Edelman Hong Kong hosted a cyber-themed webinar focussing on how AI has changed the cyber threat landscape, particularly when it comes to AI-fuelled attacks and disinformation. The session brought together experts with different backgrounds to discuss the challenges of cyber incidents from legal, technical, and communications perspectives. The reflections of these experts emphasise the importance of collaboration across these functions in managing cyber threats.
The rise of AI is transforming the cyber threat landscape, amplifying risks for organisations globally. Organisations now face an increasingly complex web of threats, where traditional cyber risks are compounded and accelerated by AI-empowered technology and tactics. On the one hand, AI is enhancing defensive capabilities and empowering cyber professionals with sophisticated tools to detect and respond to threats. However, it is also arming cybercriminals with new tools to launch more complex and targeted attacks. For example, using AI to identify network vulnerabilities; to generate more sophisticated phishing which is highly tailored to individual targets; and to create AI-generated deepfakes which trick individuals into making fraudulent payments. To mitigate these risks, Kyle Schwaeble, Head of Incident Response APAC at S-RM, suggests that organisations should make use of appropriate AI tools for threat detection and response, thereby enhancing their cybersecurity posture. He also stresses the importance of understanding the unique threat profile presented by each organisation and investing in the right defensive measures.
Wilson Ang, a dispute resolution lawyer and head of the Asia Pacific cybersecurity and data privacy practice at Norton Rose Fulbright, highlighted the increasing sophistication and proactivity of regulators in addressing cyber threats, including those amplified by AI. He noted that the legal landscape is evolving to tackle the related issues of personal data protection, criminal laws targeting online harms, national security issues, and multi-jurisdictional cooperation. This evolution brings with it growing compliance requirements for businesses, as well as higher enforcement risks and increased penalties for non-compliance. He cautioned that organisations must stay abreast of these regulatory changes to mitigate the risks posed by AI-empowered threats and disinformation effectively.
During a cyber incident, the intentional spread of false information, disinformation, can exacerbate the reputational challenges organisations face. Disinformation campaigns, powered by AI, can spread rapidly, sowing confusion and undermining trust. In the context of cyber incidents, disinformation can lead to panic among stakeholders, making it harder for organisations to convey accurate information and maintain control over the narrative when communicating what has happened and where the exposure is. Disinformation generation and amplification has been turbocharged by AI—evolving it into a sophisticated tool that undermines trust and destabilises organisations.
In the context of disinformation, Jennifer Giff, Senior Director of Issues and Crisis at Edelman APAC, highlighted the importance of merging corporate communications with digital marketing techniques, such as audience segmentation and precision targeting, paid amplification and search engine optimisation, to ensure that truthful narratives rise above the noise of false information.
By working closely with IT and security experts, Giff explains that organisations can stay ahead of emerging AI risk areas and effectively manage reputational threats. She outlined that this preparation must include ensuring that organisations are ready to quickly and effectively activate across digital channels. Additionally, Giff advises that internal communications need to be strengthened to inform employees about the risks of deepfake videos and other AI-facilitated false assets, which could be used for phishing or extortion. When a cyber incident does occur, to combat disinformation, she recommends engaging credible third parties, such as regulators or IT consultants, who can help in countering false narratives and building trust in official communications.
In summary, the dynamic interplay between AI and disinformation represents a new era of reputational challenges when managing cyber risks. In this context, an integrated response involving IT, legal and communications experts has become more crucial than ever. With this approach, organisations can better navigate the complexities of cyber threats and protect their reputations in an increasingly digital world.