Perry Carpenter is the Chief Evangelist for KnowBe4 Inc., a popular Security Awareness Training and Simulated Phishing platform provider.
While the majority of security incidents still result from human error, cyber threats continue to grow in number and severity. The time has come for organizations to prioritize security training in order to foment (yes, as in “ferment”) a security culture that significantly reduces the likelihood of security incidents.
Even though organizations strive to provide employees with personalized and current security training, security programs can occasionally be dull.
Large language models (LLMs or generative AI) that are readily available, such as Google’s Bard and ChatGPT, offer intriguing new opportunities for security training. Let’s examine five ways security teams can leverage LLMs to enhance their security training efforts.
1. Enhancing Personalization
Employees’ security maturity levels vary, necessitating diverse training requirements. Unfortunately, the majority of training programs are standardized and, as a result, do not provide an effective or engaging learning environment.
By utilizing LLMs, organizations can deploy chatbots and virtual assistants that can provide employees with personalized and interactive learning experiences. LLMs are capable of analyzing an employee’s job function, risk exposure, and security knowledge in order to deliver relevant and coherent content. Due to this level of customization, employees are able to comprehend training concepts more thoroughly and feel more culturally connected and invested in the learning process.
2. Social engineering scenario development
Phishing, a sneaky form of social engineering, is a popular initial access vector that threat actors use to exploit users, get past security measures, and establish a presence in the victim’s environment. To mitigate this risk, organizations must conduct regular phishing exercises to train employees to identify social engineering and phishing schemes.
Using LLMs, security teams can create more convincing phishing exercises based on prevalent topics (in sports, pop culture, politics, etc.) as a means of anticipating the types of social engineering themes that users are likely to encounter given the news cycle. In addition, LLM chatbots can be programmed to analyze individual employee responses in real-time, provide cues or nudges along the way, and provide customized feedback based on the user’s performance.
3. Creating And Refreshing Multilingual Content
I believe that one of the most remarkable aspects of LLM graduates is their exceptional language abilities. Utilizing LLMs, security teams can create content, research examples, and explain security metaphors and analogies in a more digestible manner for users.
Historically, it has been challenging to translate and maintain training materials in multiple languages. Using AI, security teams can expedite the translation of their training courses into multiple languages. For the time being, it is advantageous to have someone validate the translation to ensure that it appears authentic and localized.
4. Making training more collaborative and interactive
Numerous organizations erroneously design training programs as one-way streets. They are aware of the skills they want their employees to acquire, but they do not take the time to comprehend the employees’ abilities or circumstances. Consequently, the training is frequently ineffective, and the employees receive no benefit.
LLMs can be programmed to simulate conversations and guide users through the completion of a task, making training more interactive overall. If an employee is unable to comprehend a piece of content or a concept, the LLM can rephrase the term and provide additional contextual examples. Employees can also access on-demand training sessions (such as a session on password best practices), enabling them to study at their own pace and convenience.
5. Monitoring And Reporting Training Success
Learning management systems can be incorporated into existing infrastructure, including email gateways, network monitoring tools, phishing simulation systems, and learning management systems. Then, they can assist in transforming raw data into actionable insights by identifying training trends, patterns, and insights, such as an executive summary on training progress and completion, the overall security maturity of employees, how phish-prone the business is, which users require additional training, and how training reduced phishing incidents.
This functionality is particularly beneficial for business teams seeking to make data-driven decisions and security teams seeking to demonstrate training progress and efficacy to leadership.
6. Realizing The Downsides Of AI
It is essential to recognize that utilizing LLMs for cybersecurity training can have some drawbacks. To begin with, they are prone to “hallucinations,” which are defined as fabricating answers with apparent conviction.
In addition to arbitrarily spitting out incorrect answers, these AI models scrape the internet to collect data for learning; as a result, it is impossible to predict whether confidential or sensitive information entered by a user will be exposed. The potential for intellectual property and copyright risks, cyber fraud, and consumer protection risks is undeniable.
Legal and compliance executives must evaluate their organization’s exposure to these risks and implement the controls necessary to mitigate them. Failure could result in legal, reputational, and financial consequences for businesses.
7. Taking A Considerable Approach To AI
The preceding list of AI applications is by no means exhaustive. There are additional prospective applications where LLMs can be utilized. LLM tools, for instance, can be purpose-built to regularly disseminate cybersecurity risks to employees and stakeholders or to continuously and actively test employees using social engineering techniques. AI can also be used to provide post-training support to employees by providing refresher courses and answering their queries.
Such a personalized, interactive, and collaborative approach to training can improve your organization’s security knowledge and impart a sense of accountability and responsibility. This can help strengthen the organization’s overall security ethos, making it more resistant to security threats and breaches over time.