ChatGPT and Cyber Risks
Q&A with Zair Kamal Director, Client Development & Cyber Specialist
Morristown, NJ (Nov. 30, 2023) – We’re now seeing breakthroughs in language models such as ChatGPT, due to the availability of computing power required to power them. People are naturally fascinated with how machine learning and AI are able to benefit their lives and businesses. However, with the evolution of new technology comes risk.
In this Question & Answer session, Zair Kamal, Director, Client Development and Cyber Specialist, HSB Canada, provides cyber security insights.
What is ChatGPT?
ChatGPT is a state-of-the-art language generation model developed by OpenAI, capable of understanding and generating human-like text based on a given prompt.
ChatGPT can give a complete and articulate answer to any question that is typed into it. Looking for the world’s best chocolate cake recipe? Type it into ChatGPT and you never need to search Google.
How could a ChatGPT-type AI model cause harm?
Language models such as ChatGPT can be used in the following ways by bad actors:
- Compromising sensitive data: Language models process and store large amounts of data from inputted queries. If employees upload sensitive data and confidential information into the model, data could be hacked, leaked or accidently exposed.
- Re-writing code to develop malware: Language models may be able to deliberately change software code. If applied to an antivirus program, its code could be changed so that it may no longer be able to recognize a virus.
- Preparing phishing emails: Language models may be able to take over the task of preparing a well-written phishing email.
- More efficient information-gathering: Normally, a cyber criminal would conduct manual searches through a target company’s website or social networks. Now criminals could use language models to do these searches, helping them to get faster access to information.
How can businesses protect themselves against increasingly sophisticated attacks?
It takes not just one security measure, but a combination of different lines of defense. It’s important to create several barriers to make it difficult for attackers to penetrate the system or cause damage.
Examples include:
Classify sensitive data:
- Identify and classify your data into different sensitivity levels.
- Clearly define what type of data can be shared with ChatGPT and what should remain confidential.
User training and awareness:
- Educate your team on the importance of data security when using ChatGPT and not to share sensitive information
- Teach them how to recognize and report suspicious activities
Control access to ChatGPT:
- Ensure that only authorized personnel can access and use ChatGPT or related systems
Incident Response:
- Develop a well-defined incident response plan in case of a data breach or misuse.
- This should include communication strategies, investigation procedures, and mitigation steps.
Connect with Zair Kamal on LinkedIn.
About Munich Re
Munich Re is one of the world’s leading providers of reinsurance, primary insurance and insurance-related risk solutions. The group consists of the reinsurance and ERGO business segments, as well as the capital investment company MEAG. Munich Re is globally active and operates in all lines of the insurance business. Since it was founded in 1880, Munich Re has been known for its unrivalled risk-related expertise and its sound financial position. It offers customers financial protection when faced with exceptional levels of damage – from the 1906 San Francisco earthquake through to Hurricane Ida in 2021.. Munich Re possesses outstanding innovative strength, which enables it to also provide coverage for extraordinary risks such as rocket launches, renewable energies, cyberattacks, or pandemics. The company is playing a key role in driving forward the digital transformation of the insurance industry, and in doing so has further expanded its ability to assess risks and the range of services that it offers. Its tailor-made solutions and close proximity to its customers make Munich Re one of the world’s most sought-after risk partners for businesses, institutions, and private individuals. For more information, please visit www.munichre.com.
This article is for informational purposes only and is not intended to convey or constitute legal advice. HSB makes no warranties or representations as to the accuracy or completeness of the content herein. Under no circumstances shall HSB or any party involved in creating or delivering this article be liable to you for any loss or damage that results from the use of the information contained herein. Except as otherwise expressly permitted by HSB in writing, no portion of this article may be reproduced, copied, or distributed in any way. This article does not modify or invalidate any of the provisions, exclusions, terms or conditions of the applicable policy and endorsements. For specific terms and conditions, please refer to the applicable insurance form.
SOURCE: Munich Re