Cybersecurity and AI Best Practices

The more we learn about Artificial intelligence, the more it seems to present as a double-edged sword. The benefits are innumerable, but we’re also beginning to hear more about its inherent risks and ethical complications, such as impersonations, deepfakes, and malicious text generation. As the Vice President of Systems at SBIC, I consistently consider the respective benefits and pitfalls of AI and how we can adapt to its ever-changing landscape, especially regarding cybersecurity.

While I find ways that we can use AI to bolster our cybersecurity measures, I also consider how AI can be used against us. While AI continues to strengthen our security, it also makes it easier for cyber criminals to commit social engineering attacks. As an organization, we remain vigilant in our attempts to adapt to the evolving risks AI presents.

Here are some best practices our team at SBIC adheres to to spot and prevent AI generated social engineering attacks:

Recognize and be Wary of Unusual Communication Patterns

AI generated impersonations can sometimes create subtle differences in communication style. Pay attention to the content and delivery of a message and notice whether an email, message, or phone call from a friend or colleague has unfamiliar tone, wording, or timing. These deviations and inconsistencies from their usual behavior could be a sign of an AI-driven impersonation attempt.

Verify Identity Through Multiple Channels

AI tools can clone voices and mimic writing styles. Before providing any sensitive information or taking an action, always verify the identity of the requester using a secondary communication channel like via a phone call or direct message. Never rely solely on email or text message for verification.

Be Wary of Deepfake Video or Voice

AI deepfake technology allows attackers to create realistic video or audio of individuals asking for sensitive information or actions. Disconnecting the call or video and contacting the individual directly using a trusted communication channel is a good technique to prevent some of these attacks.

Watch for Hyper-Realistic AI-Generated Emails

AI tools can draft highly convincing and personalized phishing emails. Be cautious of requests for sensitive information or unexpected attachments or links, even from known contacts. We approach these emails by following basic guidelines for recognizing phishing emails such as noticing things like bad spelling and grammar, suspicious attachments, or demands for urgent action. Always confirm with the sender via a trusted communication channel to verify before acting.

Be Skeptical of Urgency and Emotionally Charged Requests

Commonly, cyber criminals will use emotional manipulation, like creating a sense of urgency, to trick you into overlooking signs of phishing and skipping verification steps. Remember to pause, assess, and verify requests that push for immediate action or play on emotional appeals, especially if it involves sensitive information.

Stay Informed About AI Related Security Trends

AI is evolving quickly and so is the ability to generate more sophisticated attacks. Here at SBIC, we partake in regular security awareness training to ensure we stay prepared. To stay up to date on all AI related news, you can visit the National Institute of Standards and Technology (NIST) AI web page: Artificial intelligence | NIST.

As AI capabilities continue to grow, it’s important that we continuously enhance our security measures and be prepared for what the future of AI brings. At SBIC, we use best practices to conduct our cyber activities and protect our customers’ information. Be sure to check back for more upcoming thoughts from the SBIC team.

Article written by:

Vikas Sehgal

Vice President (Systems)

The views and opinions expressed are solely those of the author, and do not represent the official policies, positions, or views of State Bank of India (California).