When it Comes to Cybersecurity, ChatGPT Needs to Go Back to the Drawing Board
Universities present complex technology environments as they embody decentralized technologies and support various user communities, which include employees, faculty, students, alumni, and visitors. As such, cybersecurity incidents are inevitable in such environments. Artificial intelligence (AI) tools such as ChatGPT are increasingly becoming popular for pinpointing cybersecurity risks. However, our experience working with universities shows that ChatGPT is limited to learning from historic, broadly generalized public sources, lacking context and a refined perspective of the risks faced by universities.
The Top Causes of Cybersecurity Incidents on College Campuses
ChatGPT identified six common risks that commonly occur in universities. These are phishing attacks, weak passwords, unsecured Wi-Fi networks, outdated software and hardware, insider threats, and human errors. While all of these causes are valid examples of cybersecurity risks, our experience shows that some of them are not necessarily the top risks that we see.
Phishing Attacks
Phishing involves criminals sending emails or messages that appear to be from a trusted source. They trick unsuspecting users into revealing sensitive information such as their passwords or downloading malware. Unfortunately, phishing remains one of the top causes of cyber incidents on university campuses. This is because colleges are home to a large number of potential victims who may be less experienced in identifying and avoiding these types of attacks.
Weak Passwords
Using weak passwords makes it easier for hackers to gain access to sensitive information. For instance, students and staff may use the same password across multiple accounts or fail to change their passwords frequently, making them vulnerable to such attacks. To address this issue, many universities are implementing multi-factor authentication (MFA) solutions, which relieve the burden on passwords as the only means of identification, resulting in a decreased risk of successful attacks by compromising user accounts.
Unsecured Wi-Fi Networks
Unsecured Wi-Fi networks can be an easy target for cybercriminals. Hackers can easily intercept unencrypted data transmissions and gain access to sensitive information such as usernames and passwords. However, many universities have deployed secure Wi-Fi networks for students, staff, and faculty to utilize for access to their school's network, as well as providing guest networks that visitors must register to use.
Outdated Software and Hardware
Keeping all software and devices updated with the latest software versions can be a substantial challenge, especially in a complex environment such as a university. To offset this risk, universities are implementing managed detection and response (MDR) tools to monitor and detect threats that would otherwise take advantage of these vulnerabilities.
Insider Threats
Insider threats refer to cyber attacks perpetrated by individuals who have authorized access to a system or network. Faculty and staff often overshare either to be helpful or by accident, such as hidden rather than deleted data in workbooks, or even through careless misuse of step-saving tools, such as mail merging functionality.
Human Error
Many cybersecurity incidents on college campuses are the result of human error. Students and staff may unknowingly download malware or fall victim to phishing scams if they are not aware of the risks and how to avoid them. It is critical to have a robust cybersecurity awareness and training program to ensure all users have the tools they need to identify, prevent, and report potential risks.
Conclusion
While ChatGPT and other AI platforms are useful tools in identifying cybersecurity risks, their current limitations indicate that they cannot take over the jobs of security professionals anytime soon. Universities should ensure they have robust security measures in place to minimize the risks of cybersecurity incidents.
