Hi All
As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.
In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools powered by GenAI. It’s not just chatbots they’re investing in either, but image synthesizers, voice cloning software and even deepfake video technology for creating virtual avatars.
We’re still some way off from GenAI becoming indistinguishable from humans. Even if — or perhaps when — that actually happens, then the ethical and cyber risks that come with it will continue to grow. After all, when it becomes impossible to tell whether or not someone or something is real, the risk of people being unwittingly manipulated by machines surges.
https://securityintelligence.com/articles/generative-ai-insider-threat-attack-surface/
Regards
Caute_Cautim
These are good points. And yet we need to also consider the fact that many organizations do not have a formal insider threat program.
This leads to even greater weaknesses in an organization's security program as it relates to:
(1) social engineering
(2) synthesized/fake content
But the best defense against all of this? (In addition to having specific written formal policies and procedures that are aligned with best practices in insider threat detection and mitigation...):
(1) critical thinking
(2) communication (including information sharing and knowing what the official communication channels are)
If we lose sight of both, we will literally have nothing left to defend.
[* The basis of most of these points is the annual HIMSS cybersecurity survey that I have authored since 2013 asking questions including those relevant to insider threat and also collaborating with CERT/CC colleagues that do insider threat research.]
Lee Kim
ISC2 board of directors candidate