Cisco’s head of security thinks that we’re headed into an AI phishing nightmare
Good morning!
Cybersecurity attacks are an increasingly costly nightmare for companies, and AI will only make it easier for victims to fall for their most common form: phishing scams.
Generative AI tools like ChatGPT are capable of producing written work that humans have difficulty detecting. And as these tools evolve, phishing attackers may use the technology to send email traps disguised as work messages that even some of the most cautious people may have trouble discerning as fake.
“It's going to get harder for humans to distinguish between legitimate activity versus a malicious attack,” says Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration.
Assailants using AI to make their attacks even more sophisticated could be a problem for HR, as the bulk of attacks people fall for are about work, or from someone pretending to be from their HR department. According to security software company KnowBe4’s third-quarter global phishing report, 61% of its failed phishing tests contained messages from HR or about employee performance.
People have mostly stopped falling for the stereotypical phishing scams like the Nigerian prince or someone offering a lucrative investment opportunity, where the offer is too good to be true and the email itself riddled with typos. But Patel worries people will have difficulty distinguishing A.I.-written phishing emails purporting to be from a friend or colleague.
For example, an attacker could use AI to send a fake email from a coworker about going to the same basketball game the night before and sending over a cloud drive link purporting to have pictures from the game. That’s because generative AI bots can be trained to mimic a specific person’s writing style.
“That's a much harder activity for being able to tell whether or not it's a legitimate activity or a malicious attack,” says Patel. “I think you're gonna see much, much more of that.”
While the thought of employees having to watch out for even more email scam attacks may be worrying (and expensive) for HR and business leaders, Patel is also hopeful that the advancement of A.I. technology will beef up companies’ cybersecurity defense systems.
“We might have a data advantage, which will allow us not just to detect an attack and respond to it, but predict an attack before it happens and prevent it from happening,” he says. “That data advantage is going to be pretty big.”
Paige McGlauflin
paige.mcglauflin@fortune.com
@paidion
This story was originally featured on Fortune.com
