As cybersecurity threats and attacks continue to become more prevalent, it is critical for companies to understand the issues and determine how to protect their most valuable assets.
Following are some timely insights and practical guidance, based on my experience, to keep in mind.
ChatGPT and AI and the Threat to Organizations
The adoption of AI technologies such as ChatGPT by corporations is becoming increasingly common. Businesses have begun using AI technologies such as ChatGPT in a variety of ways, including natural language processing, computer vision and predictive analytics. These technologies can provide organizations with significant benefits, such as automating repetitive tasks, analyzing large amounts of data, and predicting future events. However, in addition to these benefits, these technologies pose a significant threat to organizations.
One possible concern with AI systems like ChatGPT is the misuse by bad actors to launch sophisticated cyber attacks against companies. For example, an attacker could use AI to create fake identities or impersonate legitimate users, making it more challenging for organizations to detect and defend against this type of social engineering attack. Additionally, ChatGPT could be used to write advanced malware that is difficult to detect by existing cybersecurity technologies. Recently, CyberArk, a publicly traded cybersecurity firm, published a report demonstrating how ChatGPT could be used to create polymorphic malware. Polymorphic code is code that rewrites itself every time it executes in an attempt to evade detection.
Furthermore, an AI system itself may be vulnerable to cyber attacks or other forms of tampering, which could enable attackers to gain access or control of the system and utilize it to steal sensitive information or disrupt operations. To mitigate these risks, organizations must take the necessary steps to secure their AI systems and protect them from these threats.
In conclusion, ChatGPT and other AI technologies are powerful tools that can deliver several benefits to organizations. However, they also pose a significant threat if not secured.
Organizations must take the necessary steps to ensure the proper use and security of their AI systems and protect them from these types of threats to mitigate the risks of cyber attacks.
‘Knowing Your Assets’ Is Your Best Defense
“Knowing your assets” is considered a critical element of an organization’s overall cybersecurity strategy. It entails understanding and keeping track of all the hardware, software, and data an organization utilizes, including servers, workstations, laptops, mobile devices, network infrastructure, applications, and any sensitive data stored on those assets. By identifying and understanding all “mission critical” assets in an organization, such as servers that host sensitive data or workstations that are utilized by employees with access to personally identifiable information (PII), organizations gain the ability to prioritize their security efforts and develop the necessary safeguards to protect these assets. “Knowing your assets” enables organizations to tailor security measures to the specific risks associated with every asset. Ensuring an organization’s assets are protected by the most appropriate security measures. Therefore “Knowing your assets” is considered one of the best defenses in cybersecurity.
Phishing Attacks Get More Sophisticated
Phishing attacks are becoming increasingly sophisticated as cybercriminals develop new tactics to evade detection and trick unsuspecting individuals into providing sensitive information or access to systems. These attacks often begin with malicious emails, text messages, or social media posts that appear to be from a legitimate source, such as a bank, government agency, colleague, or friend. They may include links to fake websites or attachments that contain malware. The attackers then use the information they obtain to steal identities, access financial accounts, or launch further attacks. In addition to becoming more sophisticated, a study conducted by SlashNext in October 2022 revealed a significant increase in the rate of phishing attacks. The study analyzed billions of links, attachments, and messages in email, mobile, and browser channels during six months and found over 255 million attacks. According to a CNBC article published earlier in the year, this represents a 61% increase in the rate of phishing attacks compared to the previous year.
Security Is Not a One and Done
Maintaining cybersecurity within an organization is an ongoing endeavor that necessitates constant vigilance and efforts to safeguard against cyber attacks. A critical element of an organization’s cybersecurity program is to identify and mitigate any weaknesses in its systems and network. It is crucial to frequently apply software patches, deploy firewalls and other security solutions, test backups, and employ encryption to protect sensitive data at rest or in transit.
Another essential aspect of an organization’s cybersecurity program is employee education and awareness. Employees should receive cybersecurity awareness training on regular bases. The training should instruct employees on strong passwords, avoiding phishing scams, and identifying suspicious activity. Organizations should also have a clear and well-communicated policy for cybersecurity that outlines expectations for employee behavior and the consequences of non-compliance.
Actively monitoring the environment for suspicious activity is crucial for an organization’s cybersecurity program. Organizations require various tools such as intrusion detection and prevention systems, security information and event management (SIEM) systems, and threat intelligence feeds to detect unusual activity on their networks. They also require highly trained staff to operate and maintain these systems.
Organizations must also have an incident response plan to respond to security incidents effectively and promptly. This plan contains the necessary procedures to be followed during a cyber attack. Some examples of these procedures include steps needed to isolate affected systems and how to restore a system from backups, as well as identifying the responsible parties for coordinating and communicating during an incident.
Board-Level Concerns Increase on Cybersecurity, And So Does Pressure for CIOs
Facebook, Uber, and Google are all well-known technology companies, but they also share another commonality: they have all been affected by cyber breaches. The seemingly endless list of high-profile data breaches in recent years has led to increased concern about cybersecurity at the board level. Increasing the pressure on CIOs and other senior leaders to ensure that their organization’s cybersecurity measures are adequate and effective. The growing awareness of the financial and reputational risks associated with cyber attacks, along with the need to protect sensitive data and critical infrastructure, are contributing factors in the increased pressure on CIOs. CIOs are often in charge of implementing and managing the organization’s cybersecurity strategy, which includes ensuring the organization’s systems, networks, employees, and customers are adequately protected against cyber attacks.
Without a doubt, cybersecurity will remain a growing concern. Organizations should work with qualified experts in this highly specialized area to develop and implement the right strategies to protect their best interests.
Jesus Pena is the executive vice president and chief experience officer of United Data Technologies (UDT). He may be reached at [email protected]
This article was originally published on Daily Business Review on May 2, 2023 by Jesus Pena. https://www.law.com/dailybusinessreview/2023/05/02/growing-cybersecurity-threats-put-organizations-at-increased-risk/