Generative Artificial Intelligence (GenAI) tools are quickly becoming an integral part of the modern work environment, fulfilling a range of professional tasks from drafting a report to analysing spreadsheets, amongst others. A global Kaspersky survey found that 95% of C-suite respondents are aware that GenAI tools are used within their organizations with more than half (59%) being concerned about the risks of employees inadvertently leaking sensitive information when using AI. Kaspersky experts give advice how organizations can use GenAI tools in a risk-adverse way.
“GenAI tools are enabling employees to become more productive as the technology assists with data analysis and routine tasks. Yet, many people are using AI without proper authorization from their employer,” says Vladislav Tushkanov, Machine Learning Technology Group Manager at Kaspersky. “This could hold significant risks for the organization. For instance, data leakage remains a significant concern. Furthermore, employees can get and act upon wrong information as a result of ‘hallucinations.’ This is when large language models present false information in a confident way. These hallucinations can be especially dangerous when GenAI is used to provide advice on how to complete certain work functions.”
Addressing this challenge is now a business imperative. Another Kaspersky survey has revealed that 40% of respondents from the UAE now see AI as a team member at work. Adding complexity to this is how effectively malicious users have adopted GenAI tools to create more convincing social engineering attacks to target individuals. For instance, drafting personalized phishing emails; generating deepfakes that contain realistic audio, video, or text content that impersonates people; and even propagating disinformation campaigns that can influence public opinion or obscure the truth.
“This does not mean that organizations should block GenAI completely. Instead, decision-makers must conduct a comprehensive risk assessment to understand which parts of the daily business routine can be automated with GenAI tools without adding to the threat level facing the business,” says Tushkanov.
Through this, organizations can adopt a centralized approach when it comes to GenAI adoption. Such a service can then be provided via an enterprise account with a cloud provider while ensuring all the necessary safeguards are in place. These can include monitoring for potential personally identifiable information in messages as well as oversight. Organizations should also educate employees on the acceptable use of GenAI and the proper, company-managed, ways of accessing them.
By understanding the benefits and risks of using GenAI and ensuring the necessary security measures are in place to mitigate any potential dangers, organizations can significantly improve employee productivity while also increasing job satisfaction. General rules for employees should include not disclosing confidential data to AI tools; not relying on their advice for any critical use case; verifying information; remembering that data provided to a chatbot can leak. And that all computers and servers running large language model (LLM) based systems are protected with up-to-date security tools.
“Simply banning tools like ChatGPT and other solutions might be not the best option. GenAI can be used positively by finding the balance between too much and too little caution. More broadly, partnerships between the public and private sector can see GenAI becoming a critical enabler to help drive business growth, enable more resources spent on innovation, and adequately manage risk,” concludes Tushkanov.
For more insights about addressing the cybersecurity risks of LLM-based systems, join Kaspersky’s upcoming webinar with Vladislav Tushkanov, taking place on Wednesday, 09 October 2024 at 11h00 CEST. Register here.