CS Jan-Feb 2024

More documents

Recommendations

Info

training SAFEGUARDING HR IN THE AGE OF INCESSANT THREAT ROBERT O'BRIEN OF METACOMPLIANCE HIGHLIGHTS HOW DEPARTMENTAL CYBER SECURITY TRAINING CAN HELP PROTECT AGAINST THE RELENTLESS CYBER THREATS FACED BY HR TEAMS MetaCompliance chief evangelist Robert O'Brien: AI-related cybercrime has led to a surge in targeted attacks, with the human resources department of particular focus. Imagine that you had the opportunity to hire a talent management professional whose qualifications were unparalleled, suggests Robert O'Brien, chief evangelist, MetaCompliance. "They possess not only an in-depth understanding of HR systems, people management processes and recruitment strategies, but also an extensive knowledge of sociology, behavioural economics and a myriad of other skills. Enter the era of AI, the epitome of this visionary professional." Whether you embrace it or resist it, AI is an indomitable force that is here to stay, he points out, with its impact set to dwarf the transformative influence of the internet in the workplace. "The world of tomorrow, shaped by AI, will make our current interactions with technology seem as rudimentary as child's play." Most organisations are currently grappling with the challenges posed by employees incorporating AI, such as chatbots and GPTs, into their daily work routines, O'Brien continues. "These challenges encompass a wide array of issues, with two critical concerns rising to the surface: PR vulnerability and the fallibility of AI responses, which are at the forefront of the problems organisations must navigate as they embrace AI adoption. "On the flip side, cybercriminals exhibit no hesitation in embracing AI and are eagerly leveraging this technology to amplify their assaults on organisations, motivated by both mischief and financial gain." For specific departments in the organisation, this enthusiasm for AIrelated cybercrime has led to a surge in targeted attacks, with the human resources department of particular focus. Cybercriminals are harnessing the wealth of knowledge provided by AI to impersonate HR personnel, their trusted suppliers and other high-ranking executive functions. This deception enables them to infiltrate confidential data stores and exploit the authority of the HR department, often manipulating privileged interactions within the organisation for their deceitful ends." SURGE IN ATTACKS ON HR Traditionally, cyber threats involved remote hackers employing social engineering techniques or leveraging vulnerabilities in outdated software systems," states O'Brien. "While these methods are still prevalent, the advent of AI technology has opened a Pandora's box of possibilities for cybercriminals. This evolution is driven by the increased sophistication of AI, allowing it to automate and enhance the effectiveness of various cyberattack vectors. "The potential consequences of AIdriven attacks are nothing short of alarming. We're no longer dealing solely 14 computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk
training LEFT: The increased sophistication of AI has allowed it to enhance the effectiveness of cyberattack vectors. with stolen passwords or isolated cyber incidents. Instead, we face a multi-faceted threat landscape that can have devastating repercussions for organisations and individuals alike. Among these consequences, three aspects loom large: data breaches, reputational damage and legal implications. Each poses a unique set of challenges for HR teams and the organisations they serve." He adds: "In a survey conducted in August 2023, involving 205 IT security decision-makers, undertaken by a prominent pan-European cyber security organisation, it became evident that mounting concerns surround the use of AI, with deepfakes taking centre stage. A staggering 68% of the respondents expressed apprehension regarding cybercriminals exploiting deepfake technology to breach their organisations, skilfully circumventing people's natural defences." HACKERS AND THE DARK WEB And he cautions: "Hackers now have their own AI arsenal and it goes by the name of WormGPT. Drawing from a vast corpus of human-generated text, WormGPT crafts content that is remarkably convincing, enabling it to masquerade as a trusted figure within a business email system. Unbelievably, hackers can gain access to WormGPT by subscribing through the dark web, granting them entry to a web interface where they can input prompts and receive responses that closely mimic human communication. "Primarily designed for phishing emails and business email compromise attacks, tests conducted by researchers uncovered that this chatbot possesses the ability to draft a persuasive email, seemingly from a company's top executive, coercing an employee to pay a fraudulent invoice, for example." Confronted with these ever-evolving threats, the question, he says, is this: what can HR leadership do to shield their teams from such threats? "First and foremost," he points out, "it's crucial to acknowledge that HR departments stand as prime targets for cybercriminals. These departments manage personal data and hold confidential information that is immensely valuable to malicious actors. Moreover, other parts of the organisation often take their cues from HR, making it a tempting gateway for cybercriminals to exploit their access to the broader network." The first step in fortifying your HR team against these threats is to initiate a dialogue with HR team members, he says. "Educate them on how they are being specifically targeted and empower them with the knowledge needed to thwart these scams. It's vital that this training is tailored to your organisation, taking into account the unique roles and responsibilities of your employees. "Ideally, this training should be tailored to the HR department, highlighting the unique threats to the HR team and what they can do to avoid them." VITAL TRAINING COMPONENT To make this training even more impactful, it should be delivered in the trainee's native language. "By doing so, you reduce resistance and enhance engagement, making it a vital component of their cyber security awareness. Ultimately, this personalised approach to security awareness is your best defence in safeguarding your HR department from the relentless tide of AI-driven cyber-attacks," he concludes. MetaCompliance's new departmental cyber security training series is designed to address 12 common cyber threats and specifically tailored to eight departments, including marketing, sales, finance, procurement, human resources, privileged users, legal and executive teams. To learn more about the series, visit: https://www.metacompliance.com/depa rtmental-series www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security 15
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Bernard Montell. HORNETSECURIT
Page 8 and 9: news Sukru Ilker Birakoglu. SUPPORT
Page 10 and 11: 2024 predictions THROUGH THE ‘LUR
Page 12 and 13: 2024 predictions Aaron Kiemele, Jam
Page 16 and 17: cybersecurity THE TOP-LEVEL FIBRE B
Page 18 and 19: artificial intelligence AI - WHERE
Page 20 and 21: artificial intelligence Gareth Lock
Page 22 and 23: phishing PHISHING FOR THE ANSWERS D
Page 24 and 25: ansomware WE SHALL NOT BE MOVED! SE
Page 26 and 27: ansomware Raja Patel - Sophos: cybe
Page 28 and 29: attack… attack POINT OF IMPACT IN
Page 30 and 31: attack… attack Amit Sinha, DigiCe
Page 32 and 33: cybercrime STAYING ABOVE THE WATER
Page 34 and 35: cybercrime crisis is behind us, the
Page 36: Computing Security Secure systems,

CS Jan-Feb 2024

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?