In less than a week after launch, ChatGPT had reached an audience of one million. Within two months the number was 100 million.
The fastest growing app in history is arguably a game changer for productivity, learning, creativity and business in general and at the same time, according to some of AIs founding fathers, the greatest threat to humanity.
Whilst we are reliably and thankfully informed that any existential threat from AI isn’t imminent, the news isn’t so good for businesses. In the world of cyber security, AI has democratised cyber terrorism.
With ChatGPT anyone can create malicious code or write phishing emails without any prior technical or coding expertise.
Adoption of AI by cyber criminals increases the potential threat of attack to business and at the same time makes cyber protection more complex than it already is.
Last month, I talked about the threat to business from ransomware and business email compromise, the results of which can inflict serious pain to businesses and organisations.
With AI at their disposal, cyber criminals can now write more credible and believable email content, with little effort.
ChatGPT can transform any kind of content, removing poor spelling, punctuation and improving grammar.
More worryingly, ChatGPT has the ability to mimic different communication styles and tonality. On his podcast, Blindboy Boatclub has programmed ChatGPT to write content for him in the tone of Charles Stewart Parnell. Funny if it wasn’t so serious.
The influence of AI means that emails are no longer strewn with comedic errors.
They have become more authentic and believable. Targeting has improved and the frequency of attack is more relentless than ever.
This sophistication, ingenuity and intensity comes at no extra cost to the cybercriminal.
Compare that to the cost – financial or reputational - of a breach to your business or organisation.
Human error is the single biggest threat to protecting your business from cybercrime and thanks to AI, that vulnerability is being exploited even more.
Right now your business might have the best cyber security defence system in place that money can buy but it only takes a momentary lapse in concentration by any employee and your defences are breached.
Realistically the majority of you don’t have the best cyber security defence system that money can buy. (Does that system even exist?).
At LoughTec we have seen a lot of damage caused by ransomware breaches through the ‘old school’ emails, never mind the AI generated content.
The advice we give to our customers remains as follows:
Train your staff: Keep your employees up to speed with the latest threats and technologies. Make sure they are vigilant and know what to look out for.
Back up your data: Make sure that important business data is regularly backed up, ideally to the cloud.
Good patch management: make sure your system software and applications are all up to date.
Trust no email: Be wary of email from unknown sources and ensure employees do not upload files or click on strange links.
We encourage our customers to assume that they have already been breached or compromised already.
It’s a mindset change that is far removed from “it will never happen to us” and it helps to give clarity and focus to what lies within your control.
If human error remains as one of the greatest threats to the cyber security posture of any business or organisation then surely the burden is on the business owner or leader to minimise that threat.
On-going cyber training is one preventative measure you can take right now to ensure that staff not only know what to look out for but they know what actions to take if necessary.
Sean McDermott is the CEO of LoughTec.
