Managing Cyber Risks in the Face of AI- and ML-driven Adversarial Attacks
DOI:
https://doi.org/10.70301/CONF.SBS-JABR.2024.1/1.6Keywords:
cyber risk management, AI-driven, ML-driven, adversarial attacks, cyber risk frameworksAbstract
This paper presents a critical analysis of current cyber risk management practices in light of new and evolving Artificial Intelligence (AI) and Machine Learning driven adversarial attacks. Many enterprises are constantly grappling with cybersecurity risks and increased threats from phishing, ransomware and many other forms of cyber attacks, often resulting in substantial financial losses when the risks are not adequately addressed. With the advent of Artificial Intelligence (AI) and Machine Learning (ML), such cyber attacks and incidents will become more prevalent and potentially more devastating to businesses large and small. With AI and ML tools at their disposal, cybercriminals can dramatically reduce technical barriers for launching cyberattacks. They can easily develop more sophisticated social engineering tactics and ‘deep fakes’ that are not easily identifiable as such, thereby increasing the risks of unauthorized data disclosure. Drawing on literature review analysis, this research explores current and emerging AI- and ML-driven cyber threats faced by enterprises, effectiveness of current cyber mitigation measures and future management practices that can be leveraged to improve the security posture of enterprises. The study evaluates both technical and non-technical cyber risk management and mitigation measures and frameworks. The findings from this study help inform enterprise cyber risk managers and practitioners about the enormity of AI- and ML-driven cyber risks and presents emerging best practices to adequately mitigate those risks. The study contributes to the growing research on how threat actors are leveraging and AI and ML to expand cyber threats and how enterprises and organizations should respond to these ever evolving cyber risks.
References
Agzayal, Y., & Bouhorma, M. (2024). AI-Driven Cyber Risk Management Framework. In: Ben Ahmed, M., Boudhir, A.A., El Meouche, & R., Karas, İ.R. (eds) Innovations in Smart Cities Applications Volume 7. SCA 2023. Lecture Notes in Networks and Systems, vol 906. Springer, Cham. https://doi.org/10.1007/978-3-031-53824-7_51
Asatiani, A., Malo, P., Nagbøl, P. R., Penttinen, E., Rinta-Kahila, T., & Salovaara, A., (2020) "Challenges of Explaining the Behavior of Black-Box AI Systems," MIS Quarterly Executive: Vol. 19 : Iss. 4 , Article 7. https://aisel.aisnet.org/misqe/vol19/iss4/7
Aziz, S. & Dowling, M. (2019). Machine Learning and AI for Risk Management. In: Lynn, T., Mooney, J., Rosati, P., Cummins, M. (eds) Disrupting Finance. Palgrave Studies in Digital Business & Enabling Technologies. Palgrave Pivot, Cham. https://doi.org/10.1007/978-3-030-02330-0_3
Carabantes, M. (2020) Black-box artificial intelligence: an epistemological and critical analysis. AI & Soc 35, 309–317 (2020). https://doi.org/10.1007/s00146-019-00888-w
Chaddad A, Peng J, Xu J, Bouridane A. Survey of Explainable AI Techniques in Healthcare. Sensors. 2023; 23(2):634. https://doi.org/10.3390/s23020634
Chakravorti, B. (2024), AI’s Trust Problem - Twelve persistent risks of AI that are driving skepticism, https://hbr.org/2024/05/ais-trust-problem
Foysal, A., Islam, S.M., & Rahaman, T. (2019). Classification of AI Powered Social Bots on Twitter by Sentiment Analysis and Data Mining through SVM. International Journal of Computer Applications, 177, 13-19.
Fritsch, L., Jaber, A., & Yazidi, A. (2022). An Overview of Artificial Intelligence Used in Malware. In: Zouganeli, E., Yazidi, A., Mello, G., Lind, P. (eds) Nordic Artificial Intelligence Research and Development. NAIS 2022. Communications in Computer and Information Science, vol 1650. Springer, Cham. https://doi.org/10.1007/978-3-031-17030-0_4
Guembe, B., Azeta, A., Misra, S., Osamor, V. C., Fernandez-Sanz, L., & Pospelova, V. (2022). The Emerging Threat of Ai-driven Cyber Attacks: A Review. Applied Artificial Intelligence, 36(1). https://doi.org/10.1080/08839514.2022.2037254
Hart, D. (2023). Uncovering How AI's Dual Relationship With Cybersecurity Operates, https://www.forbes.com/councils/forbestechcouncil/2023/06/28/uncovering-how-ais-dual-relationship-with-cybersecurity-operates/
Kaloudi, N. and Li, J. 2020. The AI-Based Cyber Threat Landscape: A Survey. ACM Comput. Surv. 53, 1, Article 20 (January 2021), 34 pages. https://doi.org/10.1145/3372823
Kumar, P. Adversarial attacks and defenses for large language models (LLMs): methods, frameworks & challenges. Int J Multimed Info Retr 13, 26 (2024). https://doi.org/10.1007/s13735-024-00334-8
Ishai R., Asaf S., Yuval E., & Lior R. (2021). Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain. ACM Comput. Surv. 54, 5, Article 108 (June 2022), 36 pages. https://doi.org/10.1145/3453158
Lyu, S. (2024). "DeepFake the menace: mitigating the negative impacts of AI-generated content", Organizational Cybersecurity Journal: Practice, Process and People, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/OCJ-08-2022-0014
Malatji, M., & Tolah, A. (2024). Artificial intelligence (AI) cybersecurity dimensions: a comprehensive framework for understanding adversarial and offensive AI. AI Ethics. https://doi.org/10.1007/s43681-024-00427-4
Filiz Mizrak (2023). Integrating cybersecurity risk management into strategic management: a comprehensive literature review. Research Journal of Business and Management (RJBM), 10(3), 98-108. http://doi.org/10.17261/Pressacademia.2023.1807
