Trying to protect an organization’s cybersecurity is a minefield, even for managed service providers where there are hundreds of customers that you are building concise automation and telemetry to understand better and detect potential threats. Being human centric is also paramount as no automation or well-defined detectors can replace human beings and the skills and experience to find that needle in a haystack when high-risk incidents occur.
Now the age of artificial intelligence (AI) is nothing new. Machine learning and predictive coding have been a huge part of the cybersecurity world for many decades now, but this has sometimes been out of reach for security professionals as they rely on these capabilities being built into the tools that they use daily.
In one technology vendor’s solution machine learning is being used to identify common themes and aggregate multiple alerts that have direct connections to a larger incident. Analysts are able then to sift through all the telemetry that’s associated with these incidents and without these machine learning capabilities it would be near impossible to capture all of the relevant information to respond to such threats effectively.
Having these valuable insights into security and compliance is made easier by these tools, however, now generative AI (GenAI) is the most popular tool of choice because it is freely available to anyone in the world. Threat actors are now pausing to retool and make their old techniques more believable to the human eye.
Old techniques
We can see in various articles over the last couple of decades that the biggest vulnerability is still the human being. This is evident when you’re looking at phishing attacks as GenAI now can better phrase and make content more believable than ever before. Where our advice to members of the public and our employees was to carefully read, understand, and determine whether certain phishing emails could be legitimate or not, with GenAI and its ability to understand the human language it’s now very easy to make text believable, albeit with the current models, it’s easier to detect certain phrases that are constantly being used by AI. So, this training doesn’t go away but we need to retrain team members to look at other metrics that could indicate an attack upon them.
Adversaries retooling
This is just one way that adversaries are retooling with AI but even so, it seems every month that these GenAI tools are becoming more capable. I’ve seen videos in the last week of a human being manipulating not just an AI moveable character but also being able to manipulate the skin in real-time. We’ve heard of these attacks of a fake CFO telling an employee to send money to a spurious account which has resulted in financial loss. The public still doesn’t understand how advanced these AI tools have become, not in just the last two years but right now. We will need to think about new tactics and techniques to watch these types of advanced threats and being able to use AI to detect an AI tool is more crucial than ever. Not just around using AI to decide and reflect on summarizing incidents and alerts but also being able to detect if AI has created something.
Real-time monitoring
Sophisticated tools need to be developed now so that real-time monitoring and alerting is effective when these threats appear when AI is being used. This will minimize the impact of the attack and reduce the risk of data leakage or reputation to any organization.
These tools also need to be easy to use because not everyone is a machine learning engineer, nor do adversaries need to be technical now as GenAI uses natural language to create anything including complex code. Tools are being used by everyday people to build applications that can be used for both good and for risks against organizations.
We know that adversaries are retooling but will this mean we’re one step behind? Without more sophisticated tools that are looking for AI behaviors, these might be impossible for even a human to capture. These adversaries only need to be right once, so the best that we can do now is monitor very closely for these changes. We still know that data and financial protection are the end goal, as these are the things they want to seal, redirect or mislead for their gain.
Keeping a daily eye on the changes of GenAI in the world is also key. You can’t take your focus off this as we’ve seen with the new models for chain-of-thought, there are now new ways of using these AI models to reason over the questions that even members of the public can use at no cost!
Two ways organizations need to think about AI today
In conclusion, there are so many benefits to GenAI that many don’t see. Especially within cybersecurity where now their work is becoming even more important in using these tools, for good, to find bad activities. We need new tooling also to prevent even more sophisticated threats through old techniques. Organizations need to be looking at GenAI in two ways: one around productivity in using such tools to streamline their processes, do boring things quicker, or gather more meaningful data more concisely. The other is to investigate or develop tools that are monitored for behavior changes that relate to AI itself, it’s a black box but it won’t behave like a human, yet.