teissTalk: Leveraging AI to monitor, analyse and respond to threats

On 8 June, teissTalk host Thom Langford was joined by Chuck Brooks, Adjunct Professor, Georgetown University; Mark Ward, Senior Research Analyst, Information Security Forum (ISF); and Tyler Farrar, Chief Information Security Officer, Exabeam.

 

Views on news The 2023 Annual Report: Cybersecurity Trends & Insights, published by Perception Point, identified a 356% growth in the amount of advanced phishing attacks attempted by threat actors in 2022. According to the report, the total number of attacks increased by 87%, highlighting the growing threat that cyberattacks pose to organizations. The report also identified how the threat landscape is changing due to the rapid adoption of new cloud collaboration apps, cloud storage and services for productivity and external collaboration, and as criminals are gradually pivoting from websites and browsers to these apps and services as a result. Microsoft was the brand most impersonated in malicious email, 3.3 times more than the next most impersonated brand, LinkedIn. Advanced attacks made up 2% of all threats. AI is now used not only to make social engineering more effective by personalising it more but also for finding vulnerabilities of targets. Polymorphic malware that changes its identifiable feature to evade detection and which has been developed from Chat GPT is now being leveraged to get behind filters. And there are more sophisticated AI tools out there than ChatGPT. Criminals seem to have had access to generative AI tools earlier than the rest of the society.

 

Getting ready for AI-powered cyber attacks

 

AI’s primary use in security is threat detection and response, and it also shortens the time it took a couple of years ago to detect a hack (200-250 days). It can also reduce the number of false positives significantly. AI security tools, however, are only shiny new tools unless the organisation makes the necessary structural changes to accommodate their use. The type of AI tools used up until now have been ML-based and are therefore very specific to a task. The type of AI that has started to catch on has much broader applications. But this kind of AI is still reactive and needs prompting. One possible application is when a security expert detects an attack and prompts AI to explain what is happening, as well as to give recommendations regarding what to do next. This is one of the strongest use cases. If a business commits to AI, it surrenders some of its autonomy to make decisions too. It has to answer questions such as do I trust the way AI prioritises cyber threat to my organisation? AI can save security experts hours by carrying out a root cause analysis. Although AI trained on data validated by humans can be very powerful, you will need continuous human control and strong data governance. The biggest problem of the AI products currently on the market is that most of them lack training data transparency. Another challenge for organisations regarding Chat GPT is whether and how they should let employees deploy it for carrying out tasks more efficiently in order not to create a vulnerability while doing so. AI augmentation or, as it’s more widely known, “human in the loop”, is still key at this stage to secure AI use cases. With the wide range and high number of AI tool, orchestration is also a key issue that lends itself readily to AI solutions. Best-of-breed systems that are not interfaced with each other can’t be used for contextualisation. However, many of the cyber attack root causes still go back to foundational cyber hygiene issues. Target breach is primarily a

supply chain issue which is hard to tackle without gaining multi-tier visibility into complex supply chains. Now is the time for organisations to get ready for AI doing their research, getting their policies in place and getting ready for evolving attack strategies with new defence mechanisms.

 

The panel’s advice

 

The core question is who watches the watcher.

 

The performance of every AI is tied to the quality of the underlying data.

 

As criminals go with the speed of machines, so should info security professionals.

 

It’s always the bad guys who can leverage new technology first.

 

We can’t really see the world raw and pure as algorithms are already filtering it for us.