Minh, D., Wang, H.X., Li, Y.F. et al. Explainable artificial intelligence: a comprehensive review. Artif Intell Rev 55, 3503–3568 (2022). https://doi.org/10.1007/s10462-021-10088-y
National Institute of Standards and Technology (2024) The NIST Cybersecurity Framework (CSF) 2.0. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Cybersecurity White Paper (CSWP) NIST CSWP 29. https://doi.org/10.6028/NIST.CSWP.29
Núñez, F., Esteban, J. (2022). Adversarial machine learning for cyber security http://hdl.handle.net/2117/372347
Radanliev, P., De Roure, D., Page, K., Nurse, J.R.C., Mantilla M. R., Santos, O., Maddox, L., & Burnap, P. (2020). Cyber risk at the edge: current and future trends on cyber risk analytics and artificial intelligence in the industrial internet of things and industry 4.0 supply chains, Cybersecurity, Volume 3, Article number 13 (2020). https://doi.org/10.1186/s42400-020-00052-8
Salem, A.H., Azzam, S.M., Emam, O.E., & Abohany, A., A. (2024). Advancing cybersecurity: a comprehensive review of AI-driven detection techniques. J Big Data 11, 105. https://doi.org/10.1186/s40537-024-00957-y
Shashkov A, Hemberg E, Tulla M, O’Reilly U-M. Adversarial agent-learning for cybersecurity: a comparison of algorithms. The Knowledge Engineering Review. 2023;38:e3. doi:10.1017/S0269888923000012
Schreiber, A. & Schreiber, I. (2024). Bridging knowledge gap: the contribution of employees’ awareness of AI cyber risks comprehensive program to reducing emerging AI digital threats, Information and Computer Security, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/ICS-10-2023-0199
Van Haastrecht, M et. al. 2021. Respite for SMEs: A systematic review of sociotechnical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909
Waizel, G. (2024). Bridging the AI divide: The evolving arms race between AI-driven cyber attacks and AI-powered cybersecurity defenses. In International Conference on Machine Intelligence & Security for Smart Cities (TRUST) Proceedings (Vol. 1, pp. 141-156). https://www.scrd.eu/index.php/trust/article/view/554
Mirsky, Y., Demontis, A., Kotak, J., Shankar, R., Gelei, D., Yang, L., Zhang, X., Pintor, M., Lee, M., Elovici, Y., & Biggio, B. (2023). The Threat of Offensive AI to Organizations, Computers & Security, Volume 124, 2023, 103006, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2022.103006
Wang, Y et al. (2023), "Adversarial Attacks and Defenses in Machine Learning-Empowered Communication Systems and Networks: A Contemporary Survey," in IEEE Communications Surveys & Tutorials, vol. 25, no. 4, pp. 2245-2298, Fourthquarter 2023, https://doi.org/10.1109/COMST.2023.3319492
Yamin, M. M., Ullah, M., Ullah, H., & Katt,B. (2021). Weaponized AI for cyber attacks,
Yang, W., Wei, Y., Wei, H. et al. Survey on Explainable AI: From Approaches, Limitations and Applications Aspects. Hum-Cent Intell Syst 3, 161–188 (2023). https://doi.org/10.1007/s44230-023-00038-y
Additional Files
Published
Issue
Section
License
Copyright (c) 2025 Godwill Chimamiwa (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Publication Agreement
This Publication Agreement ("Agreement") is made between the author(s) ("Author") and the SBS Journal of Applied Business Research ("Journal"). By submitting a manuscript for publication, the Author agrees to the following terms:
1. Grant of License
The Author retains full copyright ownership of the submitted and published work. The Author grants the Journal a non-exclusive license to publish, distribute, and archive the article in any format or medium, including but not limited to online and print versions.
2. Open Access and Licensing
All articles published in the Journal are fully open access under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This means that:
• The work can be freely used, shared, and adapted by anyone, provided that proper attribution is given to the original Author.
• The full license terms can be found at https://creativecommons.org/licenses/by/4.0/.
• No additional restrictions are placed on the use of published articles.
3. Author Responsibilities and Warranties
The Author guarantees that:
• The submitted work is original and has not been published or submitted for publication elsewhere.
• The work does not infringe on any third-party rights, including copyright, trademark, or proprietary rights.
• All necessary permissions for copyrighted materials used in the manuscript (e.g., figures, tables) have been obtained.
• The manuscript complies with ethical research standards and does not contain any form of plagiarism or falsified data.
4. Editorial and Publication Process
• The Journal reserves the right to perform editorial revisions for clarity, formatting, and consistency while maintaining the integrity of the Author’s work.
• The publication of an article is subject to peer review, and acceptance is not guaranteed upon submission.
5. Retraction and Corrections
• The Journal follows COPE (Committee on Publication Ethics) guidelines and reserves the right to retract, correct, or withdraw an article in cases of misconduct, errors, or ethical concerns.
6. Governing Law
This Agreement is governed by the laws of Switzerland. Any disputes arising under this Agreement shall be resolved in the courts of Zurich, Switzerland.
7. Agreement Acceptance
By submitting a manuscript, the Author acknowledges and agrees to the terms outlined in this Agreement.
Editor-In-Chief
Prof. Dr. Milos Petkovic
