How Communications Can Help Defend Against the New AI Threat Landscape

Last week’s news of a $25M deepfake cyberattack spawned by a phishing email reverberated through media and social, with everyone from cybersecurity experts to AI enthusiasts speculating about how and why it happened. It’s easy to worry that AI has become too realistic to detect and that succumbing to these types of cyberattacks is now inevitable. While I agree that we are going to be faced with more sophisticated cyberthreats as AI becomes more embedded in our daily lives, I am optimistic that organizations can do what is necessary to avoid falling victim to threats.  

Many organizations are already investing in more robust and dynamic IT infrastructure with more sophisticated threat detection to confront the new reality brought on by AI. But upgrading IT systems takes a lot of time, money, and resources which many others do not have at this moment – and these new threats are already here.  

A joint study by Stanford University and Tessian found that 88% of cyberattacks are the result of human error. Yes, you read that correctly – almost every cyberattack is because of an employee’s negligence. The primary reason for employees clicking on a phishing email is it appears to be legitimately coming from a senior executive (41%) or a recognizable brand (43%). Respondents also cited distraction (44%) as a key factor for falling for phishing attempts.  

IT departments cannot bear the sole responsibility for educating employees and sparking behavior change. This is where a more deliberate and robust communications approach can be the lynchpin in protecting an organization from a dangerous, costly, and rapidly evolving cyberthreat landscape.  So, what does that look like?  

• Embed cybersecurity awareness – Many industries with high risk profiles (automotive, pharma, manufacturing) routinely include safety reminders in their employee communications both written and verbal. Consider doing the same with cybersecurity tips and protocols so that awareness becomes embedded and regular scrutiny of digital material becomes the norm.  
• Diversify your tactics – Some of the most compelling and successful cybersecurity awareness programs feel more like entertainment than education. Cartoons, creative digital signage, and employee-generated content that shares tips, common pitfalls, and ways to report suspicious activity often creates better engagement than the written word.  
• Brand the effort – Branded campaigns that balance both online and offline tactics will help keep cybersecurity messages memorable and will also help spark behavior change to combat against threats.  
• Plan and prepare – Finally, ensuring your crisis and issues management playbooks and protocols are updated and road-tested for the new reality of cyberthreats is paramount. Not only should all materials be refreshed but crisis simulations should be conducted to make sure the organization and all relevant stakeholders are prepared to respond appropriately should an imminent cyberthreat or exposure be identified.  

The AI future we have been hearing about is already here – and with any innovation always comes some sort of downside. The threats posed by deepfakes and other AI technology will only increase, and while there are AI-ready cybersecurity solutions available, and more being developed, there is no substitution for an educated and vigilant employee—and an up-to-date crisis plan.   

Get in touch with MWW’s corporate team: