AI: What is It and Why Should I Care?

AI: What is It and Why Should I Care?

From: SANS Security Awareness

Artificial Intelligence (AI) describes systems programmed to think and respond like humans. In fact, we asked the AI solution ChatGPT that very question and got this response.

What is Artificial Intelligence?

Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think and learn like humans. It involves the development of algorithms and computer programs that can perform tasks that typically require human intelligence, such as recognizing speech, understanding natural language, making decisions, and playing games. There are several types of AI, including rule-based AI, expert systems, and machine learning.

What makes AI so powerful is it can simulate the intelligence and reasoning capability of the human mind, but it can analyze exponentially far more information than any human and do it exponentially faster.

The concept of AI is not new. Originally covered in science fiction novels, AI is something that has been in development for decades. The reason you are hearing so much about it now is that for the first time, anyone has the opportunity to interact with and see the true functionality of AI.

ChatGPT, an online-powered AI chat bot, is one of the first publicly available solutions that is able to respond like a real human, passing something called the Turing Test. This test determines a machine’s ability to exhibit intelligent behavior by having a real human interact with the machine through a text- based chat channel. If the human could not tell whether they were interacting with a machine or person, the machine is said to have passed the test. AI solutions today are the first publicly available that do just that.

However, online conversations are just the beginning of what AI can do. There are now AI solutions that can create a video of a person teaching a class in any language, analyze health records and quickly determine who most likely has cancer, create news articles or essays on the topic of your choice, generate images for children’s books, or create code for new computer programs. While AI is not necessarily something to be feared, there are some dangers of which to be aware.

Dangers of Artificial Intelligence

  1. Recreating You: AI solutions can take a recording of a person’s voice – your voice – and then use it to create real-time audio that sounds just like you, saying whatever it wants to impersonate you. So, a cyber attacker could record a phone voice message that sounds like you, tricking your coworkers, your bank, or a family member into thinking you called and asked them to take an action. AI can also do this with pictures or video. Sometimes called Deep Fakes, an AI solution can take an existing picture or video of you and use it to recreate entirely new pictures or videos (including your voice) appearing to show you doing things that you never did.
  2. Wrong Answers: As for the data or answers AI provides, the solutions can be wrong. AI often uses public information from the Internet, and its answers can be influenced by the biases of its developers. While typical search engines are designed to provide you the “best” or most correct answer to your queries, solutions like AI may be designed to give you the most human- like answer. Which is better depends on what you are attempting to achieve.
  3. Not All Equal: With AI becoming the latest hot technology, there are literally hundreds of startup companies now offering different AI services. Many of these want your information or credit card for a trial. Be careful – not all AI services are trustworthy. Do your research before signing up and using an AI service.
  4. Your Privacy: Whenever using or interacting with an AI system, such as when chatting online with ChatGPT, be aware that any information you enter into the system can not only be processed by it but also retained and used to give answers to others. This means if you enter any personal information about yourself or any confidential information from work, that information will be stored and potentially shared with or sold to others. Do not share or enter any information that you consider sensitive, personal, or is confidential at work.

The Future of AI

Artificial Intelligence is still very much in its infancy, similar to where the Internet was twenty to thirty years ago. While we can expect rapid evolution and adoption of AI, it’s very difficult to predict what its impact will be. Just be aware that these capabilities are out there, and when using AI, be very careful what information you enter and share.

How To Dispose Of Your Mobile Device

How To Dispose Of Your Mobile Device

From: SANS Security Awareness

Overview

Mobile devices, such as smartphones, smart watches, and tablets, continue to advance and innovate at an astonishing rate. As a result, you may be replacing a new device as often as every year. Unfortunately, you may not realize just how much personal data are on your devices — far more than your computer. Below we cover the different types of data on your mobile devices and how you can securely wipe your device before disposing or replacing it. If your mobile device was issued to you by work, check with your supervisor about disposal procedures first.

