Striking the right balance between business innovation, security and AI

AI For Business

The current business environment has seen an increased adoption of GenAI (Generative Artificial Intelligence)-enabled tools such as Microsoft Copilot to reshape business models in the name of innovation. Unfortunately, this has directly contributed to an alarming surge in the frequency, severity, and variety of cyberattacks. In line with this, a recent survey revealed that 75% of cybersecurity professionals reported an increase in AI-enabled cyberattacks over the past year, with 85% attributing this to threat actors weaponizing AI.

When large-scale language models (LLMs) are given access to an enterprise's proprietary data and equipped with the ability to make decisions and take action, new attack surfaces are created and surprising new attack methods become possible — and cybersecurity defenses are often left on the back burner.

As businesses increasingly digitize their operations, traditional security measures are no longer sufficient, further increasing the need for stronger cybersecurity measures. How does digital innovation make businesses more vulnerable to cyberattacks?

Third-party access leads to surge in identity-based attacks
As enterprises modernize their IT infrastructure with GenAI technologies and methodologies, they are integrating not only AI and machine learning (ML), but also third-party applications, contractors, and external services. The proliferation of third-party partners, contractors, and suppliers makes it difficult to maintain strict access controls to sensitive networks, services, and applications, increasing the risk of identity-based attacks. For example, attackers can use Microsoft identities to access connected Microsoft applications and federated SaaS applications such as Microsoft Entra ID (formerly Azure ID).

Despite an estimated AUD 7.3 billion spent on security and risk management products this year, 90% of organizations will experience an identity attack. GenAI will continue to target organizations as it provides adversaries with additional new opportunities to exploit vulnerabilities in identity-related systems to deliver ransomware, fraud, and business email compromise (BEC). It is clear that current preventative security controls are insufficient to combat attacks by GenAI. Businesses must consider alternative options, such as threat detection and response, to close the widening exposure gap.

Lateral Movement Exposes Hybrid Cloud Vulnerabilities
Managing security in hybrid environments is becoming more complex and challenging due to the rise of hybrid attacks. Malicious actors are not only looking at social engineering bait but also vulnerabilities and misconfigurations. The biggest problem in the cloud is credential theft via repositories such as GitHub and Bitbucket when developers accidentally upload credentials or when misconfigurations are used or exploited due to the complexity of the cloud.

Lateral movement in a hybrid world exacerbates the problem because it is “environment dependent” as threat actors use available tools and infrastructure to impersonate legitimate users and obtain the credentials they need to access sensitive data. Identity-based attacks correlate with lateral movement if new identities continue to be compromised as attackers move through the network. It is important to monitor how identities are compromised and maintain visibility and consistency in your risks and controls. This becomes even more important when most identities are in federated domains that are not fully integrated with each other, creating blind spots for attackers to hide in. Leveraging GenAI tools can help speed up lateral movement. Previously, a ransomware attack would take 8-14 days, but with Microsoft Copilot, this reconnaissance takes minutes instead of days.

Combating AI threats with AI
Despite these challenges, GenAI presents an exciting opportunity to leverage AI technology to help fight cyberattacks. If companies go back to basics, leverage proven security expertise, and build a solid foundation of security measures, they can innovate without the potential negative consequences. Key factors to consider include:

Focus on basic TTPs: Cybercrime continues to grow, but the threat vectors – potential paths into systems – remain the same. Organizations must apply the same defensive mechanisms as they expand their digital footprint, focusing on foundational techniques and tactics, procedures, and protocols (TTPs) that help prevent and remediate security incidents.

Invest in security controls: A recent Proofpoint 2024 Voice of the CISO report listed human error as the top cyber vulnerability threat. Social engineering is also used to exploit employees into handing over their credentials to malicious actors. In addition to up-to-date security training, organizations should strengthen privilege management protocols to ensure users only have access to the data and functions they need to perform their roles to limit opportunities for compromise.

Finding the right AI solutions: Protecting against today's unknown threats requires security solutions that combine both security research and data science. Instant remediation with AI allows security teams to stop malicious behavior, eliminate access, and prevent breaches, application abuse, exfiltration, and other damage within minutes instead of months.

Build visibility, awareness and insight: Security teams need rapid visibility and situational awareness across their environments to get ahead of anomalous activity that may go unnoticed without security-rich information. As we move to a cloud-native world, a framework that provides cloud telemetry specific to cloud infrastructure is ideal. The MITRE ATT&CK framework uses patented AI to learn privileged user behavior. By identifying normal and abnormal conditions, analysts can gain real-time visibility into hybrid environments. This allows them to detect and stop lateral movement and ransomware before attackers can cause damage.

As organizations become more innovative, so do attackers
GenAI's potential to transform workforce productivity and drive innovation is not just hype. As GenAI's capabilities continue to evolve, it will advance security tools, improve threat intelligence, and transform security operations centers. Security leaders must embrace AI as part of their defense and response strategies to remain resilient, agile, and one step ahead of cyber attackers.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *