GenAI is changing security needs

            Online crime was already equivalent to the world’s third-largest economy during the pandemic. Now,
            generative AI and automation give organized criminals the means to create more realistic-looking attacks,
            develop new types of attacks, and automate attacks at scale, even without coding and writing skills. For
            example, the Association of Certified Fraud Examiners site shows how easy it is to use ChatGPT to
            create a realistic-looking security warning email that fraudsters could use to impersonate a business and
            steal account login credentials.

            GenAI-powered  bots  can  also  help  scammers  to  identify  high-value  targets  and  engage  with  them
            conversationally to build trust before defrauding them. These kinds of attacks–especially when they’re
            used  to  impersonate  brands  and  ecommerce  sites–have  the  potential  to  erode  rising  consumer
            confidence in ecommerce.

            From 2022 to 2023, according to ClearSale’s consumer attitudes survey data, the portion of U.S. and
            Canadian consumers who said that they had been deterred from making an online purchase because
            they didn’t know if the online store was legitimate dropped from 52% to 24%. That’s a testament to the
            work that businesses, payment processors, and fraud prevention teams have put into making ecommerce
            a safer experience.

            If AI-generated impostor sites and emails succeed in defrauding a higher percentage of online shoppers,
            more people will hesitate before doing business with companies online. That will result in less online
            revenue and higher customer acquisition costs, along with a decrease in ROI on existing ecommerce
            investments.



            Keep your culture open to GenAI’s defensive possibilities

            Organizations that want to detect and deflect GenAI-powered security threats need to leverage AI for
            defense. Because of AI’s powerful pattern-recognition capabilities, it’s the most efficient way to identify
            the subtle indicators of GenAI-created messages, other media, and sites. For example, one AI-based
            model for detecting insurance fraud finds three times as many fake claims as legacy fraud-screening
            tools.

            Rather than dismissing GenAI because of its current flaws, cultivate support for properly supervised
            innovation with these emerging tools. That way, your organization is less likely to fall behind as GenAI
            threats and defenses advance.



            Public companies face new security accountability

            2024 is the first full year that publicly traded companies in the U.S. must disclose cybersecurity incidents
            within four business days of determining that an incident is material. The new rule took effect in December
            2023 and requires that these incident disclosures “describe the material aspects of the nature, scope,
            and timing of the incident, as well as the material impact or reasonably likely material impact of the
            incident on the company, including its financial condition and results of operations.”




            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          126
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.