Your Information

Your mobile devices store more sensitive data than you realize, to include . . .

Where you live and work, and your daily travel habits.
The contact details for everyone in your address book, including family, friends, and co-workers. Phone call history including inbound, outbound, voicemail, and missed calls.
Texting or chat sessions within applications like secure chat, games, and social media.
Personal photos, videos, and audio recordings.
Stored passwords and access to your accounts, such as your bank, social media, or email. Health related information, including your age, heart rate, or exercise history.
Financial information including credit cards, payment methods, and transactions.

Erasing Your Device

Regardless of how you dispose of your mobile device, such as donating it, exchanging it for a new one, giving it to someone, reselling it, or even recycling it, first erase all of your sensitive information. Do not assume that the next owner will “do the right thing.” The first step is to back up your device so you can recover and transfer all your data and settings to your new device. Once backed up, you will want to reset your device, as this wipes your data and resets it to factory default. During the reset process you may be prompted to enter your cloud password to break any links with that device to the Cloud; be sure to do this. The reset steps below are for the two most common devices — Apple and Android.

Apple iOS Devices: Settings | General | Transfer or Reset | Erase All Content and Settings.

Android Devices: Settings | System | Reset Options | Erase All Data (these options vary depending on your device manufacturer).

SIM & External Cards

In addition to resetting your device, also consider what to do with your SIM (Subscriber Identity Module) card. This is the little card in your phone issued to you by your phone carrier; it’s what identifies your device and enables it to make a cellular or data connection. When you wipe your device, the SIM card retains information about your account and is tied to you. If you are keeping your phone number and moving to a new device, talk to your phone service provider about transferring your SIM card. If this is not possible, keep your old SIM card and physically destroy it. Many of today’s modern smartphones having something called an eSIM, which is a virtual SIM card as opposed to a physical SIM. The eSIM is wiped during the reset process.

Finally, some Android mobile devices utilize a removable SD (Secure Digital) card for additional storage. Remove these external storage cards from your mobile device prior to disposal. These cards can often be re-used in new mobile devices, or can be used as generic storage on your computer with a USB adapter. If reusing your SD card is not possible, then just like your old SIM card, we recommend you physically destroy it.

If you are not sure about any of the steps covered above, or if your device reset options are different, take your mobile device to the store from which you bought it from and get help. Finally, if you are throwing a device away, consider donating it instead. There are many excellent charitable organizations that accept used mobile devices, and many mobile providers have drop-off bins in their stores to recycle them.

How Cyber Attackers Trick You

How Cyber Attackers Trick You

CYBER ATTACKERS – HOW THEY TRICK YOU

From: SANS Security Awareness

Cyber attackers are constantly innovating ways to trick us into doing things we should not do, like clicking on malicious links, opening infected email attachments, purchasing gift cards or giving up our passwords. In addition, they often use different technologies or platforms to try to trick us, such as email, phone calls, text messaging, or social media. While all of this may seem overwhelming, most of these attacks share the same thing: emotion. By knowing the emotional triggers that cyber attackers use, you can often spot their attacks no matter what method they are using.

It’s all About Emotions

It all starts with emotions. We, as humans, far too often make decisions based on emotions instead of facts. There is, in fact, an entire field of study on this concept called “behavioral economics,” led by researchers such as Daniel Khaneman, Richard Thaler, and Cass Sunstein. Fortunately for us, if we know the emotional triggers to look for, we can successfully spot and stop most attacks. Listed below are the most common emotional triggers for which to watch. Sometimes cyber attackers will use a combination of these different emotions in the same email, text message, social media post, or phone call – making it that much more effective.

Urgency: Urgency is one of the most common emotional triggers, as it’s so effective. Cyber attackers will often use fear, anxiety, scarcity, or intimidation to rush you into making a mistake. Take, for example, an urgent email from your boss demanding sensitive documents to be sent to her right away, when in reality it is a cyber attacker pretending to be your boss. Or perhaps you get a text message from a cyber attacker pretending to be the government informing you that your taxes are overdue and you have to pay now or you will go to jail.

