The ChatGPT AI chatbot could be a gamechanger in the cybersecurity, experts say

From the surgical debugging of programming code, to instantly writing an entire block of functional code, and the stopping of cybercriminals, OpenAI’s newly launched popular ChatGPT AI chatbot is changing the game and its capabilities are virtually limitless. And not just in IT.

It has only been around since 30 November last year, but in just a few months it has already been discovered by millions of people around the world. We are talking about an artificial intelligence platform able to answer any question and help with various problems. ChatGPT can answer any general question; write letters, poems, and articles; and even debug and write programming code.

How the ChatGPT AI robot works

This conversational chatbot, backed also by the well-known visionary Elon Musk, who has been involved in AI for years, was developed by OpenAI. ChatGPT is designed to interact with humans in an entertaining way and answer their questions using natural language, which has made it an instant hit among professionals as well as the general public. It works by analysing huge amounts of text. Most of the texts were sourced from the internet, but the chatbot is currently not connected online, which means it won’t tell you the result of yesterday’s Sparta vs Pardubice game. It sees the interaction with the user in context, and hence it can tailor its response to be relevant to the situation. In this way, everyone can learn something.

Experts even suggest that the AI chatbot has the potential to replace the Google search function in the future: “Another very promising feature is its ability to write programming code in any user-selected programming language. This helps developers work on and debug their code, and it helps experts secure their systems,” points out Petr Kocmich, the Global Cyber Security Delivery Manager at Soitron.

How ChatGPT can be used by developers

Today, writing code is not a problem for ChatGPT. What is more, it is absolutely free. On the other hand – at least for now – it is advisable to avoid having the chatbot generate complete codes, especially those that are linked to other codes. The current form of the platform is still in the early stages of development, so it is naive for programmers to expect it to do all the work for them. Having said that, coders and developers can still find the tool useful.

They can use it to find bugs in the code they have written. And they can also finetune a problematic code they had spent long hours writing. ChatGPT can help find a bug or a potential problem, and it can offer a possible solution to end those sleepless nights. Its ample computing power saves hours of debugging work and can even help develop source code to test the entire IT infrastructure.

There are some risks

Without much exaggeration, it could be said that ChatGPT can turn anyone into a cybercriminal, making it easier to carry out a ransomware, phishing, or malware attack. It may seem that the AI robot just needs to be asked to “generate the code for a ransomware attack” and then you just wait for the result. But, as Kocmich points out, it’s fortunately not that easy: “Conversations are regularly checked by AI trainers, and responses to this type of query, as well as other potentially harmful queries, are restricted by ChatGPT. Actually, the chatbot responds by saying that it does not support any illegal activities.”

On the other hand, even if it evaluates a question to be potentially harmful and thus refuses to give an answer, this does not necessarily mean that people can’t get to the answer some other way. “The problem with these safeguards is that they rely on the AI recognizing that the user is trying to generate malicious code; however, the true intent may be hidden by rephrasing the question or breaking it into multiple steps,” says Kocmich. Moreover, nobody can guarantee that some other similar AI robot would not refuse to answer such a question.

What to think about ChatGPT


As is often the case, there are two sides to every coin. While AI bots can be exploited by cybercriminals, they can also be used to defend against them. In the meantime, coders could gradually turn into “poets”. They would tell the AI chatbot that they need to write such-and-such a code that does this and doesn’t do that, or describe the same in a case study, and then they just wait for the AI bot to generate the code.

“Already, ChatGPT is being used by security teams around the world for defensive purposes such as code testing, reducing the potential for cyber-attacks by increasing the current level of security in organizations, and training – such as for increasing security awareness,” says Kocmich, adding in the same breath that we should always bear in mind that no tool or software is inherently bad until it is misused.

As Global Cyber Security Delivery Manager, Petr Kocmich helps fulfil Soitron’s vision for cybersecurity

A significant increase in sophisticated and devastating attacks proves that corporate cyber protection must change. This is why Soitron’s security team was recently strengthened with the arrival of Petr Kocmich. His strategic role as Global Cyber Security Delivery Manager is to develop, connect, and systematically leverage Soitron’s security teams in all seven countries where the company operates.

An experienced and respected security expert, Petr Kocmich arrived at Soitron from Anect, where he had worked as a senior security architect and business consultant for the previous four years. He had previously gathered experience for ten years at BlueLink International (Air France – KLM Group). Combined with years of experience on the supplier side, Kocmich’s experience in the enterprise environment has helped him gain a deeper understanding of internal and external customers and how to meet their requirements. In his career, he has worked in technical and managerial positions: service desk coordinator, ICT system and telco administrator, ITOPS team leader, security workstream manager, group IT security manager, and senior security architect. He has been working in cyber security for eleven years and in IT for nineteen years. He graduated from the Czech Technical University in Prague with a major in telecommunications and data networks. In his leisure time he loves to travel and study. Besides modern technologies, his hobby is also cars.

