AGL 40.00 No Change ▼ 0.00 (0%)
AIRLINK 129.06 Decreased By ▼ -0.47 (-0.36%)
BOP 6.75 Increased By ▲ 0.07 (1.05%)
CNERGY 4.49 Decreased By ▼ -0.14 (-3.02%)
DCL 8.55 Decreased By ▼ -0.39 (-4.36%)
DFML 40.82 Decreased By ▼ -0.87 (-2.09%)
DGKC 80.96 Decreased By ▼ -2.81 (-3.35%)
FCCL 32.77 No Change ▼ 0.00 (0%)
FFBL 74.43 Decreased By ▼ -1.04 (-1.38%)
FFL 11.74 Increased By ▲ 0.27 (2.35%)
HUBC 109.58 Decreased By ▼ -0.97 (-0.88%)
HUMNL 13.75 Decreased By ▼ -0.81 (-5.56%)
KEL 5.31 Decreased By ▼ -0.08 (-1.48%)
KOSM 7.72 Decreased By ▼ -0.68 (-8.1%)
MLCF 38.60 Decreased By ▼ -1.19 (-2.99%)
NBP 63.51 Increased By ▲ 3.22 (5.34%)
OGDC 194.69 Decreased By ▼ -4.97 (-2.49%)
PAEL 25.71 Decreased By ▼ -0.94 (-3.53%)
PIBTL 7.39 Decreased By ▼ -0.27 (-3.52%)
PPL 155.45 Decreased By ▼ -2.47 (-1.56%)
PRL 25.79 Decreased By ▼ -0.94 (-3.52%)
PTC 17.50 Decreased By ▼ -0.96 (-5.2%)
SEARL 78.65 Decreased By ▼ -3.79 (-4.6%)
TELE 7.86 Decreased By ▼ -0.45 (-5.42%)
TOMCL 33.73 Decreased By ▼ -0.78 (-2.26%)
TPLP 8.40 Decreased By ▼ -0.66 (-7.28%)
TREET 16.27 Decreased By ▼ -1.20 (-6.87%)
TRG 58.22 Decreased By ▼ -3.10 (-5.06%)
UNITY 27.49 Increased By ▲ 0.06 (0.22%)
WTL 1.39 Increased By ▲ 0.01 (0.72%)
BR100 10,445 Increased By 38.5 (0.37%)
BR30 31,189 Decreased By -523.9 (-1.65%)
KSE100 97,798 Increased By 469.8 (0.48%)
KSE30 30,481 Increased By 288.3 (0.95%)

ISLAMABAD: The federal government has issued an advisory regarding cyber security threat of ChatGPT, while saying that a breach of around 100,000 ChatGPT user accounts on the dark web through an information stealing malware (Raccoon, Vider, Redline) is reported. The advisory further stated that the report about the breach also highlights one of the major challenges of Al-driven projects (including ChatGPT); the sophistication of cyber-attacks.

The government has suggested precautionary measures and cautious use of ChatGPT (at organizational and individual level).

Globally, many organisations are integrating ChatGPT and other Al-powered APIs into their operational flows/information systems. ChatGPT accounts signify the importance of Al-powered tools along with the associated Cyber risks as it allows users to store conversations. In case of breach, access of a user account may provide insight into proprietary information, area of interest/research, internal operational/business strategies, personal communications and software code etc.

The precautionary measures for users include; (1) Do not enter sensitive data into ChatGPT. If essential, ensure to disable the chat saving feature from the platform's settings menu or manually delete those conversations as soon as possible, (2) Use a malware-free/screened system for ChatGPT. An infected system (with information stealer malware) may take snap screenshots or perform key logging, leading to a data leak, (3) ChatGPT/other Al-powered tools and APIs must not be used by users handling extremely sensitive data. Masking of critical information/ dummy data may be utilized where absolutely essential.

For organizations the precautionary measures include, through best practices, organizations can ensure that ChatGPT is used securely and the data is protected. It is also important to note that Al technology is constantly evolving. The key to protection may be that organizations must stay up-to-date with the latest security trends. Few best practices (but not limited to) are as follows:

(1) Conduct Risk Assessment: Before the use of ChatGPT, conduct a comprehensive risk assessment to identify any potential/exploitable vulnerabilities. This will help organizations to develop a plan to mitigate risks and ensure that their data is protected.

(2) Use Secure Channels: To prevent unauthorized access to ChatGPT, use secure channels to communicate with the chatbot. This includes using encrypted communication channels and secureAPIs.

(3) Mechanism to Monitor Access: It is important to monitor who has access to ChatGPT. A mechanism be ensured that access is granted only to authorize individuals. This can be achieved by implementing strong access controls and monitoring access logs.

(4) Implement Zero-Trust Security: Zero-trust security (an approach that assumes that every user and device on a network is a potential threat) be adopted. This means that access to resources should be granted only on a need-to-know basis followed by strong authentication mechanism.

(5) Train the Employees: Employees be trained on use of ChatGPT and the potential risks associated with its use. The employees do not share sensitive data with chatbot and are aware of the potential threat of social engineering attacks.

Copyright Business Recorder, 2023

Comments

Comments are closed.