Anger: You get a message about a political, environmental, or social issue that you are very passionate about — something like “you won’t believe what this political group or corporate company is doing!”

Surprise / Curiosity: Sometimes the attacks that are the most successful say the least. Curiosity is evoked with surprise; we want to learn more. It is a response to something unexpected. For example, a cyber attacker sends you a message that a package is undelivered and to click on a link to learn more, even though you did not order anything online. We are enticed to learn more! Unfortunately, there’s no package, just malicious intent on the other side of that link.

Trust: Attackers use a name or brand you trust to convince you into taking an action. For example, a message pretending to be from your bank, a well-known charity, a trusted government organization, or even a person you know. Just because an email or text message uses a name of an organization you know and their logo, does not mean the message actually came from them.

Excitement: You get a text message from your bank or service provider thanking you for making your payments on time. The text message then provides a link where you can claim a reward–a new iPad, how exciting! The link takes you to a website that looks official, but asks for all of your personal information, or says that you need to provide credit card information to cover small shipping/handling costs. This is a cyber attacker who is simply stealing your money or your identity.

Empathy / Compassion: Cyber attackers take advantage of your good will. For example, after a disaster appears on the news, they will send out millions of fake emails pretending to be a charity serving the victims and asking you for money.

By better understanding these emotional triggers, you will be far better prepared to spot and stop cyber attackers, regardless of the lure, technology, or platform they use.

Simple Passwords

Simple Passwords

MAKING PASSWORDS SIMPLE

From: SANS Security Awareness

You are often told your passwords are key to protecting your accounts (which is true!), but rarely are you given a simple way to securely create and manage all your passwords. Below we cover three simple steps to simplify your passwords, lock down your accounts, and protect your future.

-Read More-

Got Backups?

Got Backups?

BACKUP YOUR COMPUTER. EXPERT TIPS.

If you use a computer or mobile device long enough, sooner or later something will go wrong. You may accidentally delete the wrong files, have a hardware failure, or lose a device. Even worse, malware may infect and wipe or encrypt your files. At times like these, backups are often the only way you can rebuild your digital life.

Backups are copies of your information stored somewhere other than on your computer or mobile device. When you lose, or cannot access, valuable data on your device, you can recover your data from backups.

Many of the files we create today are already automatically stored and backed-up in the cloud, such as Microsoft Word documents stored in Microsoft OneDrive, Dropbox, or Google Drive, or personal photos stored in Apple iCloud. But there may be files you create that are not automatically stored in the cloud; or perhaps you want additional backups for personal use.

What, When, and How

The first step is deciding what you want to back up: (1) specific data that is important to you; or (2) everything, perhaps including your entire operating system. Many backup solutions are configured by default to use the first approach and only back up the most commonly used folders. If you are not sure what to back up or want to be extra careful, consider backing up everything.

Second, decide how frequently to back up the data. Built-in backup programs such as Apple’s Time Machine or Windows Backup and Restore allow you to create an automatic “set it and forget it” schedule. Common scheduling options include hourly, daily, and weekly. Other solutions may offer “continuous protection” in which files are immediately backed up as they are edited or saved. At a minimum, we recommend automated daily backups of critical files.

Finally, decide how you are going to back up. There are two ways: local or cloud-based backups. Local backups rely upon devices you physically control such as external USB drives or network accessible devices. The advantage of local backups is that they enable you to back up and recover large amounts of data quickly. The disadvantage is that if you become infected with malware, it is possible for the infection to spread to your backups. Also, if you have a disaster, such as fire or theft, you could lose your backups as well as your computer. If you use external devices for backups, store a copy offsite in a secure location and make sure your backups are properly labeled. For additional security, consider encrypting your backups.

