Hackuity asks, do we need a reality check?

September 15, 2023


Hackuity CRO Pierre Samson investigates the growing use of AI and its impact on organisations.

Artificial Intelligence (AI) tools have enormous potential for enhancing business productivity. Yet they also present a concerning question: are these same tools also making cyber-attackers more efficient?

A recent Salesforce survey has highlighted this concern among senior IT leaders. While 67 percent of IT leaders are gearing up to integrate generative AI into their business operations, 71 percent are also concerned about this technology opening doors to new cybersecurity risks.

These concerns are not unfounded. Cyber adversaries are openly boasting about leveraging tools like ChatGPT and other generative AI platforms to craft malicious code on developer forums. While ChatGPT enthusiasts might be inclined to downplay its potential threats, independent research underscores the platform’s susceptibility: it can indeed be manipulated into generating malicious codes, viruses, and spyware.

However, businesses should not slam the brakes on the use of AI just yet. These tools are not so much inventing new threats or attacks as they are accelerating and scaling traditional tactics for attackers. Also, the nature of AI is inherently agnostic. Just as these tools can be exploited for malicious intentions, they can be harnessed by cybersecurity professionals to bolster defences, detect anomalies, and even craft countermeasures against threats.

So, how can businesses address these latest challenges and turn AI into an ally? The best approach is to enhance your security hygiene fundamentals.

Re-evaluate your attack surface

Bringing generative AI tools into your business doesn’t necessarily introduce a new set of vulnerabilities; it magnifies existing ones. Therefore, when integrating technologies like ChatGPT, the first approach that any business should take is to re-evaluate its current network landscape and attack surface.

Organisations must conduct a full risk assessment with an emphasis on their infrastructure and digital assets. This includes:

  • Network Topology Assessment: Understand the communication flow between assets, identify choke points, and detect any unprotected communication channels.
  • Shadow IT Detection: Use advanced Endpoint Detection and Response (EDR) tools to identify unsanctioned devices or software that may be connected to the network, thereby preventing potential vulnerabilities introduced by generative AI.
  • Machine Learning (ML) Model Transparency: If leveraging ML or AI, employ model tools to understand potential weak points, biases, or areas where the model might be susceptible to adversarial attacks.

Start with Zero Trust

Nearly 45 percent of all attacks today include lateral movement tactics and, as this tactic will only accelerate with the advent of AI and machine learning, the most practical step towards effective cybersecurity is cutting down the attacker’s path and protecting your most valuable assets.

This is why Zero Trust stands out as one of the most effective solutions to AI challenges. It calls on businesses to re-think their network strategies, focusing on micro-segmentation. By dividing their network into secure zones and regulating traffic between them, businesses can restrict the movement of a malicious actor, even if they gain access to a system. “Assume breach” means that every request is verified and reverified, at every feasible opportunity.

Continuous authentication takes on a new dimension in the world of generative AI. By employing behavioural biometrics and heuristic analysis with the aid of AI-driven tools, organisations can ensure that users are authenticated not just at login but based on continuous patterns and anomalies in their behaviour.

API security must be at the forefront of our defence strategy. Since AI can power automated attacks, businesses should employ practices like rate limiting, ensure every user and device is authenticated, and use firewalls that have AI-driven threat detection.

Also, it’s important not to overlook the importance of enhanced logging and monitoring. Integrating AI-capable SIEM systems is a good step in detecting patterns and anomalies that might elude traditional rule-based systems.

Effective vulnerability management

With the help of generative AI, threat actors will be able to exploit your network vulnerabilities more efficiently and quickly than ever before. So, there must be an even greater emphasis on effective vulnerability management going forward. 

The effectiveness of vulnerability management hinges on a well-defined, holistic approach. Start by pinpointing the most pressing vulnerabilities that could pose significant threats to your organisation. It’s important to acquire solutions that can analyse your vulnerability data, activate risk-based prioritisation, and automate remediation workflows. Such solutions can help to ensure that vulnerabilities are addressed in a timely and consistent manner, leaving no gaps in your security landscape.  

Intelligent solutions can seamlessly integrate data from the myriad of security tools your firm might already be using. These platforms can analyse over 200,000 common vulnerabilities and exposures (CVEs), providing a comprehensive view of your security posture. By incorporating AI, this process becomes even more efficient and predictive, allowing for proactive threat mitigation.

Visibility of your organisational network and assets is essential. Regularly assess the unique risks pertinent to your business operations and how they might affect your technological infrastructure. Remember, awareness is key. If you’re unaware of an asset, you can’t secure it.

Most importantly, adopt a pragmatic, phased approach. Cybersecurity isn’t a destination; it’s an ongoing journey of adaptation and fortification. Embrace the Pareto principle (80:20 rule): begin by addressing the 20 percent of vulnerabilities that account for 80 percent of the risk. Once you’ve established a solid foundation by securing these quick wins, you can then incrementally advance your vulnerability management strategy, consistently raising the bar for would-be attackers.

Balancing Investments: Technology, Process, and People

Given these new challenges of AI-driven threats, is it time to channel more resources into technology for bolstering security? Yes… and no. The answer isn’t merely about getting the latest tools but having a comprehensive security strategy.

To get started, use detection tools that safeguard both your network and the individual endpoints connected to it, which can scan for anomalies and threats. For smaller enterprises, it may be better to consider engaging managed service providers (MSP’s) which can offer a wide range of security services tailored to fit various business needs, ensuring that even businesses on a tight budget don’t compromise on security.

The real challenge, however, lies in effective integration. Each tool or service that’s added should seamlessly feed into a unified security view, ensuring that all data flows coherently and contributes to a holistic understanding of threats. This approach enhances the efficiency and effectiveness of security teams, allowing them to address threats more proactively.

Businesses should remember that an alarming 80 percent of security breaches still result from lapses in fundamental cybersecurity practices, so be sure to establish clear accountability across the board. This involves identifying key personnel at every organisational level, from operational staff to top-level management, all of whom play a pivotal role in ensuring cybersecurity. Training is indispensable. Employees can either be a robust first line of defence or an inadvertent gateway for attackers. Investing in proper training and tools equips them to act as sentinels rather than vulnerabilities.

Overall, the best defensive strategy in the new age of AI is to strengthen your security foundations. Before integrating advanced tools, firms should focus on core defence principles: ensuring complete visibility of all digital assets, securing and protecting them, persistent monitoring, a swift response to threats, and continuously evaluating and refining their strategy. With these in place, organisations can turn AI into an ally.

More UK Security News.

Read Next

Security Journal UK

Subscribe Now

£99.99 for each year
No payment items has been selected yet