AGL 40.00 Decreased By ▼ -0.16 (-0.4%)
AIRLINK 129.53 Decreased By ▼ -2.20 (-1.67%)
BOP 6.68 Decreased By ▼ -0.01 (-0.15%)
CNERGY 4.63 Increased By ▲ 0.16 (3.58%)
DCL 8.94 Increased By ▲ 0.12 (1.36%)
DFML 41.69 Increased By ▲ 1.08 (2.66%)
DGKC 83.77 Decreased By ▼ -0.31 (-0.37%)
FCCL 32.77 Increased By ▲ 0.43 (1.33%)
FFBL 75.47 Increased By ▲ 6.86 (10%)
FFL 11.47 Increased By ▲ 0.12 (1.06%)
HUBC 110.55 Decreased By ▼ -1.21 (-1.08%)
HUMNL 14.56 Increased By ▲ 0.25 (1.75%)
KEL 5.39 Increased By ▲ 0.17 (3.26%)
KOSM 8.40 Decreased By ▼ -0.58 (-6.46%)
MLCF 39.79 Increased By ▲ 0.36 (0.91%)
NBP 60.29 No Change ▼ 0.00 (0%)
OGDC 199.66 Increased By ▲ 4.72 (2.42%)
PAEL 26.65 Decreased By ▼ -0.04 (-0.15%)
PIBTL 7.66 Increased By ▲ 0.18 (2.41%)
PPL 157.92 Increased By ▲ 2.15 (1.38%)
PRL 26.73 Increased By ▲ 0.05 (0.19%)
PTC 18.46 Increased By ▲ 0.16 (0.87%)
SEARL 82.44 Decreased By ▼ -0.58 (-0.7%)
TELE 8.31 Increased By ▲ 0.08 (0.97%)
TOMCL 34.51 Decreased By ▼ -0.04 (-0.12%)
TPLP 9.06 Increased By ▲ 0.25 (2.84%)
TREET 17.47 Increased By ▲ 0.77 (4.61%)
TRG 61.32 Decreased By ▼ -1.13 (-1.81%)
UNITY 27.43 Decreased By ▼ -0.01 (-0.04%)
WTL 1.38 Increased By ▲ 0.10 (7.81%)
BR100 10,407 Increased By 220 (2.16%)
BR30 31,713 Increased By 377.1 (1.2%)
KSE100 97,328 Increased By 1781.9 (1.86%)
KSE30 30,192 Increased By 614.4 (2.08%)

ISLAMABAD: The federal government has issued an advisory regarding cyber security threat of ChatGPT, while saying that a breach of around 100,000 ChatGPT user accounts on the dark web through an information stealing malware (Raccoon, Vider, Redline) is reported. The advisory further stated that the report about the breach also highlights one of the major challenges of Al-driven projects (including ChatGPT); the sophistication of cyber-attacks.

The government has suggested precautionary measures and cautious use of ChatGPT (at organizational and individual level).

Globally, many organisations are integrating ChatGPT and other Al-powered APIs into their operational flows/information systems. ChatGPT accounts signify the importance of Al-powered tools along with the associated Cyber risks as it allows users to store conversations. In case of breach, access of a user account may provide insight into proprietary information, area of interest/research, internal operational/business strategies, personal communications and software code etc.

The precautionary measures for users include; (1) Do not enter sensitive data into ChatGPT. If essential, ensure to disable the chat saving feature from the platform's settings menu or manually delete those conversations as soon as possible, (2) Use a malware-free/screened system for ChatGPT. An infected system (with information stealer malware) may take snap screenshots or perform key logging, leading to a data leak, (3) ChatGPT/other Al-powered tools and APIs must not be used by users handling extremely sensitive data. Masking of critical information/ dummy data may be utilized where absolutely essential.

For organizations the precautionary measures include, through best practices, organizations can ensure that ChatGPT is used securely and the data is protected. It is also important to note that Al technology is constantly evolving. The key to protection may be that organizations must stay up-to-date with the latest security trends. Few best practices (but not limited to) are as follows:

(1) Conduct Risk Assessment: Before the use of ChatGPT, conduct a comprehensive risk assessment to identify any potential/exploitable vulnerabilities. This will help organizations to develop a plan to mitigate risks and ensure that their data is protected.

(2) Use Secure Channels: To prevent unauthorized access to ChatGPT, use secure channels to communicate with the chatbot. This includes using encrypted communication channels and secureAPIs.

(3) Mechanism to Monitor Access: It is important to monitor who has access to ChatGPT. A mechanism be ensured that access is granted only to authorize individuals. This can be achieved by implementing strong access controls and monitoring access logs.

(4) Implement Zero-Trust Security: Zero-trust security (an approach that assumes that every user and device on a network is a potential threat) be adopted. This means that access to resources should be granted only on a need-to-know basis followed by strong authentication mechanism.

(5) Train the Employees: Employees be trained on use of ChatGPT and the potential risks associated with its use. The employees do not share sensitive data with chatbot and are aware of the potential threat of social engineering attacks.

Copyright Business Recorder, 2023

Comments

Comments are closed.