Commentary: Great, Now We Need AI to Fend Off AI Hacking
Cybersecurity experts explain how to fight back against sophisticated attacks – and what’s coming in the near future.
I‘m finding AI useful as an idea generator – sometimes a starting point and sometimes a supplement to my own thinking – and I’m going to continue experimenting. If you want to explore the ways you can use AI now at your company or in your life, I recommend reading highlights from a session at our AI Hawai‘i Summit from our September issue.
But if you want to understand how to avoid some of AI’s newest cybersecurity threats to your organization and your family, keep reading here.
The moderator of the cybersecurity session, Kelly Ueoka, president of local IT provider Pacxa, described scary new ways that AI was used in a $25 million fraud case that was first reported in February.
A Hong Kong employee of a multinational design and engineering company called Arup was duped by deepfake voices and images on a video call that were so realistic that he thought he was seeing and talking to his CFO and other colleagues.
Create Your “Safe Word”
Another panelist at our cybersecurity session, Natalie Kim, senior counsel at OpenAI, said a “safe word” can offer another layer of protection against these sophisticated, AI-enabled fraudsters.
“People should have a safe word with their family so that if they’re ever in a situation like that, they can use the safe word and confirm who it is,” she said.
Safe words can be used in organizations, too, though they would have to change when people leave the organization. In any case, be prepared. “It doesn’t matter the size of your business, doesn’t matter how sophisticated you are, everyone can be a target,” Kim said.
Panelist Summer Rankin, AI solution architect at Booz Allen Hamilton, said the Hong Kong scam was “light-years” ahead of the cyberattacks we had been used to. So keeping up to date with what AI is capable of doing, she said, gives people and companies a better idea of what the next cutting-edge cyber fraud attack might look like.
Also understand the rules governing the software and platforms you use. “If I’m using a free version, it’s likely that what I put into it is not private. If it’s free, your data is their product. In fact, that may be the case even when you are paying for something,” Rankin said.
“So if you have a safe word with your family, don’t email it to each other,” she added. That got a lot of laughter from the audience, but dumb things like that can happen when we aren’t thinking about how easily much of our private lives can end up as public information.
How to Protect Your Data
Ueoka asked Matthew Joseff, global director for security, fraud and compliance at Splunk, a digital security company acquired this year by Cisco, how companies can prevent their data from leaking out.
Joseff provided a step-by-step guide. “Number one, define what you’re protecting. Data could be credit card numbers, Social Security numbers, 92% of global currency is data. So banks are data companies, not just money companies,” he said.
“Next, where is that data? For smaller businesses, it’s easier to take an asset inventory than for larger businesses. How do you make data secure if you don’t know where it is?”
And if data is your most valuable product, you need to start acting with the right mindset to protect it, he said. He makes the point by describing the elaborate security in some companies’ lobbies: guests require government-issued ID, need badges; there are guards, cameras, maybe metal detectors.
But if I’m a hacker, “I don’t need to go to your office,” he said. So spend the money necessary to provide security for your data.
The final thought comes from Ueoka, but it’s not something he said at the AI Summit. It’s something he told Staff Writer Shelby Mattos for her September outsourcing story.
“I think that within the next 12-24 months, we might see an influx of companies having to adopt AI because they will be getting attacked by AI,” he warned.
