AI Aids Cyber Crime, Elevates Need for Vulnerability Management and Employee Training

AAFCPAs would like to make clients aware that leading U.S. intelligence officials recently presented on the elevated risk of cybercrime, hacking, and money laundering stemming from the rise in artificial intelligence (AI). At the International Conference on Cyber Security at Manhattan’s Fordham University, Rob Joyce, Director of Cybersecurity at the National Security Agency, touched on ways in which AI advancements have made it easier for hacking operations to mislead audiences.

The FBI also noted a rise in cyber intrusions because AI lowers technical barriers. This makes it easier for scammers to write more convincing emails free of spelling and syntax errors, create phishing campaigns, write malicious code, generate deepfake videos and images, create fraudulent apps, and tap into private data. AI may also be used to open accounts on mass scale, clone voices, send enhanced robocalls, and support financial crimes. While the news cycle might make it appear as if events are isolated and infrequent, cyberattacks and breaches are daily occurrences.

As AI advances in both capability and use making it incrementally easier to compromise accounts and networks, the risk of inaction grows. Breach can lead to obvious impacts on customer trust along with the cost involved in managing the outcome, fines where data was not properly protected, and reputational issues as word spreads. The Department of Health and Human Services’ Office of Civil Rights publishes an extensive Wall of Shame that details any reported breach affecting more than 500 individuals.

Unfortunately, there is no silver bullet that can safeguard data for extended periods of time. This is because hackers and cybersecurity experts are often locked in a constant race: bad actors seek to develop new ways into organizations, and security professionals seek to improve scanning and detection technology to identify and address weaknesses. For this reason, security should be a constant and ongoing consideration.

AAFCPAs advises that clients assess their cybersecurity and AI policies, provide employee training on new risks as they arise, and conduct monthly vulnerability scans as a minimal best practice. Through our vulnerability management services, we look to stay ahead of gaps that may appear in software and could be exploited by hackers. A monthly cadence allows us to routinely find and report on exposed areas, so internal or outsourced IT providers can address the risks, such as ensuring necessary patches are applied. If significant vulnerabilities are uncovered, more work may be necessary to build the proper safeguard.

While this process is critical to mitigating cyber risk, decision makers are sometimes reluctant to devote resources to such preventive measures. The executive team should be aware that the impact of even a minor breach may be significant, and risk can be mitigated with the right approach.

AAFCPAs’ IT Risk/Cyber Security Assessments help companies understand where strengths and weaknesses are in their environment and which pathways will be most effective to guard against a breach. We believe the risk of a breach—and its potential economic fallout—must be considered as part of the overall business picture. With a full assessment in hand, the management team can make more informed decisions about when and how to allocate resources to create a tighter IT infrastructure.

If you have questions about our approach to cybersecurity, please contact Vassilis Kontoglis, Partner, Analytics, Automation & IT Security at 774.512.4069 or vkontoglis@nullaafcpa.com, Mr. Anderson, MCSE, CCNP, CISSP, CEH, Certified Ethical Hacker at 774.512.4066 or manderson@nullaafcpa.com—or your AAFCPAs Partner.