Underestimated danger

AI has opened up a new era of cybercrime

Criminals have undreamt-of possibilities

(Bild: Yingyaipumi - stock.adobe.com)

"Artificial intelligence has opened up a new era of cybercrime. It is an extremely powerful weapon that the bad guys have got," says Damian Izdebski, founder and CEO of "techbold" in an interview with "Krone". This is a huge and far too underestimated danger, especially for entrepreneurs.

Cybercrime is a problem for more and more companies, but is underestimated by most small and medium-sized enterprises. The number of cybercrimes has doubled in five years. A study on IT security in Austrian SMEs commissioned by "techbold" shows that most companies are exposing themselves to a high risk. Hackers today have completely different tools at their disposal than they did three years ago. "We all talk about artificial intelligence and how great it is and all the things you can do with it. But we mustn't forget that the bad guys can also use these tools, and even better than normal users."

Russia's role has changed
Many things that hackers used to do manually with great effort in the past can now be fully automated and rolled out perfectly. The best example of this is phishing emails. These are now unrecognizable as such and perfectly crafted. "That is the biggest change in the last year or two. The second is the role of Russia. Before the war, hacking was also a criminal offense in some form in Russia. Now, not only is it not a criminal offense, but the criminals have been called upon by President Vladimir Putin to wage a cyber war against Western European companies."

SMEs have a problem
"I think the problem is similar everywhere," says Izdebski. "We see the biggest shortcomings in companies with between ten and 100 employees, i.e. Austrian SMEs. These are mostly companies, often owner-managed, that don't have an IT manager and are dependent on an external IT service provider."

Izdebski sees a lot of catching up to do among Austrian companies.

(Bild: Techbold)

"In Austria, the IT service provider landscape is very fragmented. There are hundreds of small one-man shows. And there are also a number of small companies with two or three technicians who somehow try to keep their customers' IT systems running. All in all, this shows that SMEs are not particularly well positioned when it comes to IT security."

IT security "not a wall that you only build once"
The fact that small and medium-sized companies often lack awareness of cybercrime is not least due to the fact that media coverage focuses on large companies, which gives the impression that small companies are less affected. Many people are also unaware that IT security does not work like a house wall that you build for 30 years. "IT security is something you have to keep up to date on a daily basis." Only reacting when something has happened is not a good security concept. The aim must be to ward off attacks, says Izdebski.

"If you don't have a backup, you have to pay"
Cybercrime is a business model. Criminals steal or encrypt data and demand a ransom. A third of medium-sized companies have no backup, explains Izdebski. "If you don't have a backup, you can only pay more." The second finding is that half of firewalls are not configured correctly. This is not a matter of large investments, but only a few thousand euros that could significantly increase the security standard.

Politicians also have a role to play. Izdebski believes that a company's IT security should be reviewed in the medium term in a similar way to its financial stability. As with the financial balance sheet, companies should have to prepare an annual report or have their security checked by an expert.