Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
Tuesday
Tuesday

How generative AI Is expanding the insider threat attack surface

Hi All

 

As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.

In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools powered by GenAI. It’s not just chatbots they’re investing in either, but image synthesizers, voice cloning software and even deepfake video technology for creating virtual avatars.

We’re still some way off from GenAI becoming indistinguishable from humans. Even if  — or perhaps when — that actually happens, then the ethical and cyber risks that come with it will continue to grow. After all, when it becomes impossible to tell whether or not someone or something is real, the risk of people being unwittingly manipulated by machines surges.

 
Reply
0 Kudos
1 Reply
leekimjd
Newcomer III
Wednesday
Wednesday

These are good points. And yet we need to also consider the fact that many organizations do not have a formal insider threat program.

 

This leads to even greater weaknesses in an organization's security program as it relates to:

(1) social engineering
(2) synthesized/fake content

 

But the best defense against all of this? (In addition to having specific written formal policies and procedures that are aligned with best practices in insider threat detection and mitigation...):

(1) critical thinking

(2) communication (including information sharing and knowing what the official communication channels are)

 

If we lose sight of both, we will literally have nothing left to defend.

 

[* The basis of most of these points is the annual HIMSS cybersecurity survey that I have authored since 2013 asking questions including those relevant to insider threat and also collaborating with CERT/CC colleagues that do insider threat research.]

 

Lee Kim

ISC2 board of directors candidate

www.linkedin.com/in/leekim

Reply
0 Kudos