What can we do to ensure protection against generative AI-created imposters posing as a company official and providing directives and guidance to staff and vendors?

130 views3 Comments

CIO in Telecommunication, 1,001 - 5,000 employees
I've only seen this occurring through email (so far), so strong Policies against employees at all levels only using internal email for company business, combined with secure email defenses that automatically block emails with impersonated credentials is a good start.
Director of Technology Strategy in Services (non-Government), 2 - 10 employees
Same things you would do to ensure protection from human imposters - train your staff on what to look out for and give them a means to report issues.

  This is not a new risk, Generative AI is a new tool to reduce the effort for Scammers.
Head of Transformation in Government, 501 - 1,000 employees
There is a lot to learn from the military. But fundamentally training, training, training. We are going to have to assume that this sort of phishing, including realistic video or phone calls will continue, but just like today's state of the art email phishing there will always be small signs that employees should be trained to detect. 
Releasing a payment, releasing confidential payment, allowing access to confidential information, and similar high impact transactions should be protected by specific and advanced training. For some organisations it may be necessary to include rotating keywords as human safeguards on impactful transactions as it is highly unlikely that the AIphisher will be able to stay on top of such data sets - unless more significant penetration has already occurred.
So generally, many layers of monitoring and zero-trust policies (which address people factors as well as technology ones) for anything that truly needs protection.
For the stuff that doesn't really matter in damages... well, it's kind of like other things in life, we are just going to have to get used to a little more embarassment and less privacy in the 21st century when someone goofs. 

Content you might like

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.7k views131 Upvotes319 Comments