Defending your organisation against growing cybersecurity threats

From deepfakes to rogue AI, the threats facing organisations are evolving faster than most teams can keep up

From deepfakes to rogue AI, the latest cybersecurity threats are evolving faster than most organisations can keep up.

In January, the World Economic Forum released its updated Global Risks Report. Its over 1,300 respondents ranged across academia, business, government and international organisations, and they were asked what they saw as the greatest global risks in the next two and 10 years.

Some of the largest threats they saw looming were technological risks going largely unchecked. These included misinformation and disinformation, cyber insecurity and adverse outcomes of AI.

These are trends that leaders across public and private sectors are asking us to help prepare their teams for at Polpeo.

We’re in a time of rapidly changing technology combined with increased societal polarisation. A time when nations and political leaders use deepfakes and AI videos to fight their propaganda wars.

AI is also being used by cyberattackers to create sophisticated deepfakes, social engineering attacks and phishing emails. These are threats that are becoming an increasing risk that all organisations need to proactively prepare for.

The threats organisations face

First, let’s get some clarity on what these threats look like.

Social engineering is a tactic used by cyberattackers to gain the trust of people who have access to the organisation’s systems. This can mean gathering information about others in the company to create a convincing deepfake or phishing email.

Insider threats: people can be manipulated by gangs who get to know them over weeks or months and try to gain information or access to company systems. Sometimes it’s not a case of manipulation, but someone who works for the organisation and who has a grudge – maybe they feel mistreated, overlooked or that the organisation is doing something against their values. They decide to use their insider knowledge to attack, or help others attack, the organisation.

Deepfakes: we’re seeing more deepfakes used to trick people into parting with money or information. Deepfake videos can be created from just one photo of a person, the scammer putting the photo through an AI tool, using a voice sample from the person and giving it a script to create a convincing video. Cybercriminals are even using AI tools to mimic people on video calls. As we’ve seen in cases like Arup, where an employee transferred HK$200m (approximately £20m) to a person he thought was the CFO after a video call with a deepfake, these threats are very real and can have significant consequences.

Misinformation and disinformation: deepfakes can also be used as part of disinformation campaigns. Someone creates false information about a person or organisation and posts it on social media. This can then be spread by people who believe it, creating a wider misinformation problem.

Rogue AI: more organisations are expecting their employees to use AI as part of their jobs, and while there are many benefits to the technology, it needs safeguards in place to mitigate the risks involved. We’re seeing more cases of AI agents violating their rules – in one case deleting a company’s entire database in nine seconds and in another deleting 2.5 years of development work.

These are just some of the latest threats out there, and new threats are emerging at a rapid pace. They’re becoming more complex, originating from the supply chain and could even involve company data that employees are adding to AI tools they use in a personal capacity to help them do their jobs.

The risks posed by these new technologies mean the entire organisation needs to be aware of the latest threats and prepared to deal with them.

Organisations need employees who know the threat posed by deepfakes; feel safe enough to challenge someone claiming to be a leader in their organisation; can admit their mistakes without fear; understand the escalation process they need to start when they suspect something is wrong; can stop themselves from panicking when faced with a potentially worrying situation; can go to their managers with concerns and be heard respectfully; and have no problem following the processes the organisation has in place rather than taking risky shortcuts because they feel under pressure.

I’ve taken many teams through crisis training exercises that have shown them the worst-case scenarios of what can happen when technology is used against them. I’ve seen how people can do a fantastic job of protecting the organisations they work for – they just need the right tools and training for the job.

ABOUT THE AUTHOR
Tamara Littleton
Tamara Littleton
RELATED ARTICLES
Share via
Copy link