Blog
Data Security
Artificial Intelligence and Cybersecurity: What Businesses Don't Know

Artificial Intelligence and Cybersecurity: What Businesses Don't Know

AI or artificial intelligence can be used safely by businesses that are concerned about their cybersecurity.

Heff
Updated
June 21, 2024
Posted
June 21, 2024
Cybersecurity
Security Training
Security Tools
Artificial Intelligence and Cybersecurity: What Businesses Don't Know

Matt Heffelfinger "Heff"

This is a placeholder of your CTA form. The form will render when you preview the page.


Artificial Intelligence has been a game changer for many businesses. It can be a great tool for reducing business costs, including automating tedious tasks. Yet, AI also comes with risks that could potentially compromise your business network and customer data.

SecurityMetrics, Inc. Director of Threat Intelligence Matthew Heffelfinger explains, “I’ve encountered a few clients who didn’t know employees were using AI and unknowingly exposing customer data to threat actors. So, while AI can also be used to protect your business with features such as threat identification tools, it can also introduce risk.” 

artificial intelligence can be used in cybersecurity safely.

Let’s take a moment and investigate these risks. 

Learning to Use Artificial Intelligence Safely & Securely in Your Business

Many employees feel pressure to use AI in their current roles and are worried about the longevity of their jobs. In fact, in a recent survey conducted by Inc., 49% of employees reported that they “worry AI will steal their job.” 

Forbes Magazine recently attempted to downplay employee fears by examining which roles and tasks could be feasibly replaced. If we reality-check the claims that AI will replace humans soon, we actually see trends where employees are more desperate to use AI at any cost—out of fear of losing their jobs. This can create more risk for the business, as employees may go rogue. 

It is this desperation that can make for poor cybersecurity efforts or potentially open your network up to an attack.

SecurityMetrics VP of Forensics Aaron Willis shares, “AI is not really replacing people.” Instead, People with AI skills can actually replace those people who don’t have those skills. Leveraging AI can help you get hired and help the business succeed if introduced safely and securely.” Tech and cybersecurity jobs are no exception. 

To level up your business and attract talented staff, it’s vital from a cybersecurity perspective, that you teach your employees how to use AI carefully. 

The good news is artificial intelligence is a helpful tool for businesses, when used safely and securely. AI can provide your employees with chatbots and off-hours customer service tools, and it can offload tedious tasks to ultimately help your business when used correctly. 

Here are some of the problems you can encounter with AI and how to protect your business and employees against these risks: 


AI Can Potentially Leak Your Business Information

Director of SIEM at SecurityMetrics Matthew Heffelfinger frequently discusses helping clients focus on the basics of cyber hygiene and the importance of protecting businesses' “crown jewels,” including proprietary business information. 

Practicing responsible AI usage starts with a well-crafted AI Acceptable Use Policy, which can help inform your employees on how they can safely handle customer data and business intellectual property. 

  • Provide Employees with AI Guidelines and Policies: Without clear guidance on safe AI use, employees may accidentally insert proprietary or confidential information into AI tools, risking exposure.
  • Create Awareness of Safe AI Usage: Employees may not realize that the data they input into AI models could be used to train those models, potentially compromising sensitive information. Once the data is out there, it's out there and never coming back. It is critical that employees know this risk.
  • Emphasize Your Business Data Security Concerns: Employees may also be unaware of where the business data they input into AI models is actually stored (for example, stored in countries that are hostile to the USA). In addition, employees may not know that any business data they input into AI may not be securely handled, stored, or encrypted. 
  • Implement a Solid AI Acceptable Use Policy: if your business needs an example template of an AI acceptable use policy, customized for your sized business, then please call us today for a conversation on your AI governance, risk, and compliance needs. Speak with an expert today if you need help getting started on your AI acceptable use policy. 

Real World Story: According to the recent (May 2024) AI Threat Landscape Report, 77% of businesses Have Faced AI Security Breaches. AI systems can be vulnerable to security breaches, which is why providing employees with some sort of guidelines or a policy can help. The reality is your basic AI cyber hygiene should go beyond compliance to also include opportunities to shore up your defenses in 2024.


Get Started with Shopping Cart Monitor

Start Here



Bad Actors or Threat Actors Can Exploit Your Cybersecurity Using Artificial Intelligence (AI) 

When employees lack proper AI awareness training, threat actors can exploit this lack of guidance and policy. Examples include: 

  • Deepfake Business Awareness: One of the major ways that AI is being used by threat actors has been through the creation of deepfakes. This includes business owner impersonation attacks where a threat actor mimics the voice of an executive in order to trick employees. In fact, one Hong Kong-based company recently paid out 25 million dollars to threat actors who used deepfake technology. 
  • AI Phishing Awareness: Teaching employees how to recognize AI phishing threats can be very helpful. AI is one of the top tools that threat actors are using to craft more convincing phishing attacks. Cisco’s Head of Security believes we are headed for an AI phishing nightmare. AI helps phishing attacks to be more convincing while also increasing the volume of attacks, sophistication, mimicking brands, and adding a new level of legitimacy. In fact, one of the biggest 2024 predictions SecurityMetrics Forensic Analysts made is that “phishing attacks will become much more intricate and sophisticated, to the point where it’s difficult to tell between legitimate and phishing emails.” 
  • Stay Familiar with the Latest Phishing Trends: One of the best ways to create AI phishing awareness is by sharing the latest examples internally with your employees. You can find all the newest AI examples by signing up for the Free SecurityMetrics Threat Intelligence Weekly Threat Feed. In the very first section of the weekly email, you will see the latest AI phishing examples in the news, including smishing, text-based examples, voice phishing, deepfakes, and much more. 

What Can You Do to Use AI Safely & Securely at Your Business?

In addition to creating an AI Acceptable Use Policy, combined with regularly training staff on what they can and cannot use AI for, there are other steps you can take to use AI responsibly within your business.

Here are just a few other areas to consider when it comes to the impact of AI on your business:

Potential Pitfalls when employees have no AI Acceptable Use Policy 

  • Unsecure AI code: Inexperienced IT managers could use unsecure AI code in your business website or eCommerce shopping cart platform - therefore opening new doorways for threat actors to enter your business. Using AI to code your website could introduce vulnerable code. SecurityMetrics developed Shopping Cart Monitor to help identify these new threats.
  • Plagiarism with AI: An inexperienced marketing employee could write a blog for your business using AI that contains intellectual property that was not supposed to be shared with the public. Additionally, using AI to write marketing materials may accidentally include words, grammar, or language taken from unapproved copyrighted sources. Worse yet, any writing that contains untrue statements could harm your brand. This is because AI uses any content ingested into it as a training tool to improve its large language learning model (LLM).  
  • Malicious Employee Using AI: An employee decides to harm the business by creating a deepfake audio of the Business owner containing statements that aren’t true, exposing your company to scrutiny or brand damage. In this real-life example found here, the damage this school encountered took months to investigate and caused irreparable harm to many individuals.

    SecurityMetrics offers Forensic and Incident Response services that can help identify and recover from this sort of risk.

If you have questions on responsible AI use, AI governance, risk, or compliance impact on your business, please reach out today to one of our consultants for more guidance and assistance with your AI needs. 

Join Thousands of Security Professionals and Subscribe

Subscribe


Join Thousands of Security Professionals.

Subscribe Now

Get the Guide To PCI Compliance

Download

Get a Quote for Data Security

Request a Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart Inspect (PCI Req. 11.6.1)Shopping Cart Monitor (PCI Req. 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000