Companies are starting to report “deep fake attacks” where artificial intelligence is used to impersonate people on video calls.
Business Aspect Cyber Security and Risk Principal Consultant Bruce Irwin said this was part of a new wave of cyber threats emerging through AI.
He said another flow-on effect of generative AI was that “phishing” scams would become more convincing.
“What we are going to see just at that simple level is those terribly worded phishing emails with all the spelling mistakes and the grammar errors are going to go away,” Mr Irwin said.
“AI tools like ChatGPT are great for everyone because you can just ask it to knock up a letter and it does it very well. The trouble is it can also do the same thing for our adversaries.”
Mr Irwin is part of a panel of experts who will discuss the emerging cyber threats at the Queensland Futures Institute’s Leading Cyber Security 2024 forum next week.
Mr Irwin said new threats were always emerging. One of the new frontiers was AI being used to create deep fake personas on video calls.
“We are already seeing the first instances of commercial or corporate deep fake attacks where a threat actor sets up a Teams meeting purporting to be someone but they have been digitally masked to appear to be that person,” he said.
“I know of one instance where this has happened at an executive level. It was only picked up because the person was thinking ‘there is something really not right about this’.”
Mr Irwin said this was just the beginning of this level of cyber deception.
“We used to say we will believe it when we see it with our own eyes,” he said. “Soon you won’t be able to believe it even if you have seen it with your eyes.”
Mr Irwin said these types of threats were the reason companies had to be constantly on top of cyber security and data protection.
Cybersecurity was not just a necessary hygiene factor for companies. It was also a “strategic enabler”.
“Good security means that you have confidence to do new and innovative things, tackle new markets, launch new products and so on,” Mr Irwin said.
“With good security practices in place you can accelerate innovation rather than it being a roadblock.”
In this environment, Australian organisations were facing increasing changes in the regulatory environment as we caught up with global standards.
Regulation that previously focussed on areas like banking, finance, health and utilities would be progressively rolled across the broader economy.
Mr Irwin said the battle between cyber criminals and the technology and people enlisted to protect data was a constant leap-frogging process.
Payments for ransom attacks, for example, steadily rose for six years until about 2022 before dropping off as counter measures took effect.
Now it is back on the rise and expected to be an “industry” worth more than $1 billion this year.
Mr Irwin said he did not believe we would need to wind back online convenience to reduce cyber threats, but consumers could expect extra steps in verification processes to mitigate risk.
He said the one thing people could do to be safer online was to put multifactor authentication on all of their online entities. That was “100 percent worth the effort”.
Around 60 percent of data breaches originated from criminals using “phishing” techniques to trick people into handing over their logins and passwords.
“Hacking through the front door (the firewall) is really hard,” Mr Irwin said. “That’s why they use phishing techniques as a starting point.
“It is in the nature of people to be trusting or want to help and most of these scams are based on convincing people they are going to miss out on something, or somebody really needs their help.”
The QFI Leading Cyber Security 2024 event is being held at the Tattersalls Club in Brisbane’s CBD from 7.30am to 9am on October 23.
The other speakers are:
- Karla Day, Chief Technology and Transformation Officer, QBANK.
- Ivar van den Berge, Head of Cybersecurity, Sime Darby Industrial Australasia.
- Professor Ryan Ko, Chair & Director, UQ Cyber Research Centre, The University of Queensland.
The event will be moderated by Cat Matson, CEO & Lead Facilitator, Impactful Presenters.