Actionable Insights For CISOs:
1) Upgrade Awareness & Training
-
Update phishing simulations to include realistic, AI-crafted messages and voice/video deepfakes.
-
Train employees that polished language ≠ legitimacy; focus on verifying identity and intent.
2) Strengthen Verification
-
Enforce DMARC/SPF/DKIM and visible identity markers.
-
For financial or sensitive actions, require multi-channel verification (e.g., confirm via phone or chat).
3) Focus on High-Risk Roles
-
Identify roles most targeted by scams (finance, HR, executive support).
-
Provide them enhanced training and add stricter approval workflows.
4) Update Incident Response
-
Add GenAI scam scenarios (voice clone, video impersonation) to your IR playbooks.
-
Ensure clear escalation paths and communication protocols.
5) Deploy Smarter Detection
-
Evaluate AI-based content and communication anomaly detection tools.
-
Monitor for sudden spikes in inbound messages from new or suspicious sources.
6) Build Social & Organisational Resilience
-
Run internal campaigns highlighting emotional-trigger scams (“urgent request,” “help a friend,” etc.).
-
Partner with HR, Legal, and Comms for unified awareness messaging.
7) Rethink Authentication
-
Review biometric and voice verification for deepfake risks.
-
Implement step-up verification for sensitive transactions.
8) Collaborate & Share Intel
-
Engage industry ISACs, peers, and regulators to share scam patterns and defences.
-
Support ethical AI and anti-impersonation legislation efforts.
About Author:
Bruce Schneier is an internationally renowned security technologist, cryptographer, and author, often called a “security guru” by The Economist. He serves as a Lecturer in Public Policy at Harvard Kennedy School and a Fellow at the Berkman Klein Center for Internet & Society.
Bruce has written numerous influential books, including Applied Cryptography, Secrets and Lies, Data and Goliath, and A Hacker’s Mind. He also runs the popular blog Schneier on Security and the newsletter Crypto-Gram.
Throughout his career, he has shaped global conversations on cryptography, privacy, and trust, bridging the worlds of technology and public policy.
Now, let’s hear directly from Bruce Schneier on this subject:
New report: “Scam GPT: GenAI and the Automation of Fraud.”
This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.
AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities whether short-term, like travel, or structural, like precarious employment. This means they require social solutions in addition to technical ones. By examining how scammers are changing and accelerating their methods, we hope to show that defending against them will require a constellation of cultural shifts, corporate interventions, and effective legislation.
By Bruce Schneier (Cyptographer, Author & Security Guru)
Original Link to the Blog: Click Here
Join CISO Platform and become part of a global network of 40,000+ security leaders.
Sign up now: CISO Platform
Comments