On July 14, 2023, the Canadian Centre for Cyber Security published a guidance document (the Guidance) on the potential risks associated with generative artificial intelligence (AI) and possible mitigation measures for organizations and individuals.
The Guidance describes generative AI as a type of AI tool that is fed large datasets and models features based on this information to create new content, such as texts, images, audio, or software code. The Guidance warns that, while generative AI may have a significant impact in several industries, this technology brings its own dangers by enabling threat actors to conduct more effective cyber attacks. Notably, the Guidance referenced the following risks:
To mitigate these risks, the Guidance suggests that organizations take necessary precautionary steps, such as implementing authentication mechanisms (e.g., multi-factor authentication) to prevent unauthorized access to its data, keeping up-to-date with IT equipment and patches, and training employees on how to handle social engineering attacks in the workplace. The Guidance also advises individuals seeking to protect their personal data from phishing attacks to ensure that they carefully review online content to verify the source, implement proper cyber security hygiene (e.g., use strong passwords), and limit exposure to possible compromise by reducing the amount of personal information posted online.
For organizations that are considering using generative AI, the Guidance lists key security protections that should be implemented in daily practice for the generation of trusted content, including that organizations establish generative AI usage policies, ensure that the datasets used for training their AI systems are from a trusted source, and choose vendors with robust security practices.
Summary By: Imtiaz Karamat
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.