Virtual teams and competence sharing

Kocmich is part of a newly created department that brings together and develops security teams from seven countries across the Soitron Group to help reduce and prevent the impact of cyberattacks in enterprises.

One of his visions is to bring together the security teams in individual countries to form virtual teams. The Soitron Group will thus be able to benefit from shared competences and combined global experience with specific concepts and technologies. It will be able to optimize cybersecurity capacity management across the group.

“With combined international competence, we want to offer our customers more relevant services and state-of-the-art solutions. We are helping customers build their businesses and make it safer, more stable, and more profitable, further cementing our position as a system and security integrator,” says Kocmich.

A superior security portfolio

An integral part of providing relevant security services and solutions is the constant mapping and testing of security technologies in the market, allowing Soitron to select the best ones for its portfolio.

“This necessarily includes activities related to compiling and maintaining an ideal security portfolio as well as the establishment of strong new regional relationships with vendors and distributors,” adds Kocmich.

Soitron as a business partner

“I think that firstly we need to understand the business of our customers and thus become primarily their business partners. Only then can we start talking about concepts, architecture, and ultimately specific technologies,” adds Kocmich.

Global Cyber Security Delivery Manager

“This position has one more very important interpersonal and communication task. It is an effort to nurture and develop interpersonal and team relationships, clean communication channels, and generally contribute to problem-free operations. In an international team, this task is all the more important because we work in a multicultural environment. My task is to identify and address small mishaps before they grow into difficult problems,” adds Kocmich.

“Our newly defined vision leads to stronger protection against cyber threats and the flexible use of existing security competences within the Soitron Group. Security is our priority, and we are ready to invest in it. We are very happy to have acquired such an important reinforcement as Petr Kocmich, who will expand our team and bring his valuable experience,” says Ondrej Smolár, the CEO of the Soitron Group.

A secure home office

Many employers offer home office as one of the benefits. However, during the COVID-19 pandemic, working from home has become a day-to-day reality for many people. Although this type of work brings many benefits to both employees and employers, it also poses an inherent risk. Cyber security turns out to be one of the main threats.

For hackers, computers and other devices outside the protected corporate network are usually an easier target to attack. There are several reasons for this which will be explained in this article. We will also offer measures which will make it much harder for hackers to do what they please. As a result, you will be able to better protect your devices from malicious attacks.

What are the main risks we should focus on?

  • An unsecured home network and Wi-Fi – Many employees working from home use their home network to connect to the internet and to their employer’s network. Hackers can attack an insufficiently secured network and gain access to network devices, sensitive business data, and even your personal data.
  • Email attacks – Many attackers send phishing emails to gain access to sensitive data, services, and devices. They usually try to win the employee’s trust and thus lower their guard when checking the legitimacy of an email message and what it asks them to do (such as open an attached file, click on a link, or enter sensitive information).
  • Use of private devices for work – Many employees use their personal devices for work and vice versa. It is also not uncommon for employees to copy business data to their personal devices to work on it. In the event of a successful attack or a loss of their device, they expose (often sensitive) business data – and therefore their employer – to risk.

How to protect yourself

Secure your home network – We recommend the following:

  • never use the default passwords on your home router or other network devices
  • use a WPA2 or WPA3 encryption protocol to secure your Wi-Fi
  • turn off WPS on your router
  • disable remote administrator access to the router from the internet (WAN)
  • if you are a tech-savvy person, you can set network access only to predefined devices based on their MAC address

Beware of phishing – When receiving emails, check the actual sender and pay attention to any grammatical or factual errors in the text, or presence of suspicious attachments or links. If you need to share sensitive data, use email encryption. Email encryption technology is usually chosen and provided by your employer.

Use multi-factor authentication – Multi-factor authentication means that a combination of “different factors” is required to log in – i.e. a combination of something you know (such as a login, password, or PIN), something you possess (such as a phone or a card), and something that is a part of you (such as your voice or a fingerprint). Even though this is somewhat less convenient, this type of security is a very effective protection against attacks. Use it wherever possible or where it makes sense.

Use strong passwords – We have written an article about passwords, but here is a summary of the basic tips.

  • Create passwords including characters, numbers, and uppercase and lowercase letters.
  • Do not use a single password for multiple accounts.
  • Use a password manager.

Use secure applications to communicate – Instead of SMS or social networks, use secure applications to communicate with your colleagues and clients. The same applies to video conferencing applications. A suitable technology should usually be chosen and provided by your employer. If this is not the case, try to reach out to them. After all, this is also in your employer’s interest.

Encrypt your data – Encryption is the process of encoding information into a code that can only be deciphered by those who know the encryption key or the password – i.e. company staff and other authorized people. As a result, the attacker will not be able to make sense of the information even if they get access to the data. This applies to all data – what you transmit (send and receive) as well as what you store on your devices.

