Estimated read time: 4-5 minutes
SALT LAKE CITY — The technology for conducting cyberattacks continues to increase in its accessibility and use by criminals. Meanwhile, businesses are forced to fight sophisticated digital threats on a virtual battlefield or risk the loss of tangible, real-life assets.
Small businesses are at an increasingly high risk.
According to a recent survey conducted by the Travelers Institute, which encourages leaders in the insurance and financial industries to participate in ongoing public policy dialogue, 55% of business leaders in Salt Lake City expect that their businesses will become the eventual victim of a breach in their cybersecurity.
"The financial implications are obviously huge," James Woulfe, assistant vice president of the Travelers Institute, said at a conference Tuesday at Salt Lake City's Le Méridien hotel, explaining what is at stake when a business becomes the victim of a cyberattack. "Aside from the financial implications, you've got a reputation that can be put on the line and you also have business interruption — if you're a small business and your email system is down and you can't email your clients, what're you going to do? You're in big trouble."
Joan Woodward, the institute's president, and cybersecurity experts gave business leaders at the symposium a better idea of how they can secure their businesses and their assets from bad actors who are using increasingly sophisticated methods to breach companies through their virtual weaknesses.
The Travelers Institute said only 26% of businesses in Salt Lake City feel that they know enough about cybersecurity to confidently say that they can keep the data and information belonging to their clients safe — a concerning statistic to experts like Shawn P. Murray, who has spent the last two decades as a cybersecurity specialist for various U.S. federal agencies.
These virtual attacks have now become more complex than simple phishing schemes: Artificial intelligence has entered the ring and proven itself to be a game changer in the world of cybercrime.
"This is not Morgan Freeman," said Murray, presenting to the audience a deepfake image of the well-known actor as an example of how far AI media generation has come in recent years in terms of quality and capability. "The quality we have now for AI generated deepfakes in audio and visual media is significant."
Cyberattack leaves Utah pharmacies unable to get paid for filling Medicaid prescriptions
Pharmacies in Utah are being urged by the state to provide medications to Medicaid members at no cost while a vendor outage leaves pharmacies unable to get paid for filling Medicaid prescriptions.Murray educated the room of business leaders on the wide breadth of threat vectors that bad actors use to find both virtual and human weaknesses in a company's security to gain access — usually in an attempt to steal money, spread misinformation or scam customers. Murray explained, to the shock of many in the audience, how bad actors can use AI to create convincing pieces of audio and visual media that can exploit a company's proclivity for human error by manipulating employees or others associated with the business.
Murray presented several examples of how criminals are already utilizing AI to misinform and manipulate companies in the virtual space. The use of "sock puppets" — AI-generated assets designed to mimic the appearance and vocal qualities of real people — is becoming a prominently used tool by cybercriminals targeting businesses.
One Hong Kong employee of an unnamed company paid out $25 million to criminals after believing that he had just had a virtual video meeting with the chief financial officer of the company he worked for and his colleagues when, in reality, the virtual depictions of the chief financial officer and his colleagues were actually AI-generated "sock puppets" meant to trick the employee by mimicking the voice and appearance of his superiors in the virtual meeting, according to Murray.
Another example that Murray shared with the audience was that of a health and wellness lifestyle coach who had their social media profiles hijacked by hackers who used AI to generate a deepfake sock puppet to imitate the influencer and advise their followers to make an investment — which, of course, turned out to be a total scam. Now, that influencer is facing legal complications from former followers and clients who blame the influencer for the money they were scammed out of.
"I think what businesses should be concerned about are the low-hanging fruit, things that they can implement for a low cost or no cost," said Woulfe, advising on what can be done on both an individual level and within companies to improve their cybersecurity and virtual hygiene. "Multifactor authentication, updating your passwords, and patching your systems are things that small businesses can put into place that are critical."
