IT professionals in business and government spend an inordinate amount of time on security issues. Now there's something new to keep them awake at night: Artificial Intelligence is making it easier for nefarious actors to penetrate systems, steal data, demand ransom, and scam the unsuspecting out of their hard-earned money.
There was a time not long ago when just about anyone receiving a suspicious email could peg it for what it was: a scam. They were invariably riddled with misspellings, poor grammar, non-existent punctuation, imprecise graphics, and any manner of red flags. Those emails, usually entreaties to click on a link or just to send money, were easy to spot. That was then: The proliferation of Artificial Intelligence has changed the playing field markedly.
Thanks to A.I., more and more bad actors are implementing the technology to fine-tune their scams and make them less suspicious to the recipient. Using natural language processing, scammers can now create emails that are scrubbed of errors and that sound natural. This allows hackers to break into computer networks using emails that trick recipients into clicking on links, sharing personal information, or creating images and videos that are then used to extort unsuspecting victims. Many of the perpetrators of these crimes are offshore, mostly from China, Russia or Africa, making it difficult for federal law enforcement officials to conduct proactive investigations and nab suspects before damage is done.
Seemingly no one is immune: Businesses large and small, school districts, universities, medical centers, government agencies and even military contractors are all targets, and they're all vulnerable to some degree as hackers devise ways to steal financial and health information and data of all kinds — often to hold for a hefty ransom payment. And attacks are on the rise nationwide.
Cyberattacks are particularly acute in Texas, which ranked third in the U.S. last year in terms of the number of victims reporting cybercrimes and fourth nationwide by total reported losses from fraudulent email schemes, according to the FBI's Internet Crime Report. Last year the agency reported 38,661 cybercrime victims in Texas, who reported losses totaling $763.1 million. Since many such crimes go unreported, those figures are likely much higher.
Texas law requires that businesses and organizations that experience data breaches affecting 250 or more victims be reported within 30 days after the breach is discovered. The SEC now mandates that publicly traded companies that are cybercrime victims report the attack within four days, and they must report the financial impacts in their next quarterly statement.
A.I. has only exacerbated the problem. Hackers are now employing 'deepfakes' and voice clones to scam victims, whether it be used to blackmail targets of sexploitation cases, or for imposter scams, extortion, or to commit financial fraud. FBI Director Christopher Wray recently noted that A.I. "Will enable threat actors to develop increasingly powerful, sophisticated, customizable and scalable capabilities - and it won't take them long to do it."
While A.I. has become a tool used for nefarious purposes, it can also be utilized to help thwart unwanted infiltration and cyberattacks. And progress is being made throughout the U.S. and worldwide in uncovering cybercriminal rings and bringing its leaders to justice.
Note to businesses and government entities: Stay vigilant, and report any cybercrime to the appropriate authorities.
Flagship GovNet is dedicated to working with business and government IT officials at all levels to assess security protocols, to determine what vulnerabilities exist, and to work to develop a comprehensive plan to adopt measures to prevent cyberattacks and establish recovery systems to mitigate damage and downtime in the event of a nefarious breach or natural disaster. Contact Flagship GovNet today for a free consultation.