According to Pierre Samson, Chief Revenue Officer of Hackuity, AI tools can help improve productivity at work. But will they make life easier for cyber attackers too? According to a survey of senior IT leaders by Salesforce, two-thirds (67%) will prioritize generative AI in their business in the near future. while a similar majority (71%) believe generative AI poses new security risks to their data.
Attackers are already using ChatGPT and generative AI to create malicious code (and brag about it on developer forums). ChatGPT proponents may downplay the risks, but researchers have found that his ChatGPT can be tricked into generating viruses and spyware.
Stronger controls and laws need to be put in place first, according to AI experts, calling for a six-month grace period before training stronger AI systems. The use of AI is also regulated by governments around the world, with Europe leading the first AI law and the Philippines closely following after consultations with the European Union (EU) and the Association of Southeast Asian Nations (ASEAN). . Start regulating AI.
Don’t hit the panic button yet. These latest “advancements” are not entirely new developments. It just accelerates traditional hacker tactics. Similarly, AI tools are agnostic. This means security teams can use it for defensive tasks, from identifying cybersecurity anomalies to creating evasive code.
where do i start?
As with any emerging threat, organizations should evaluate what potential risks ChatGPT poses to their particular attack surface. This is not a call to completely rethink cybersecurity. But businesses need to double down on cyber hygiene to ensure robust defenses.
Most organizations still struggle to identify, prioritize, and remediate their most basic threats. According to a recent Cisco study, only 15% are “mature” in cyber, and more than half are still “beginning” or “forming.” There are a number of fundamental security gaps that need to be addressed first before diverting resources to modern AI threats. In other words, there’s no rush to bake a cake even if you’ve forgotten the recipe for years.
From the headlines, you might think that Generative AI and ChatGPT are fundamentally new forms of cyberthreat, but in reality they are simply expanding on classic attacks that have been around for a long time. As AI changes the landscape, similar attacks are possible on an unprecedented scale. But none of this matters if you don’t have the right foundation.
How can I protect myself?
Authenticating users with a modern security architecture, Zero Trust is a framework that addresses many of the modern challenges of today’s business. This helps keep remote workers safe, protects hybrid cloud environments, and protects your company from ransomware threats.
Many organizations employ some form of attack surface management (ASM) to discover and analyze vulnerabilities and potential attack vectors. Zero Trust similarly looks beyond the traditional security perimeter. It’s not enough, but it is necessary.
The principle is simple. Never assume identity and implement least privilege access to reduce your attack surface. This is equally true when facing generative AI.
What is the correct process?
Effective vulnerability management starts with knowing which vulnerabilities need to be prioritized and systematically addressing them by automating your team’s remediation workflow. Eliminate blind spots in your cybersecurity perimeter and focus on what matters. your organization.
For cyber hygiene, intelligent solutions can aggregate data from the dozens of siled security tools most businesses already have and analyze over 200,000 common vulnerabilities and exposures. increase. AI can help with that.
Let’s start with the basics. Conduct analysis to understand the critical risks inherent in your business and how they affect you from a technology asset perspective. You can’t protect what you don’t know. With clear accountability, identify the stakeholders responsible for cybersecurity from top to bottom, including the board of directors. Depending on your investment, your employees can be your first line of defense or a gateway for attackers.
Implement a phased approach. Cybersecurity is a journey of continuous improvement. Adopt the 80:20 rule: Start with 20% actions that cover 80% of your risks. Take your vulnerability management program to the next level with immediate action and essential protection.
Should we invest more in technology?
First, deploy detection tools and techniques to protect your network and endpoints. (If you’re a small business and don’t have the bandwidth or money to invest in technology, consider a managed service provider that can cover a wide range of security services.) From there, those data flows share the same big picture of security. Make sure you are contributing to team.
We observe that 80% of breaches are still attributed to lack of basic cybersecurity hygiene, which could have been prevented with steady investment, top-down willingness and risk awareness. about it. Investing in the right technology as well as people and processes can make a difference. AI can be a powerful ally, but only if you first get the basics of cyber defense right: gain visibility, secure, protect, monitor, respond, and assess.
