AI is here. What Does it Mean for Your Workforce?

Generative AI learns from the information that it’s given to create or generate outputs, such as composing an email (text), creating a piece of art (imagery), or producing code or new data. This means that generative AI can have multiple uses and benefits in the workplace, helping people to complete tasks more efficiently or effectively across a range of areas. Those who are keen to explore the boundaries and limitations of applying AI in their organization are embracing these benefits.

But against a backdrop of a lack of policy or clear guidance on appropriate use of AI, some of those limitations are becoming increasingly clear. Cases have emerged of employees sharing proprietary or sensitive information with external AI systems, leading to organization-wide bans..While using systems such as ChatGPT to increase work efficiency, people can unintentionally provide or share protected information.

Companies have rushed to create internal policies, lawsuits have emerged regarding the use of information to train systems, and governments have implemented all out bans to ensure that data privacy is respected.

Despite policy activations, phishing emails and other social engineering attacks continue to be a persistent issue in organizations, tricking people into parting with money or information, or getting them to download malicious files. These attacks have remained one of the hardest areas to address from a security perspective, and are now likely to get even harder.

Generative AI can learn from inputs to create more realistic, persuasive, and engaging phishing emails or other social engineering attacks. These attacks can be executed more quickly and easily than ever before, creating communications that persuade people to share information or login credentials. This kind of malicious strategy might include deploying perfect spelling and grammar, using a range of manipulation tactics, such as urgency or reciprocity, and/or exploiting information that has been shared online to increase relevance.

So, what can you do to prepare your organization for both the benefits and risks that AI brings?

• Develop an internal policy related to the use of AI within your organization. This should manage expectations around the use of AI by individuals and departments, as well as providing a documented process for potential future implementation and evaluation. Have a key person or team assigned to coordinate this area in your organization to make sure that nothing slips through the cracks.
• Emphasize appropriate data and information handling. It’s important that people understand what information is sensitive in your organization, whether that be personal data or proprietary information. Make sure it’s clear what information can and cannot be shared with external AI systems and provide an easily accessible point of contact for any questions.
• Understand and assess the potential social engineering threat. Make sure your workforce is prepared and understands how AI may impact the realism of fraudulent and malicious communications. They can be your best defense if they are equipped to do so.
• Stay tuned to the regulatory landscape as this continues to evolve and keep abreast of updates. AI is a particularly fast-moving area from a regulatory perspective.
• Finally, think beyond compliance and into ethics. Just because you can, doesn’t mean you should. You should always consider whether you are using AI responsibly and whether you feel confident in justifying this externally if you need to.

Here at Immersive Labs, we help organizations to continuously build and prove their cyber workforce resilience, including managing the potential impact of AI.

Visit our Resources Page to learn more.