IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
ArtificiaI intelligence cyber threats in the spotlight
Tue, 17th Oct 2023

CybeReady, a global leader in security awareness training, has highlighted the growing threat of AI cyberattacks as Cybersecurity Awareness Month returns this month. 

To educate organisations about these threats, the company has developed new AI Cyber Threat CISO Toolkits and other materials to help organisations educate their employees about AI-powered threats wielded by hackers intent on infiltrating corporate IT. 

The digital landscape is becoming an increasingly treacherous minefield, with cybercriminals evolving their strategies at an alarming rate. Employees should be on high alert for AI-engineered phishing scams that manipulate them into revealing sensitive information; ransomware that encrypts vital data; deep fakes that impersonate legitimate entities, and automated bot attacks aimed at exploiting system vulnerabilities. 

As AI becomes more prevalent, the distinction between genuine and malicious content is now more difficult to assess for legitimacy. Therefore, it's imperative to arm employees with the right knowledge and tools.

Unveiled during Cybersecurity Awareness Month, the CybeReady AI Toolkits are educational tools designed to protect organisations against the disruptive potential of maliciously orchestrated Large Language Models (LLMs) and Generative AI enabled attacks. 

While AI is propelling advancements in threat detection and response, threat actors are also exploiting it to mastermind sophisticated cyber weaponry. In response, CybeReady is providing CISOs with a trove of resources that include The Dark Side of AI at Work CISO Training Kit; AIs Game-Changing Impact on Hackers CISO Toolkit, and Workplace Training Posters with 7 Digital Illustrations featuring AI Cyber Safety Tips .
CybeReady experts have put forth these exhaustive guides to navigate and counter such threats by helping to:

Verify Email Authenticity: In the age of AI-powered email spoofing and phishing campaigns, it is paramount to maintain a discerning eye. Always inspect the sender's email address and cross-reference with known addresses or previous communications. Even slight discrepancies can be a tell-tale sign of an imposter. If in doubt, consider directly reaching out to the sender through another communication method to verify the email's legitimacy.

Identify Deceptive Links: Threat actors often embed misaligned or harmful URLs within seemingly innocent texts or emails. Always hover over hyperlinks in unfamiliar communications to preview the destination address. A mismatch between the hyperlink text and its URL or a URL that looks suspicious are red flags.

Safeguard Personal Identifiers: AI tools, while powerful, can also be manipulated to extract or misuse information. When interfacing with these tools, especially those accessible to the public, ensure you exclude personal identifiers such as names, addresses, social security numbers, or any identifiable data. This helps in minimising the risk of personal data leaks or misuse.
Limit Exposure of Sensitive Information: AI algorithms can be eerily good at stitching together bits of data to form a comprehensive picture. It's vital to remain cautious and refrain from inputting sensitive financial details, proprietary source code, or internal communications into AI prompts, especially those that are cloud-based or publicly accessible.
Protect Corporate Secrets: Company strategies, trade secrets, and internal blueprints are invaluable. Disclosing such information, even inadvertently in AI systems, can expose the organisation to competitive risks or potential breaches. Ensure that these details remain confidential and are kept out of platforms that could be compromised or mined for data.
"The intricacies of AI-driven cyber threats are making it much more difficult to identify todays digital threats, posing serious challenges, even for the most tech-savvy employees and organisations," says Michal Gil, Head of Product at CybeReady. 

"As this situation evolves, the lines between genuine interactions and malevolent intents blur, making it critical to foster a strong culture of security to ensure every digital engagement is conducted with discernment. Our CISO Training Toolkits, educational materials, and Security Awareness Training solution provide employees with the ability to stop these threats from progressing."