Who or what do you trust?

0

Yesterday, I attended the Association of Professional Compliance Consultants Culture Working Group for a presentation by Roger Miles on “AI and Social Engineering. “This was all about how people obtain information in order to gain advantage, often crime orientated. This was quite frightening as the fraud is getting more sophisticated with the introduction of AI to help it along.

In the news, this morning, Moira Stuart was on the television talking about how she was the victim of a scam involving her bank. The people presenting the program were amazed that someone so savvy could be caught out. However, many people are complacent about whether they could be caught out and therefore, may make themselves easier targets than they should be.

We all go through the annual testing for financial crime. Is this purely a compliance tick-box exercise?  Or is it used as genuine knowledge gathering to be applied to our day-to-day activities.  Obviously, it ought to be the latter. The training that we have from “normal sources” is rather dry and should be presented so much better.

When you see the possibilities offered by AI that bring the production of deep fake videos or very realistic sound for a telephone call, it is terrifying.  When AI can be used to mimic accurately, it is difficult to sort fact from fiction.

Circling around to the financial crime question, we need to be more careful than ever to protect our data. Both personal data and also the data relating to our business. 

This is already used in public life with memes and videos being produced to mislead people. When so many people get their news online, how many people think to fact check?

If I tell you that it is raining, do you take my word or do you step outside your door to find out? Of course, it may be raining where I am and not where you are. So, whose facts are correct or incorrect.

Social media has been blamed for the results of many recent elections and referenda. The spreading of false information and the flooding of that information into the public consciousness leads to results that may be detrimental.

We should all consider what our sources of information are providing to us.  What is the source? Is it reputable and reliable? Do we go to more than one source? Do we sense check the information. Do we fact check the information? Is the source of our fact check any more reliable than the information being checked? Reading that back – looks like we are in a loop that will end up as an echo chamber.

Circling around to the financial crime question, we need to be more careful than ever to protect our data. Both personal data and also the data relating to our business.

Whilst it is easy to protect data with systems, it is more difficult to protect data from users. This is why constant training of our colleagues, reminders of good practice and looking after each other is essential.  This undertaken with specific strategies.

  • Access Controls: Limit access to data based on user roles and responsibilities. Use the principle of least privilege, ensuring users only have access to the data necessary for their tasks.
  • Data Encryption: Encrypt sensitive data both at rest and in transit. This ensures that even if data is accessed without authorisation, it remains unreadable.
  • User Training: Educate users about data protection policies, potential threats, and best practices for handling data securely. Regular training can help prevent accidental data breaches.
  • Monitoring and Auditing: Implement monitoring systems to track user activities and detect any unusual or unauthorized access to data. Regular audits can help identify and address vulnerabilities.
  • Strong Authentication: Use multi-factor authentication (MFA) to add an extra layer of security. This makes it harder for unauthorized users to gain access to sensitive data.
  • Data Minimisation: Collect and retain only the data that is necessary for your operations. This reduces the risk of exposure and misuse of unnecessary data.
  • Regular Updates and Patches: Ensure that all systems and software are regularly updated to protect against known vulnerabilities that could be exploited by users.
  • Clear Policies and Procedures: Establish and enforce clear data protection policies and procedures. Make sure users understand the consequences of violating these policies.

By combining these strategies, we can create a robust framework to protect data from unauthorized access and misuse by users

AI and social engineering present new and emerging challenges in data protection. There is some crossover as they are not separate issues.

AI in Data Protection

  • Threat Detection: AI can analyse patterns and detect anomalies that might indicate a security breach. This helps in identifying and responding to threats more quickly.
  • Automated Responses: AI can automate responses to certain types of threats, reducing the time it takes to mitigate risks.
  • User Behaviour Analytics: AI can monitor user behaviour to detect unusual activities that might indicate a compromised account or insider threat.

Social Engineering

Social engineering involves manipulating individuals into divulging confidential information. Here are some strategies to protect against it:

  • User Education: Regular training on recognizing phishing attempts, suspicious links, and other social engineering tactics.
  • Verification Processes: Implementing strict verification processes for sensitive transactions or information requests.
  • AI-Powered Email Filters: Using AI to filter out phishing emails and other malicious communications before they reach users.

Combining AI and Social Engineering Defence

  • AI-Driven Training: AI can be used to simulate social engineering attacks, helping users recognize and respond to real threats.
  • Real-Time Monitoring: AI systems can provide real-time monitoring and alerts for potential social engineering attacks.
  • Adaptive Security Measures: AI can adapt security measures based on the latest social engineering tactics, ensuring defences are always up-to-date.

By using AI to enhance security measures and educating users about social engineering, organisations can create a more resilient defence against these sophisticated threats.

This is a matter of growing importance as time goes on.

Share.

About Author

Avatar photo

Tony Catt from The Catt's Eye View Tony Catt is a freelance compliance consultant working with several firms of different sizes. "I have previously been an adviser, which gives me a good understanding of the advice process and dealing with customers and I enjoy a close relationship with my adviser clients"

Leave A Reply