats include leaks of confidential data, "hallucinations" of models (generation of false answers), distortion of forecasts, errors in the management of equipment and production processes. This is especially critical for industries with a high degree of automation, such as oil and gas, energy, and logistics. The main conclusion is that innovation without taking into account cyber risks is a direct path to losses and reputational risks. Security should not be an "addition", but an integral part of the company's digital transformation," the specialist said.

In addition, he stressed that the key mistake of many organizations is to involve information security specialists too late, when the finished system no longer meets the requirements of data protection.

From a black approach: hackers have quadrupled their attacks on Russia

The public sector, postal services and cargo and passenger transportation were among the most affected industries.

In May, it was reported that the number of phishing attacks continues to grow: in 2024, compared to 2023, their number increased by 33%, and from 2022 - by 72%. Government institutions (15%), industrial enterprises (10%) and IT companies (9%) were most often attacked last year. Such actions by hackers can lead to various consequences: theft of confidential information (63%), disruption of the activities of organizations (28%), damage to the interests of the state (6%) and direct financial losses (5%).

All important news is on the Izvestia channel in the MAX messenger.