Machine learning can make staffing firms significantly more efficient. Unfortunately, it also makes them more vulnerable to cybercriminals and hacks.

That was the message of Neil Khatod, chief information security officer Americas and the chief of veterans outreach for Hays, who spoke at SIA’s Staffing Tech Summit in Las Vegas.  

Some of the newest dangers to staffing firms are vulnerabilities that were introduced when staffing firms upgraded to the cloud, Khatod said. Cybercriminals use machine intelligence to probe any holes created by the migration.  

“The movement to the cloud expanded the attack surface,” Khatod told John Schroeder, SIA’s managing director, custom research, who was moderating the discussion. “Most of the people who migrated things to the cloud did it without cybersecurity in mind.”  

Phishing attacks, too, have become more effective. Machine learning has allowed hackers to create more authentic-seeming emails that convince recipients to click on links.  The days of being able to immediately recognize a phishing missive by its poor formatting and irregular spelling are over.  

“Seventy-five percent of all hacks start with some sort of human error,” Khatod said.  

How to Protect Your Network and Data 

There are many approaches staffing firms can take to keep their networks and data safe. Unfortunately, they are expensive.  

Hiring a chief information security officer is a good step, Khatod said, as CIOs tend to focus on cost and network implementation over security. But, he added, “If you can’t afford it, that’s fine. There are fractional CIOs out there who can help you solve the problem.”  

Another option is to hire a so-called red team to probe for network vulnerabilities. “You need a third party, a disinterested party, to take a look at your network like a hacker,” Khatod said.  

Getting a red team, depending on your size, can cost $60,000, he added. If that is too expensive, AI can be a help here: Some companies use artificial intelligence to automate the process of finding vulnerabilities.  

One piece of advice may disappoint employees: To avoid successful phishing attacks, it might be time to ban them entirely from using company laptops or other devices for personal use, such as shopping. “It’s a little bit draconian, but [they] can’t go shopping for furniture on company time.” Phishing emails are getting very sophisticated at embedding authentic-appearing links that give hackers access to company data. “There’s a major risk that a hacker can exploit that vulnerability and map out the rest of your network,” Khatod said.  

The best way to prevent significant breaches? Assume you’ve already been hacked, particularly now as machine learning has made attacks more effective, and proceed accordingly. Put all measures you can afford in place. The cost may pale in comparison to that of a ransomware attack. According to Khatod, the average ransomware payment is $1.4 to $1.5 million.