Cybersecurity has remained a growing priority for the last +8 years. The fact that human error continues to be the leading cause behind cyber-attacks, at a staggering 74%, comes as no surprise. With the emergence of AI, new cyber threats linked to human error arise.
Picture this:
Your team is working on a project with a tight deadline. Alex (one of your stellar employees) is leading it and has done a brilliant job, navigating time-sensitive asks. Proud of the team’s achievements, Alex has posted an article on LinkedIn on the project subject matter showcasing the skill set of the team. The article goes viral with largely positive interactions.
A few days later, Alex gets a request via email from yourself, as the manager, asking for an urgent update to a project document attached on the email. Alex tries to open the attachment, but nothing happens. 'That’s odd', Alex thinks, and reaches out to you via chat. You tell Alex that you haven’t sent an email, and that you did not need any urgent paperwork to attend to. Alex assumes this was a misunderstanding doesn’t give it another thought.
What Alex doesn’t know is that the email didn’t come from you or your organisation at all; a group of cybercriminals has targeted your company. They’ve seen Alex’s LinkedIn post, so they knew how to write a convincing email pretending to be someone Alex works with. Alex is also not aware that the attachment was malware. Once downloaded and opened, this malware ran, invisible, in the laptop’s background. It’s a deepfake, created using AI to mimic Alex’s voice and writing style – and it is now recording both private and company meetings. The keylogger records Alex’s keystrokes, capturing passwords, login credentials, and proprietary company data.
Bingo. The cybercriminals now have a key to your data. And since the cybercriminals have performed identity theft on Alex, it’s most likely that no one will notice the breach until it’s too late.
AI brings a new layer of complexity to cybersecurity
Most of what was described in the (mock-up) scenario above has been happening for years. Alex accidentally compromised the company by posting too much detail on LinkedIn. Alex was also victim to a phishing email. What’s new is the deepfake factor, blending with traditional malware: the AI-powered technology that allows cybercriminals to impersonate someone so well.
A cyber-attack can harm your company in more than one way – starting with reputational damage, navigating through loss of clients and leading to legal consequences with massive fines.
How can Change Management help?
Your workforce needs to be given the tools, awareness and knowledge to protect your company and not fall victim to a cyber-attack. Business Change Management (BCM), can help your workforce:
You need to generate awareness on cyber-attacks, including those attacks that include AI:
Our team of experts can launch or help you launch tailored, interactive communication campaigns that encourage cyber safe behaviours against the dangers brought by AI. You need your people to think critically so that they can evaluate the authenticity of information before acting on it.
It’s a must to train your people to prevent – and react – accordingly:
To protect your organisation, you need to include cybersecurity learning. This would include deepfake detection training, such as getting your employees to know about common indicators. It is also critical to train your employees to react appropriately in the face of a cyber-attack – such as phishing or ransomware – where time is of essence.
It’s a must to promote a cyber safe culture:
The goal is to embed a cybersecurity aware culture or mindset in your people by focusing on your people’s foundational beliefs and behaviours. Employees need to be encouraged to adopt cyber safe behaviours until these become second nature.
At KPMG we have a team of experts who focuses on these actions. We would be happy to support you and your organisation to help empower and equip your employees against cyber-attacks – including those brought by AI. While technology plays a crucial role in combating deepfake threats, human behaviour must remain an essential component in your cybersecurity defence.
