Human-centric cyber threats have long posed a serious issue for organizations. After all, humans are often the weakest link in the cybersecurity chain. Unfortunately, when artificial intelligence came into the mix, it only made these threats even more dangerous.

So, what can be done about these cyber threats now?

That’s precisely what we asked Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, aka the “Cyber Queen.”

They dedicated a significant portion of their “Cyber Threat Landscape 2024: Navigating New Risks” master class to AI-powered human-centric cyber threats. So, let’s see what these two experts have to say on the topic.

Human-Centric Cyber Threats 101

Before exploring how AI impacted human-centric cyber threats, let’s go back to the basics. What are human-centric cyber threats?

As you might conclude from the name, human-centric cyber threats are cybersecurity risks that exploit human behavior or vulnerabilities (e.g., fear). Even if you haven’t heard of the term “human-centric cyber threats,” you’ve probably heard of (or even experienced) the threats themselves.

The most common of these threats are phishing attacks, which rely on deceptive emails to trick users into revealing confidential information (or clicking on malicious links). The result? Stolen credentials, ransomware infections, and general IT chaos.

How Has AI Impacted Human-Centric Cyber Threats?

AI has infiltrated virtually every cybersecurity sector. Social engineering is no different.

As mentioned, AI has made human-centric cyber threats substantially more dangerous. How? By making them difficult to spot.

In Venicia’s words, AI has allowed “a more personalized and convincing social engineering attack.”

In terms of email phishing, malicious actors use AI to write “beautifully crafted emails,” as Tom puts it. These emails contain no grammatical errors and can mimic the sender’s writing style, making them appear more legitimate and harder to identify as fraudulent.

These highly targeted AI-powered phishing emails are no longer considered “regular” phishing attacks but spear phishing emails, which are significantly more likely to fool their targets.

Unfortunately, it doesn’t stop there.

As AI technology advances, its capabilities go far beyond crafting a simple email. Venicia warns that AI-powered voice technology can even create convincing voice messages or phone calls that sound exactly like a trusted individual, such as a colleague, supervisor, or even the CEO of the company. Obey the instructions from these phone calls, and you’ll likely put your organization in harm’s way.

How to Counter AI-Powered Human-Centric Cyber Threats

Given how advanced human-centric cyber threats have gotten, one logical question arises – how can organizations counter them? Luckily, there are several ways to do this. Some rely on technology to detect and mitigate threats. However, most of them strive to correct what caused the issue in the first place – human behavior.

Enhancing Email Security Measures

The first step in countering the most common human-centric cyber threats is a given for everyone, from individuals to organizations. You must enhance your email security measures.

Tom provides a brief overview of how you can do this.

No. 1 – you need a reliable filtering solution. For Gmail users, there’s already one such solution in place.

No. 2 – organizations should take full advantage of phishing filters. Before, only spam filters existed, so this is a major upgrade in email security.

And No. 3 – you should consider implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and phishing attacks.

Keeping Up With System Updates

Another “technical” move you can make to counter AI-powered human-centric cyber threats is to ensure all your systems are regularly updated. Fail to keep up with software updates and patches, and you’re looking at a strong possibility of facing zero-day attacks. Zero-day attacks are particularly dangerous because they exploit vulnerabilities that are unknown to the software vendor, making them difficult to defend against.

Top of Form

Nurturing a Culture of Skepticism

The key component of the human-centric cyber threats is, in fact, humans. That’s why they should also be the key component in countering these threats.

At an organizational level, numerous steps are needed to minimize the risks of employees falling for these threats. But it all starts with what Tom refers to as a “culture of skepticism.”

Employees should constantly be suspicious of any unsolicited emails, messages, or requests for sensitive information.

They should always ask themselves – who is sending this, and why are they doing so?

This is especially important if the correspondence comes from a seemingly trusted source. As Tom puts it, “Don’t click immediately on a link that somebody sent you because you are familiar with the name.” He labels this as the “Rule No. 1” of cybersecurity awareness.

Growing the Cybersecurity Culture

The ultra-specific culture of skepticism will help create a more security-conscious workforce. But it’s far from enough to make a fundamental change in how employees perceive (and respond to) threats. For that, you need a strong cybersecurity culture.

