A decade ago, only nation states had data centers and computing power to mine large data sets, but today the data mining revolution driven by AI and the growth of computing power mean that massive data sets have become exploitable by threat actors, Jim says. Richberg at Fortinet.

Now responsible for information security, CISOs face new cybersecurity challenges due to the increasing use of artificial intelligence, AI, particularly generative AI, GenAI. This is no surprise given the growing use of GenAI in the workplace, with two thirds of organizations saying last year that they were already starting to use it and only 3% of companies not planning to adopt it.

AI has become a double-edged sword for cybersecurity. On the one hand, this has lowered the barriers to entry into cybercrime, allowing would-be criminals to generate malware even if they lack programming skills and giving more sophisticated criminals capabilities that few could have. imagine relatively recently.

Raising Threat Actors

Cyber ​​defenders can leverage AI for intelligent automation and defense strategies. AI has the potential to level the playing field, even against AI-equipped adversaries and the dynamic threats they pose.

A potential malicious cyber actor no longer needs programming skills to use GenAI because a large language model, LLM AI tools, can be used to write malware. AI is also used to quickly exploit software vulnerabilities once they become known, providing malicious actors with increased potential to weaponize and exploit these vulnerabilities more quickly than many customers applying patches or updates to software. suppliers.

GenAI can significantly increase the sophistication of spear phishing attacks, elevating them above the boilerplate content, misspellings, or clunky grammar that organizations often teach users to look for. Now, when a threat actor scrapes a victim's address book, they can also scrape email content and use it to generate personalized emails matching the syntax and subjects that the sender compromise used with each recipient.

AI also provides cybercriminals with new tools and capabilities. For example, organizations typically train their employees to counter attempts to compromise business emails to bypass normal processes and transfer funds to support a senior executive such as the CEO by contacting the requester by phone or video to validate both the sender and the request.

Criminals have begun using AI-generated voice and video spoofs of the alleged sender and chatbot-generated responses to thwart these controls.

AI-driven data analysis has given malicious cybercriminals new exploitation tools that make new classes of data attractive targets. A decade ago, only nation states had the data centers and computing power to mine vast data sets.

The AI-driven data mining revolution and the growth of pay-as-you-go computing power and storage mean that massive data sets have become exploitable and attractive targets for criminal actors and Nation states.

Data favors defenders

Cybersecurity professionals use the term attack surface to describe the size and complexity of the digital environment and their difficulty in mapping it, or even fully understanding it, in dealing with the unknown unknowns. AI and the growing use of mesh cybersecurity architectures offer the opportunity to turn the scale and complexity of this digital environment liability for network defenders into a potential advantage.

Sensors linked in a common architecture allow network operators and defenders to generate data in real time, and increasingly powerful AI and ML can make sense of it in real time.

Malicious cybercriminals are rarely successful the first time they attack a target, even using AI, but they rely on their missed attacks in the deluge of alerts that flood into the company's security operations center every time. shift. AI helps spot anomalous activity, determine which anomalies constitute attacks, generate a real-time response to block the attack, and inoculate the rest of the organization's digital assets against further attacks.

Weakening data privacy levels

Remember, AI and ML are powered by data, and the more data they have to train and use, the more effective they are. Typically, those who operate and defend an enterprise environment are in a better position to have this data than those seeking to penetrate the network.

Certain niches, such as spear phishing, asymmetrically favor the attacker; but generally speaking, the arms race linked to Big Data favors the defender.

As empowering as AI is for CISOs, businesses face other challenges when using AI in the workplace. A major concern is that the data contained in GenAI queries becomes part of the large dataset of language models used by these models. Other common problems include copyright infringement, revealing personally identifiable information, unknown use of biased or objectionable data, and AI hallucinations, which are offhand but obviously erroneous results.

Many organizations use GenAI cautiously; but in most cases, staff do not understand the reasons for this deliberative pace or see the digital safeguards in place.

They are getting used to using GenAI in their private lives and experimenting with it independently in the workplace. GenAI has become the latest form of shadow IT that CISOs and CIOs must face.

You should consider leveraging AI, but be smart. Research the market and work with vendors whose commitment to security matches your needs.

Don't let GenAI initiatives weaken your data privacy

Run a foundational model in a private environment so data and training results remain separate.

This will trade some of the scale and power of live dynamic LLM data for the assurance that your queries won't expose your organization's sensitive data to third parties.

Use retrieval-augmented generation that uses validated external data to refine the accuracy of fundamental models without providing them with additional training data. This approach reduces security and accuracy risks.

Run Data Loss Prevention as a filter when typing in the public LLM.

Talk to your GenAI vendor and tailor your use cases with data security in mind.

Review privacy and security settings. Can you prevent your data from being backed up? Can you do it manually? On a timed basis? Can you run queries with anonymized data?

If you use third-party applications or software-as-a-service providers that have integrated GenAI into their tools, ask the same questions and determine how they protect your contributions and results.

Integrate strict access controls.

Limit the use of specific datasets to authorized users.

Use privacy-enhancing technologies with data obfuscation, adding noise or removing identifying details, anonymization, encrypted data processing, homomorphic encryption, multi-party computation, federated analysis and distributed over centrally hosted data, processors cannot see the content and data accountability tools, user-defined control. .

Carefully examine the data volume. The more data you provide, the greater the risk of leakage.

Train the team using the template to reflect best practices, compliance and threats.

