CS Jan-Feb 2024
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
training<br />
LEFT: The increased sophistication of AI<br />
has allowed it to enhance the effectiveness<br />
of cyberattack vectors.<br />
with<br />
stolen<br />
passwords<br />
or isolated cyber<br />
incidents. Instead, we face a<br />
multi-faceted threat landscape that can<br />
have devastating repercussions for organisations<br />
and individuals alike. Among<br />
these consequences, three aspects loom<br />
large: data breaches, reputational<br />
damage and legal implications. Each<br />
poses a unique set of challenges for HR<br />
teams and the organisations they serve."<br />
He adds: "In a survey conducted in<br />
August 2023, involving 205 IT security<br />
decision-makers, undertaken by a<br />
prominent pan-European cyber security<br />
organisation, it became evident that<br />
mounting concerns surround the use of<br />
AI, with deepfakes taking centre stage.<br />
A staggering 68% of the respondents<br />
expressed apprehension regarding cybercriminals<br />
exploiting deepfake technology<br />
to breach their organisations, skilfully<br />
circumventing people's natural<br />
defences."<br />
HACKERS AND THE DARK WEB<br />
And he cautions: "Hackers now have their<br />
own AI arsenal and it goes by the name<br />
of WormGPT. Drawing from a vast corpus<br />
of human-generated text, WormGPT<br />
crafts content that is remarkably<br />
convincing, enabling it to masquerade as<br />
a trusted figure within a business email<br />
system. Unbelievably, hackers can gain<br />
access to WormGPT by subscribing<br />
through the dark web, granting them<br />
entry to a web interface where they can<br />
input prompts and receive responses that<br />
closely mimic human communication.<br />
"Primarily designed for phishing emails<br />
and business email compromise attacks,<br />
tests conducted by researchers uncovered<br />
that this chatbot possesses the ability<br />
to draft a persuasive email, seemingly<br />
from a company's top executive, coercing<br />
an employee to pay a fraudulent invoice,<br />
for example."<br />
Confronted with these ever-evolving<br />
threats, the question, he says, is this:<br />
what can HR leadership do to shield their<br />
teams from such threats?<br />
"First and foremost," he points out,<br />
"it's crucial to acknowledge that HR<br />
departments stand as prime targets<br />
for cybercriminals. These departments<br />
manage personal data and hold confidential<br />
information that is immensely<br />
valuable to malicious actors. Moreover,<br />
other parts of the organisation often<br />
take their cues from HR, making it a<br />
tempting gateway for cybercriminals<br />
to exploit their access to the broader<br />
network."<br />
The first step in fortifying your HR team<br />
against these threats is to initiate a<br />
dialogue with HR team members, he<br />
says. "Educate them on how they are<br />
being specifically targeted and empower<br />
them with the knowledge needed to<br />
thwart these scams. It's vital that this<br />
training is tailored to your organisation,<br />
taking into account the unique roles<br />
and responsibilities of your employees.<br />
"Ideally, this training should be<br />
tailored to the HR department, highlighting<br />
the unique threats to the HR<br />
team and what they can do to avoid<br />
them."<br />
VITAL TRAINING COMPONENT<br />
To make this training even more<br />
impactful, it should be delivered in the<br />
trainee's native language. "By doing so,<br />
you reduce resistance and enhance<br />
engagement, making it a vital component<br />
of their cyber security awareness.<br />
Ultimately, this personalised approach<br />
to security awareness is your best<br />
defence in safeguarding your HR<br />
department from the relentless tide of<br />
AI-driven cyber-attacks," he concludes.<br />
MetaCompliance's new departmental<br />
cyber security training series is designed<br />
to address 12 common cyber threats<br />
and specifically tailored to eight<br />
departments, including marketing,<br />
sales, finance, procurement, human<br />
resources, privileged users, legal and<br />
executive teams.<br />
To learn more about the series, visit:<br />
https://www.metacompliance.com/depa<br />
rtmental-series<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
15