Use an antivirus software – Your employer usually provides an antivirus solution to protect your device. If you use your personal device for work, you need to protect it. Use updated antivirus software.

Don’t let your family use your business computer – Remember that your business device contains sensitive data, and if it is compromised it can become a gateway for hackers into your employer’s network.

Respect company policies – Report any unusual behaviour of your business devices to the IT department and follow the basic cyber hygiene rules, such as keeping your operating system, antivirus software, and web browser updated and regularly scanning your device for malware. Common security rules include measures such as:

  • using a corporate VPN to securely connect to an employer’s protected network
  • only using software approved by your employer
  • not using your business device to visit unknown or suspicious websites
  • not using business devices for personal purposes

Use the data store provided by your company – All documents or data you work with should be stored safely. Often this is a cloud or centralized repository kept by your employer. As a result, the company can better manage data access, protection (encryption), and backup. At the same time, this reduces the likelihood of employees copying files to their personal devices.

Set up an automatic screen lock – Set your screen to lock automatically. This is another simple way to protect your company’s data.

Advice for employers

  • Only allow employees to connect to your corporate network through a VPN.
  • Introduce a password policy so that your employees use strong and secure passwords.
  • Implement multi-factor authentication to access your company’s most sensitive data (or wherever it makes sense).
  • Set inactive connection timeouts for applications working with sensitive company data. Employees do not always log out on their own.
  • Only allow employees access to the data they need to perform their work.
  • Use encryption on all corporate devices.
  • Make sure all your web applications use HTTPS.
  • Use all available instruments to secure employee communication (email, messaging, and video conferencing).
  • Monitor your suppliers and service providers.
  • Create and provide employees with a secure centralized data repository.
  • Create a set of corporate security policies and rules for employees and make sure that employees become familiar with them.
  • Train your employees on cybersecurity regularly.

5 tips how to secure your account

SORRY, BUT YOUR PASSWORD MUST CONTAIN…

Creating a password doesn’t sound like a difficult task, but sometimes it is. We often make fun of websites asking us to use strong passwords. Use longer password, use at least 1 numerical character, use at least one symbol, one upper case character,… But it’s for a reason. Weak passwords play a huge role in any hack. If you’ve been using a date of your birthday or your dog’s name as a password to access your bank account since you’ve been 18, let us tell you this is not safe.

PASSWORD HABITS THAT MAY PUT YOU AT RISK

Managing passwords is not only important for individuals but the responsibility falls on businesses too. Without proper password habits your employees might put your company at risk. Your systems may be secure and complex, but attackers may choose a different method – to wait for your employee to make a mistake. Educate all your employees at all levels from bottom to top, make them build good password habits and make them think before they click. Creating a cybersecurity-awareness culture in your company can save you a lot of headaches. Cyber-aware, educated employees can stand in the first line of defense.

BACK TO BASICS

Some of these tips may seem obvious, but practice makes perfect.

1. Make your passwords strong

As we mentioned earlier, weak passwords are easy to crack. Ask yourself a question. If there was a hacker trying to gain access to your account, how quickly would she/he be able to guess your password? Do you use your personal, easily accessible information about yourself in your password (date of your birthday, your wife’s name, etc.)? Do you use any popular strings like „qwerty“, “password” or „1234“? Make your password more unpredictable, don’t follow a pattern and use randomly generated passwords instead. It is recommended to have your passwords 15-20 characters long. Shorter passwords can be cracked by brute-forcing.

2. Store your passwords in password manager

Worried that you won’t be able to remember all those strong and unique passwords? Then password manager might come in handy. Password manager can store all your passwords in one place. It uses encryption to protect your data. Maybe now you are thinking if it is safe to provide your passwords to another third-party app and store it all there. Well, there are some risks too, as nothing online is 100% safe, but it is one of the best available options nowadays. But don’t forget to look for a trusted password manager. You can try Keepass. Secure your app with strong password and back it up regularly.

3. Change your passwords often

Many people use the same password for years. It is recommended to change your password few times a year, and the frequency also depends on what is the password used for and how strong it is. Be sure to change your password when there was a password leak, someone tried to access your account or you logged-in from a public wi-fi. Check if your mail or phone was breached.

4. Create a unique password for each account

Using the same password for every account increases your account vulnerability. Never use the same password for multiple accounts. Don’t make it easier for attackers to gain access to all your accounts by cracking your only password.

5. Two-Factor authentication is your best friend (2FA)

Even though you may find it annoying to confirm each and every login or transaction, it is strongly recommended to do so. Many apps or websites give you an option to enable 2FA and when they do, take advantage of it. It is an extra protection which makes it harder for attackers to get to your personal account. The most common forms are SMS or notification with unique passcode or the use of biometric data (which may be also risky, but let’s talk about it next time).