Social Engineering and Cyber Attacks in the era of AI
- Cyber attacks are the intentional exploitation of computer systems, networks, and businesses by malicious actors. Social engineering is a type of cyber attack that involves manipulating or deceiving people into performing actions or divulging information that benefits the attacker. Cyber crime is any illegal activity that involves a computer, a network, or a device. AI is the simulation of human intelligence processes by machines, especially computer systems. AI can be used for both defensive and offensive purposes in cyber security.
- AI-driven cyber attacks are a new and emerging threat that use AI techniques to improve the speed, sophistication, and stealth of cyber attacks. AI-driven cyber attacks can leverage generative AI models, such as ChatGPT, to create realistic and convincing social engineering emails that can bypass spam filters and trick human recipients into clicking malicious links or attachments.
- Cybercriminals stole $6.9 billion in 2021 using social engineering to break into remote workplaces, according to an annual FBI report. The report highlights how remote communication and virtual meetings can leave businesses and individuals vulnerable to social engineering attacks by fraudsters who impersonate trusted contacts or authorities using phone calls, emails, or text messages.
Cyber-Attacks in the era of AI
- AI can help detect and prevent social engineering attacks by using machine learning, natural language processing, and deepfake detection techniques.
- But AI can also be used by cybercriminals to launch more sophisticated and convincing social engineering attacks by using generative AI models, such as ChatGPT, to create realistic and personalized emails, voice calls, text messages, or videos that impersonate trusted sources or authorities.
Here are some possible ways to protect yourself from AI-driven cyber attacks:
- Use AI-enabled detection tools that can identify and respond to AI-powered attacks in real time, such as Darktrace’s Antigena.
- Use security awareness training and education to help employees recognize and avoid social engineering emails that may use generative AI models to mimic legitimate communications.
- Use encryption, authentication, and backup solutions to protect your data and systems from unauthorized access or tampering by AI-driven malware attacks.
Social Engineering: A Growing Threat to Your Cyber Security
These days, pretty much everyone is aware that cyber security attacks are happening more frequently to businesses both small and large across the nation. Most people’s thoughts turn to hackers breaking through your firewall and stealing your data, but in reality, human error is one of the leading causes of security breaches today. Social engineering attacks have become one of the sneakiest yet easiest ways an outsider can gain access to your electronic data.
What is Social Engineering?
Social engineering is a type of cyber attack that involves manipulating or deceiving people into performing actions or divulging information that benefits the attacker. Social engineering relies on human nature, rather than technical hacking, to exploit people’s emotions, instincts, and trust. This is commonly done through methods such as phishing, spearing, or whaling, and can result in seemingly minor crimes such as theft of a password, or more serious crimes like funds transfer fraud. These crimes are often committed by someone posing as someone with authority:
- Someone posing as a member of the C-Suite and/or management team by sending an email requesting sensitive information to be provided. For example, someone posing as the HR Director requests a list of all employees’ names, dates of birth, and social security numbers
- Someone posing as the CFO requests a funds transfer to pay an invoice.
But beware! The email and sender may appear to be legit at a quick glance, but if you look closely, you may notice a slight difference from the person’s actual email address. Because these fraudulent emails typically appear to come from someone with authority, the requests are often handled quickly and with little forethought – after all, you don’t want to upset the CFO! Usually, by the time someone realizes it was a fraudulent request, a cyber breach has already occurred.
Desert Mountain Insurance is experienced in both Cyber Liability and Crime Policies
How can you protect your business from social engineering scams?
Here are some possible ways to protect yourself from social engineering attacks:
- Don’t open emails, click links and/or download attachments from questionable sources. If you are not sure about the sender or the content of the message, verify it with another channel of communication, such as a phone call or a text message.
- Don’t believe in tempting offers. If you think a deal is too good to be true, it probably is. Be wary of unsolicited messages that promise rewards, discounts, or prizes in exchange for your personal information or money.
- Use multi-factor authentication. This adds an extra layer of security to your online accounts by requiring you to enter a code or use a device that only you have access to. This can prevent hackers from accessing your accounts even if they have your username and password.
- Make sure you are using an updated antivirus software. This can help protect your devices from malware infections that may result from clicking on malicious links or attachments. Antivirus software can also alert you to any suspicious activity on your system.
- Don’t answer to any requests for personal information or passwords. Legitimate organizations will never ask you to share sensitive data via email, phone, or text message. If you receive such a request, ignore it or report it to the appropriate authority.
- Reject any unsolicited advice or help. Hackers may try to gain your trust by offering to fix a problem with your computer or network, or by pretending to be someone you know or work with. Don’t let them access your devices or accounts without verifying their identity and credentials.
- Use security awareness training and education. Learn how to recognize and avoid common social engineering techniques, such as phishing, vishing, smishing, and baiting. Educate yourself and your employees on the latest cyber threats and best practices for staying safe online.
- Use AI-enabled detection tools. These tools can help identify and respond to AI-powered social engineering attacks in real time, such as voice imitation, deepfake videos, or generative text messages. These tools can use machine learning, natural language processing, and deepfake detection techniques to analyze and flag potential threats.
A Cyber Liability policy is a good start in protecting your business in the unfortunate event of a social engineering scam, but not all cyber policies are created equal.
Policies are usually individually crafted by each carrier, so there can be coverage differences from one policy to the next.
- Only a few Cyber Liability policies actually include coverage for social engineering claims, and it’s typically only included by endorsement and upon request.
- Additional coverage through a separate Crime policy is often needed for a carrier to respond to a social engineering claim and have insurance protection from social engineering schemes.
Working with a trusted insurance broker is a great place to start. Desert Mountain Insurance is experienced in both Cyber Liability and Crime policies, and our goal is to make sure you have adequate coverage for your business, especially when social engineering is involved. Find more information about Cyber Liability and Crime Policies on our webpage. Contact us today for a free evaluation of what types of coverage may benefit your company!