Most business leaders would consider competitors to be their biggest adversaries; companies with similar products or services which compete in the same market segment. However, the truth is that a business adversary could be just about anyone or anything these days.
Due to the recent rise in artificial intelligence (AI) any person or entity could potentially have the means to do harm to your company – from rival companies and nation states to cyber criminals and teenagers with an internet connection.
A recent report found that AI software, such as ChatGPT, can now create coding for malware with a few simple instructions from any user with an internet connection. This means that business competitors, disgruntled customers or anyone with malicious intent could potentially target your company with a cyber attack.
4C Group has partnered with KnowBe4 – a leader in cyber security education for employees, to empower staff with knowledge and increased cyber security awareness. This will help to minimise the risks of social engineering attempts.
These services include user awareness training, vulnerability management, compliance management and risk assessments for enterprises in Africa. While AI is changing the world and delivering many benefits for businesses and individuals alike, it also signals the start of a new threat landscape in which enterprises need to be prepared for any eventuality.
How AI is used to create cyber threats
ChatGPT is probably the most widely known example of AI. It was developed by OpenAI and the beta version was launched in November 2022. Since then, it has proven to be an effective chatbot that can accomplish a wide range of tasks, from writing technical papers and creating complicated spreadsheets to planning events and writing code for apps.
It has also proven to be capable of creating malware for people with little knowledge of how coding works. Experts at Check Point Research, a security firm, revealed that within a couple of weeks of going live, cyber criminals were using ChatGPT to write malicious software and phishing emails to target businesses and other entities, becoming formidable adversaries in the process.
In one particular example, the chatbot was used to generate malware code that could decrypt files and append a message authentication code (MAC) to the file, as well as encrypt a hardcoded path. This essentially means that AI can be used for ransomware, spyware, phishing and a variety of other cyber attacks.
According to Check Point Research, the coding does contain a few syntax errors and enterprises with advanced cyber defences could easily prevent these kinds of attacks. However, it also means that cyber criminals with a bit of coding knowledge can update the scripts and turn them into more advanced threats.
AI can also be used to create online ‘shops’ where compromised bank card data and other illicit goods can be traded. The coding is generated within minutes and after some editing, complex digital environments can be established. Many of these e-commerce platforms use cryptocurrency as it is much harder to track the origins of payments.
Why hackers are a major business adversary
Large enterprises are often the target of cyber attacks as they store highly valuable information and data; from financial and medical records to customer identities and intellectual property, this data is sought after by hackers who want to encrypt it for ransom or use it for financial gain.
Enterprises generally have advanced cyber security protocols and tools in place, making them hard to successfully attack, but it seems that there is a news report on a multinational company being hacked every month. This proves that cyber attacks are still successful and the financial implications for businesses can be huge.
Despite the security software and network protection measures, user awareness training is still needed at the enterprise level. Employees are a major line of defence; they can determine whether a malicious email is opened or whether a fake application is downloaded. They are also responsible for correctly identifying an adversary.
User awareness training is needed at every level of the enterprise, from CEOs and heads of departments to IT specialists and regular employees. No one is completely safe from advanced social engineering techniques so user awareness training will help employees to identify and mitigate risks.
4C Cyber Security offers four main services to enterprises in South Africa and sub-Saharan Africa. These solutions are designed to improve a company’s cyber security posture and preparedness for a range of threats, whether they were created by hackers, business competitors or AI. For more information about our cyber security services, please contact us today.
At 4C Group of Companies, we strive to effect operational changes and cost savings for customers through our iNSight product and associated services. This product’s main function is to re-purpose and deliver business-critical information to a variety of systems and stakeholders.
We specialise in information assurance, business assurance, fintech solutions and a variety of cyber security services. For more insights into our products and services, check out our blog page or follow us on Facebook, LinkedIn and Twitter.