Artificial intelligence (AI) has the potential to revolutionize many aspects of our lives, including how we approach cybersecurity. However, it also presents new risks and challenges that need to be carefully managed.
According to Google Trends, which looks at the popularity of search terms, in less than 90 days it’s gone from no interest to peak interest of 100%
What is ChatGPT?
ChatGPT is a highly sophisticated generative AI chatbot powered by OpenAI’s GPT 4 large language model (LLM) and it’s becoming very useful for cybercriminals.
Basically, it’s a computer program that can understand and “talk” to us in a way that’s very close to an actual human — a highly knowledgeable human, who knows around 175 billion pieces of information and can recall any of them almost instantly.
It gives you exactly what you ask for — which is useful when crafting phishing emails.
How is ChatGPT used maliciously?
Some cybercriminals, even the inexperienced, are now writing software and emails that could be used maliciously.
For example, with phishing scams, users can be encouraged to click on a malicious link, that exposes passwords or sensitive personal data such as bank account information.
How can you guard against the malicious use of ChatGPT?
Just because you haven’t suffered an attack using ChatGPT yet, doesn’t mean you won’t in the very near future. We haven’t seen full weaponization or utilization of the technology yet.
Those using ChatGPT maliciously know it’s so new they can surprise companies in the short term.
Every organization needs to make sure that they have strong IT threat protection and that they’re updating them on a regular basis. It’s important to make sure users are on the look out and verify links in emails that can look very convincing. There is an increasing probability that someone will get tricked, so every company needs to protect themselves.
Make sure your users are on the lookout and verifying links in all emails. With ChatGPT, malicious emails will be very convincing and there is a high probability that someone will get tricked. By implementing cybersecurity awareness training now, you can help ensure your organization is ready to protect itself when the inevitable occurs.
AI in general is driving such a change and shift in the IT security industry that this is the time to reevaluate your threat model so that you can recognize where you may be lacking, where maybe you need to improve some specific defenses to be more aggressive in preparation for these attacks.
Have questions or want to learn more?
We can help protect against ChatGPT risks as well as many other cyber security issues.
To learn more visit the IT and cybersecurity section of our site or get in touch with us for a no-obligation consultation.
Kevin joined WIN Technology in 2009 and is currently responsible for establishing and maintaining the company wide information security programs at WIN, which includes security operations, incident response, vulnerability management, identity management, network security, server security, cloud security, disaster recovery, risk management, security policies & procedures, red team efforts (offensive attack simulation), blue team efforts (defensive monitoring and mitigation efforts), governance and compliance. He holds 9 cyber security certifications from the SANS / GIAC. The certifications are: GXPN, GPEN, GCDA, GCED, GCIH, GPYC, GWAPT, GDAT, GAWN.