Scams, Deep Fakes, and More: Employees Pose Cybersecurity Questions To Expert Panel

From AI deep fakes to tips for avoiding scams, a recent Sayers panel Q&A covered a range of timely cybersecurity topics. Sayers employees quizzed our engineering experts on your behalf, with highlights captured below.

What Password Practices Should I Recommend To My Friends And Family?

Email, banking, shopping, and social media accounts lead to an impossibly long list of passwords to remember. 

Ken Wisniewski, Senior Security Architect at Sayers, warns against using the same standardized passwords across all your accounts, adding:

“Use a password manager. It is not critical regrading the specific brand you’re using and more about the fact you’re using one.”

Password managers securely store, manage, and share passwords, pass-phrases, and other sensitive information. Sayers panelists recommend using well-known password managers such as these reviewed by CNET, which offer direct, encrypted data sharing to anyone you choose as well as widely compatible Single Sign-On integration.

In addition to using a password manager, be sure to enable multi-factor authentication wherever possible to log into your accounts. MFA provides an additional line of defense even if your password becomes compromised.

What Advice Do You Give To Avoid Phishing And Other Scams?

Beyond keeping your devices current with the latest updates, the Q&A panelists agreed people should be less trusting on their devices. Today’s bad guys can better create and tailor their attacks using personal data from breaches combined with generative AI capabilities. The panelists’ advice:

• Whether in a text or email, don’t click on links you haven’t requested. 
• “Think before you click” is a good start. Then take the time to use out-of-band communication methods instead of those in the questionable email, text, or phone call you received. For example, go to the actual website of your account to get the verified link or phone number.
• Be skeptical of calls claiming to be from tech support. Hang up and contact the company’s actual tech support line.
• Don’t answer random calls. If you can’t help picking up the phone, answer without saying anything. Most robocalls will auto shut-off if they encounter silence. 

Gerry Wollam, Senior Cybersecurity Solutions Architect at Sayers, says:

“Remind your parents or grandparents that if the phone rings, the person may not be who they say they are. Most people are wired to give this person who’s calling a chance. The hard truth is we have to be unwired from doing what we’ve been taught to do, which is to be human. But the people on the other end trying to scam you really aren’t. Just hang up, or don’t answer.”

What Do Organizations Need To Know About AI Security Vulnerabilities?

For enterprises to derive value from AI, they have to use their data. Instead of building their own AI, many organizations have quickly adopted public AI models and are fine-tuning those around their data and use cases. 

As a result, concerns continue to grow about feeding intellectual property and confidential information into the AI environment. 

Chris Willis, VP Cybersecurity Engineering at Sayers, says:

“The biggest thing AI is going to do that we should be concerned with is data. Be careful about copying and pasting sensitive information or putting your call notes into a public AI solution such as OpenAI or ChatGPT, because that information could potentially be exposed.”

Governance of AI use, implementation, and data integrity will be critical to ensure the AI model won’t take the data and send it elsewhere. The Cybersecurity and Infrastructure Security Agency (CISA) has released the AI Cybersecurity Collaboration Playbook to raise awareness of AI cybersecurity risks and improve the resilience of AI systems.

How Concerned Should We Be About Deep Fakes?

For individuals and organizations, deep fakes and other misuse of AI are becoming a huge concern. Cybersecurity attackers are turning to the same existing AI models that organizations use, then using AI against them. 

With current technology, a scam call can record you to create a deep fake of your voice for nefarious purposes.

For an Enterprise Account Executive at Sayers, this hit close to home. He says:

“My son had a YouTube channel focused on video games when he was in high school. My father-in-law got a call from a scammer who had deep-faked my son’s voice and asked for money. We knew it wasn’t my son because he was with us at the time.”

Detection technologies are emerging to protect against deep fakes and other AI misuse. Sayers conducts research with vendors who are evolving their AI capabilities to detect deep fakes in email, videos, and other areas of the digital environment. Stay tuned for more to come.

What Impact Will Enterprise Browsers Have On Existing Technologies?

Purpose-built for the enterprise environment, enterprise browsers offer a more secure, managed functionality than standard consumer browsers. Current enterprise browsers augment rather than replace existing technologies by providing additional insights, controls, and security capabilities. 

Enterprise browsers are especially effective for Bring Your Own Device use cases, such as handling the workload of BYOD home-based employees. Organizations are using enterprise browsers to give their contractors controlled access to applications, avoiding the need to roll out a full Virtual Private Network client to them. 

Enterprise browsers have some data loss prevention built in. This enables the browser to recognize and block access to sensitive content or websites that fall outside of an organization’s acceptable use policies. 

While technologies such as virtual desktop infrastructure and privileged access management (PAM) can provide access to browser-based applications, enterprise browsers for now are complementary rather than direct competitors to such technologies.

Palo Alto Networks acquired Talon Cyber Security, an enterprise browser company, and has begun integrating it into the Prisma technology stack as Prisma Access Browser. PAM vendor CyberArk has introduced their enterprise browser, adding to the available choices in the market.

Questions? Contact us at Sayers today to discover extensive technology solutions, services, and expertise to cover all areas of your business.