AI-Based Attacks , Artificial Intelligence & Machine Learning , Fraud Management & Cybercrime
Beyond Phishing: AI's New Tricks for Cyberattacks
Paramount's Surinder Lall on AI Impersonation, Deepfakes, AI Governance FrameworksArtificial intelligence has become a game changer for businesses and cybercriminals alike, and AI-powered impersonation techniques have become a formidable challenge for organizations. While phishing emails have traditionally been an easy way into corporations, "AI is now bypassing these defenses," said Surinder Lall, senior vice president of global information security risk management at Paramount, and CyberEdBoard member, referring to the conventional security training that focuses on spotting bad spelling, logos and suspicious email addresses.
See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation
The implications of these AI-powered impersonation techniques extend beyond email phishing. Voice synthesis is also used to impersonate colleagues, and there are cases of deepfakes in video calls leading to unauthorized cash transfers, Lall said.
To combat these sophisticated threats, Lall cautioned enterprises to take a measured approach to AI adoption. "Build an internal system, or build a system where you know where the data is going, and there is appropriate role-based access control ... Otherwise, you should prepare yourself for the day it ends up in the public domain," he said.
In this video interview with Information Security Media Group at Cybersecurity Summit: London, Lall also discussed:
- Strategies for developing adaptive AI governance frameworks;
- The hidden risks of third-party AI tools and potential data exposure;
- Why physical verification might make a comeback in the age of digital deception.
As part of Paramount's information security leadership, Lall safeguards its assets. He has worked in companies such as Viacom and Elsevier Science, and he founded The Neurodiversity Network and AI Ethics and Policy Think Tank. He is a board member of U.K. Government Cyber Security Advisory and a CyberEdBoard member.