Source: ITPro Today - ChatGPT and Cybersecurity: The Good, the Bad, and the Careful (Publication Date: March 15, 2023)
Despite its benefits, ChatGPT has opened a Pandora’s box of security risks. Here’s what to know about protecting your company from criminal exploitation of AI-based chatbots.
The Good: How Companies Benefit From AI, Done Right
Companies are using AI for many purposes, including improving internal and customer-facing searches and employee productivity. AI usage is expected to grow significantly, with Gartner predicting that by 2025, 30% of outbound marketing messages from organizations will be generated using AI, up from just 2% in 2022.
Randy Lariar, practice director of big data, AI, and analytics at Optiv, notes:
“[ChatGPT] takes things to another level. [You can] ask it anything you’re thinking about and [get] an answer that’s at least as good as an intern or entry-level worker could provide.”
Lariar also points out that ChatGPT can help security and IT professionals:
“Now you’ve got ChatGPT, which takes that same kind of workflow, but you can now talk to it.”
Companies can use AI to strengthen cybersecurity defenses by:
- Inferring patterns from incomplete or changed data
- Reducing false positives
- Identifying and responding to attacks
- Creating better security detections
The Bad: How AI-powered Chatbots Could Aid Cybercriminals
Despite its benefits, ChatGPT gives threat actors more ways to do harm:
- Crafting more convincing phishing emails
- Stealing passwords, software codes, and sensitive corporate data
- Writing malware and ransomware
- Probing and penetrating networks
- Circumventing security controls
The Careful: Protecting Organizations From AI-based Threats
To protect against AI-equipped criminal efforts, organizations should consider:
- Implementing strong authentication measures
- Educating users on responsible AI use
- Studying AI frameworks like MITRE ATLAS and NIST’s AI Risk Management Framework
- Anticipating new AI-based cybersecurity products
As Lariar suggests:
“We’re still in the early days, but companies that are relying on AI more and more are likely to introduce new attack surfaces.”
The most effective way to combat AI-based threats may be with AI itself, developing tools to evaluate and determine whether content is fake or not.