Tom links this culture to the corporate culture. The organization’s mission, vision, statement of purpose, and values that shape the corporate culture should also be applicable to cybersecurity. Of course, this isn’t something companies can do overnight. They must grow and nurture this culture if they are to see any meaningful results.

According to Tom, it will probably take at least 18 months before these results start to show.

During this time, organizations must work on strengthening the relationships between every department, focusing on the human resources and security sectors. These two sectors should be the ones to primarily grow the cybersecurity culture within the company, as they’re well versed in the two pillars of this culture – human behavior and cybersecurity.

However, this strong interdepartmental relationship is important for another reason.

As Tom puts it, “[As humans], we cannot do anything by ourselves. But as a collective, with the help within the organization, we can.”

Staying Educated

The world of AI and cybersecurity have one thing in common – they never sleep. The only way to keep up with these ever-evolving worlds is to stay educated.

The best practice would be to gain a solid base by completing a comprehensive program, such as OPIT’s Enterprise Cybersecurity Master’s program. Then, it’s all about continuously learning about new developments, trends, and threats in AI and cybersecurity.

Conducting Regular Training

For most people, it’s not enough to just explain how human-centric cyber threats work. They must see them in action. Especially since many people believe that phishing attacks won’t happen to them or, if they do, they simply won’t fall for them. Unfortunately, neither of these are true.

Approximately 3.4 billion phishing emails are sent each day, and millions of them successfully bypass all email authentication methods. With such high figures, developing critical thinking among the employees is the No. 1 priority. After all, humans are the first line of defense against cyber threats.

But humans must be properly trained to counter these cyber threats. This training includes the organization’s security department sending fake phishing emails to employees to test their vigilance. Venicia calls employees who fall for these emails “clickers” and adds that no one wants to be a clicker. So, they do everything in their power to avoid falling for similar attacks in the future.

However, the key to successful employee training in this area also involves avoiding sending similar fake emails. If the company keeps trying to trick the employees in the same way, they’ll likely become desensitized and less likely to take real threats seriously.

So, Tom proposes including gamification in the training. This way, the training can be more engaging and interactive, encouraging employees to actively participate and learn. Interestingly, AI can be a powerful ally here, helping create realistic scenarios and personalized learning experiences based on employee responses.

Following in the Competitors’ Footsteps

When it comes to cybersecurity, it’s crucial to be proactive rather than reactive. Even if an organization hasn’t had issues with cyberattacks, it doesn’t mean it will stay this way. So, the best course of action is to monitor what competitors are doing in this field.

However, organizations shouldn’t stop with their competitors. They should also study other real-world social engineering incidents that might give them valuable insights into the tactics used by the malicious actors.

Tom advises visiting the many open-source databases reporting on these incidents and using the data to build an internal educational program. This gives organizations a chance to learn from other people’s mistakes and potentially prevent those mistakes from happening within their ecosystem.

Stay Vigilant

It’s perfectly natural for humans to feel curiosity when it comes to new information, anxiety regarding urgent-looking emails, and trust when seeing a familiar name pop up on the screen. But in the world of cybersecurity, these basic human emotions can cause a lot of trouble. That is, at least, when humans act on them.

So, organizations must work on correcting human behaviors, not suppressing basic human emotions. By doing so, they can help employees develop a more critical mindset when interacting with digital communications. The result? A cyber-aware workforce that’s well-equipped to recognize and respond to phishing attacks and other cyber threats appropriately.

Related posts

Il Sole 24 Ore: Professors from all over the world for online degree courses with practical training
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Aug 3, 2024 3 min read

Source:

  • Il Sole 24 Ore, Published on July 29th, 2024 (original article in Italian).

By Filomena Greco

It is called OPIT and it was born from an idea by Riccardo Ocleppo, entrepreneur, director and founder of OPIT and second generation in the company; and Francesco Profumo, former president of Compagnia di Sanpaolo, former Minister of Education and Rector of the Polytechnic University of Turin. “We wanted to create an academic institution focused on Artificial Intelligence and the new formative paths linked to this new technological frontier”.

How did this initiative come about?

