Requesting your opinion on data sovereignty and information system security when utilizing cloud based Enterprise Resource Planning systems, specifically in a Government department. Any guidance to share?
Sort by:
Agreed, the focus right now is on phishing and related threats. AI is being used to scrape information from various sources and that leads to more targeted attacks. For instance, new employees might be targeted if their personal information is inadvertently shared online, so stronger education and awareness from day one are crucial to mitigate these risks.<br>
At this point, I believe it's too early to make definitive decisions about AI-powered attacks. While AI and machine learning are frequently mentioned in the context of cyber attacks, much of what we see is still driven by algorithms. In the education sector, we're more focused on adapting our teaching methods to incorporate AI, such as grading students on the quality of their prompts rather than worrying excessively about AI-driven cheating. When it comes to actual incident response use cases, I think it will take some time before we can comfortably rely on AI.
It's still early days for AI-powered attacks. I handle a significant number of attacks and they remain largely traditional. I recently encountered an AI-generated email thread that attempted to impersonate my CEO, so it is important that your users understand the potential for attackers to use AI in crafting more sophisticated phishing attempts. But, while AI can aid in data correlation and packaging information, the use of AI in automated attacks is still evolving. The threat of deepfakes and impersonation is real, but we have yet to see widespread AI-generated attacks. It's a frequent topic at conferences, but I think we have a lot to learn before fully understanding its implications.