Defending Against ChatGPT Cyber Threats
CF: How do organizations and individuals protect themselves from ChatGPT-associated cybercrime?
DS: So any proper security program needs to make sure that they have good threat models and that they’re updating them not just on a regular basis, like an annual basis, but when critical events happen. And I think all defenders need to realize that this is a critical event. Just because you haven’t been attacked yet, this is such a change and shift in the industry that this is the time to be reevaluating your threat model so that you can recognize where your phishing training may be lacking, where maybe you need to improve some of your phishing defenses to be a little bit more aggressive in preparation for some of these attacks. And definitely start evaluating your vendors and getting with your vendors to make sure that you understand how they’re going to address this threat because their detection models are going to need to see significant updates.
This is not something that everyone’s going to have a perfect answer to right now. It’s going to require you to check in with your vendors on a frequent basis here because this is at the beginning stage. We haven’t seen full weaponization and full utilization of the technology yet. So over the next couple of months, me as a CSO, I’m making regular contact with my partners. I’m like OK, ChatGPT, how are you combating these new threats and what are you already seeing so that we can continue to adjust our security controls appropriately.
