Analysts warn that artificial intelligence (AI) is changing the cyber security landscape. According to the security firm Darktrace, criminals are using AI chatbots to create more convincing and complex scams that exploit user trust.

Thanks to AI technology, cyber criminals are able to create more targeted and personalized e-mail attacks, making it harder for businesses to defend against attacks. However, organizations can make themselves more resilient by implementing ISO/IEC 27001.

The international standard provides a framework, known as an information security management system (ISMS), for managing risks and protecting against cyber threats.

ISO/IEC 27001 recommends a risk-based approach to information security management, which means identifying threats to business-critical assets and implementing appropriate controls to mitigate those risks. It also emphasizes the importance of addressing the human factor in information security, including the risks posed by employees as potential cyber security threats.

ISO/IEC 27001 advises organizations to establish a culture of information security. The aim is to help all employees to understand the importance of protecting information and to ensure that they are actively engaged in maintaining a secure environment.

This can be achieved through regular communication and training and awareness programmes, as well as by establishing an information security governance structure that includes senior management. Training should cover not only phishing and other social engineering attacks, but also topics such as password management.

In addition, ISO/IEC 27001 recommends that organizations establish clear policies and procedures for managing access to information and information systems. This includes policies for creating and managing user accounts, managing access rights and controlling the use of privileged accounts.

The standard also recommends that organizations implement controls to monitor and audit user activity to detect and prevent unauthorized access or use of information.

Providing added assurance, ISO/IEC 27001 is now part of the approved process scheme that provides for the independent assessment and issuing of an international IECQ certificate of conformity. IECQ ISMS facility assessments under the IECQ AP scheme ensure a focus on the key technical and administrative elements that provide confidence that the requirements of ISO/IEC 27001 have been met.

IECQ certification helps to build trust and confidence in the organization's information security practices. This can be particularly important for businesses that are looking to build relationships with customers, suppliers and other partners who need assurance that their information is being protected.

While the use of AI technology by cybercriminals is a concerning trend, consensus-based international standards and conformity assessment offer proven protection. Implementing ISO/IEC 27001 enables organizations of all kinds and sizes to establish a systematic and structured approach to protecting the confidentiality, integrity and availability of data.

(Source: IEC)