“The general idea was to propose to the market a new model of university education that was, on the one hand, very up-to-date on the topic of skills, curricula and professors, with six degree paths (two three-year Bachelor degrees and four Master degrees) in areas such as Computer Science, AI, Cybersecurity, Digital Business; on the other hand, a very practical approach linked to the needs of the industrial world. We want to bridge a gap between formal education, which is often too theoretical, and the world of work and entrepreneurship.”

What characterizes your didactic proposal?

“Ours is a proprietary teaching model, with 45 teachers recruited from all over the world who have a solid academic background but also experience in many companies. We want to offer a study path that has a strong business orientation, with the aim of immediately bringing added value to the companies. Our teaching is entirely in English, and this is a project created to be international, with the teachers coming from 20 different nationalities. Italian students last year were 35% but overall the reality is very varied.”

Can you tell us your numbers?

“We received tens of thousands of applications for the first year but we tried to be selective. We started the first two classes with a hundred students from 38 countries around the world, Italy, Europe, USA, Canada, Middle East and Africa. We aim to reach 300 students this year. We have accredited OPIT in Malta, which is the only European country other than Ireland to be native English speaking – for us, this is a very important trait. We want to offer high quality teaching but with affordable costs, around 4,500 euros per year, with completely online teaching.”

Read the full article below (in Italian):

Read the article
EFMD Global: This business school grad created own education institution
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Jul 20, 2024 4 min read

Source:


By Stephanie Mullins

Many people love to read the stories of successful business school graduates to see what they’ve achieved using the lessons, insights and connections from the programmes they’ve studied. We speak to one alumnus, Riccardo Ocleppo, who studied at top business schools including London Business School (LBS) and INSEAD, about the education institution called OPIT which he created after business school.

Please introduce yourself and your career to date. 

I am the founder of OPIT — Open Institute of Technology, a fully accredited Higher Education Institution (HEI) under the European Qualification Framework (EQF) by the MFHEA Authority. OPIT also partners with WES (World Education Services), a trusted non-profit providing verified education credential assessments (ECA) in the US and Canada for foreign degrees and certificates.  

Prior to founding OPIT, I established Docsity, a global community boasting 15 million registered university students worldwide and partnerships with over 250 Universities and Business Schools. My academic background includes an MSc in Electronics from Politecnico di Torino and an MSc in Management from London Business School. 

Why did you decide to create OPIT Open Institute of Technology? 

Higher education has a profound impact on people’s futures. Through quality higher education, people can aspire to a better and more fulfilling future.  

The mission behind OPIT is to democratise access to high-quality higher education in the fields that will be in high demand in the coming decades: Computer Science, Artificial Intelligence, Data Science, Cybersecurity, and Digital Innovation. 

Since launching my first company in the education field, I’ve engaged with countless students, partnered with hundreds of universities, and collaborated with professors and companies. Through these interactions, I’ve observed a gap between traditional university curricula and the skills demanded by today’s job market, particularly in Computer Science and Technology. 

I founded OPIT to bridge this gap by modernising education, making it affordable, and enhancing the digital learning experience. By collaborating with international professors and forging solid relationships with global companies, we are creating a dynamic online community and developing high-quality digital learning content. This approach ensures our students benefit from a flexible, cutting-edge, and stress-free learning environment. 

Why do you think an education in tech is relevant in today’s business landscape?

As depicted by the World Economic Forum’s “Future of Jobs 2023” report, the demand for skilled tech professionals remains (and will remain) robust across industries, driven by the critical role of advanced technologies in business success. 

Today’s companies require individuals who can innovate and execute complex solutions. A degree in fields like computer science, cybersecurity, data science, digital business or AI equips graduates with essential skills to thrive in this dynamic industry. 

According to the International Monetary Fund (IMF), the global tech talent shortage will exceed 85 million workers by 2030. The Korn Ferry Institute warns that this gap could result in hundreds of billions in lost revenue across the US, Europe, and Asia.  

To address this challenge, OPIT aims to democratise access to technology education. Our competency-based and applied approach, coupled with a flexible online learning experience, empowers students to progress at their own pace, demonstrating their skills as they advance.  

Read the full article below:

Read the article