(844) 627-8267
(844) 627-8267

Cybersecurity In The Age Of AI | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Artificial intelligence (AI) is certainly not a new concept, but with the public launch of ChatGPT and the rise of generative AI models, it has take on new, dizzying momentum. AI is transforming the world of cybersecurity and evolving the threat landscape at a remarkable pace. Barracuda hosted a panel discussion in Las Vegas this week during Black Hat.

The session, titled “Cybersecurity in the Age of AI,” was moderated by Christine Elswick, EVP and Cybersecurity Practice Lead at Highwire PR, and included insights from an esteemed panel comprised of Barracuda CTO Fleming Shi, OpenPolicy Founder Dr. Amit Elazari, J.S.D, President and CEO of the Cyber Threat Alliance J. Michael Daniel, Director in the Office of the CISO Amazon Web Services (AWS) Mark Ryland, and Splunk’s VP, Technical GTM Patrick Coughlin.

Transforming the Threat Landscape

Generative AI’s emergence is allowing attackers to strike faster and with better accuracy. By minimizing spelling errors and grammar issues that were once signals for phishing attacks, this makes them more evasive and convincing. In particular, critical industries like healthcare, education, and local governments have reported significant increases in attacks over the past couple of years.

“Generative AI is the new thing. It’s a subset of machine learning, deep learning and overall artificial intelligence,” explained Shi. “When we start examining weapons every day—digital weapons—they’re not too different by the time it’s actually created, because humans can still craft very capable, very effective weapons.”

Shi added, “However, the speed and volume you’re going to get from using generative AI—because it’s capable of generating content very quickly given some direction, some prompts, and will be able to actually handle and deliver digital weapons much quicker.”

Additionally, attackers now have the ability to use generative AI’s code-writing capabilities to write malicious code, thus exploiting software vulnerabilities. The skill required to initiate a ransomware attack is now merely a matter of constructing a malicious prompt and accessing ransomware-as-a-service tools. This has led to a whole new wave of attacks developed at an unprecedented scale.

Reflecting on the historical perspective, Coughlin noted that the rise of AI in cybersecurity can be likened to the move to mobile devices and cloud computing. These technological disruptions have had several key impacts. They have widened the attack surface by introducing new critical data sets like training data and created new ways to lose data. As with the move to the cloud, new compliance requirements are on the horizon, although attackers, of course, don’t have to worry about that.

The general consensus of the panel experts is that the integration of new technology may seem overwhelming, but we must remember that we’ve been here before. It’s essential to proceed with caution, pay close attention to new regulations, and avoid one-way doors when architecting systems.

The importance of achieving full visibility across different systems and tools is a lesson that should have been learned from past experiences.

Empowering and Complicating Security at the Same Time

The balance between offense and defense in AI is a crucial aspect of the current cybersecurity landscape.

AI could be a significant asset, automating many processes and acting as a decision assistant for individuals in a Security Operations Center (SOC). AI’s ability to do the triage work could be revolutionary.

However, there are also challenges, such as generative AI causing companies to harden and close off APIs, thus reducing information availability to defenders. The security for AI itself is even more complex, as it’s difficult to understand how AI reaches a decision, making it hard to determine if it’s been manipulated.

But Ryland pointed out that the opportunities for security teams are twofold: prevention, by using AI to accelerate decision-making and automate tasks, and defense, as AI-driven analytics can speed up threat detection.

The panel stressed that AI must be treated as an augmentation rather than a replacement for human intelligence.

“The tools that we’re talking about here—and these are tools—have enormous potential to make the practice of cybersecurity much more satisfying,” proclaimed Daniel. “It can take the alert fatigue out of the equation and make it easier for the humans to focus on the stuff that’s actually interesting.”

Sifting Through the (Generative AI) Noise

There has been an explosion of cybersecurity solutions proclaiming to embrace AI, and businesses must cut through the hype to understand which vendors and tools are truly leveraging generative AI and how to start taking advantage of it. AI-based threat detection is essential to outsmart targeted attacks, and CISOs must double down on resilience and think holistically to secure their organizations.

Coughlin emphasized, “Today, we talked a lot about digital resilience and the criticality of building resilience into your digital business. I think as AI systems move into production, as AI systems are powering more and more customer-facing apps in the Fortune 500, it’s going to become increasingly critical that we break down the silos across internal teams in order to drive more visibility, more process controls, and more clarity for the C-suite.”

As for the future of AI in cybersecurity, the outlook is generally hopeful, but staying ahead of the curve is a necessity. The development of AI technologies, particularly large language models, has pushed conversations about AI into the policy-setting and regulatory space. This is a national security imperative that must be addressed. Policymakers have been hesitant, but that’s changing, with a renewed focus on connecting innovative companies, startups, and investment firms at scale to continue building cutting-edge tools while being fully aware of the issues and policies.

Stay Ahead of the AI Curve

So, are AI and generative AI tools that will improve the next generation of cybersecurity solutions and empower defenders, or are they an existential threat that shifts the battle irrevocably in favor of threat actors? Or is it somewhere in between?

Dr. Elazari declared that she is hopeful and optimistic about the future of cybersecurity with AI. “Generative AI really has the power to do three things, which result in the process of democratization: increasing the access to information—whether it’s text knowledge or cyber threat information; increasing the usability—so how this information is being presented to you how it’s being curated in a way that actually allows you to interact with it or whether it’s an experience that empowers the audience of the information to leverage it; and, increasing the efficiency and effectiveness of what you can do with that information.”

The “Cybersecurity in the Age of AI” panel discussion provided a comprehensive and insightful look into the complex relationship between AI and cybersecurity. As AI continues to evolve, the lessons gleaned from this discussion offer valuable guidance for individuals, businesses, and governments seeking to navigate the uncharted territory of AI-enabled cybersecurity. By focusing on collaboration, innovation, and responsible implementation, a secure and promising future seems attainable.

Follow me on LinkedIn. Check out my website. 


Click Here For The Original Source.

National Cyber Security