Cloud-based solutions are online services that back up and store your files on the internet. Typically, you install an application on your computer. The application then automatically backs up your files either on a defined schedule or as you modify or save them. Some advantages of Cloud Solutions are their simplicity, automation of backups, and the access to files from almost anywhere. Also, since your data resides in the cloud, home disasters such as fire or theft will not affect your backup. The main disadvantage is the bandwidth it consumes. Your ability to backup and restore depends on how much data you are backing up and the speed of your network. Not sure if you want to use local or cloud-based backups? Be extra safe and use both.

With mobile devices, most of your data such as emails, text messages, or photos you take are automatically stored in the cloud. However, your mobile app configurations, system preferences, and other files may not be stored in the cloud. By automatically backing up your mobile device, not only do you preserve this information, but it is easier to transfer your data when you upgrade to a new device.

Additional Key Points

  • Regularly test that your backups are working by retrieving and opening a file.
  • If you rebuild a system from backup including the operating system, be sure you reapply the latest security patches and updates before using it again.
  • If you are using a cloud solution, select one that is easy for you to use and research the security options. For example, does your cloud backup vendor support two-step verification to secure your online account?

Backups are a simple and low-cost way to protect your digital life.

Charity and Disaster Scams

Charity and Disaster Scams

Cyber criminals know that one of the best ways to rush people into making a mistake is by creating a heightened sense of urgency. And one of the easiest ways to create a sense of urgency is to take advantage of a crisis. This is why cyber criminals love it whenever there is a traumatic event with global impact.

What most of us regard as a tragedy, cyber criminals view as an opportunity, such as the breakout of a war, a major natural disaster such as a volcanic explosion, and of course infectious disease breakouts like COVID- 19.

When there is an immense amount of social media and news coverage about a certain event, cyber criminals know that is the time to strike.

They use this opportunity to create timely phishing emails or scams about the event, and then send that phishing email or launch the scam to millions of people around the world. For example, during a natural disaster, they may pretend to be a charity asking for donations to save children in need. Cyber criminals can often act within hours of a crisis or disaster, as they have all the technical infrastructure prepared and are ready ahead of time. How can we protect ourselves the next time there is a big crisis or disaster, and cyber criminals seek to exploit it?

How to Detect and Defend Against These Scams

The key to avoiding these scams is to be suspicious of anyone who reaches out to you. For example, do not trust an urgent email claiming to be from a charity that desperately needs donations, even if the email appears to be from a brand that you know and trust. Do not trust a phone call claiming to be a local food bank pressuring you to donate. The greater the sense of urgency, the more likely the request is an attack. Here are some of the most common indicators of a charity scam:

  • Be very suspicious of any charity that requires that you donate via cryptocurrency, Western Union, wiring money, or gift cards.
  • Cyber criminals can change their caller ID phone number to make their phone call look like it’s from your local area code or from a trusted name. Caller ID cannot be relied upon these days.
  • Some cyber criminals will use names and logos that sound or look like a real charity. This is one reason it pays to do some research before giving.
  • Cyber criminals will often make lots of vague and sentimental claims about what they will do with your money but give no specifics about how your donation will be used.
  • Some cyber criminals may try to trick you into donating to them by thanking you for a donation you made in the past when, in reality, you never donated to them.
  • Do not assume pleas for help on crowdfunding sites such as GoFundMe or social media sites such as TikTok are legitimate, especially in the wake of a crisis or tragedy.
  • Do not give out personal or financial information in response to any unsolicited request.

How to Make a Difference Safely

To donate in times of need or to help those impacted by a disaster, donate only to well-known, trusted organizations. You initiate the connections and decide who to reach out to, such as what websites to visit or what organizations to call. When you consider giving to a charity, search its name plus words like “complaint,” “review,” “rating,” or “scam.” Not sure which charities to trust? Start by researching on government websites you trust, or perhaps links provided by a well-known and highly trusted news organization. Donating in times of need is a fantastic way to make a difference, just be sure you are giving to legitimate organizations.