Working With AI: A Word On Today’s Corporate Cybersecurity
Automation has been around for centuries in many ways and massive targeting is far from new. Yet, the advancement of artificial intelligence (AI) is allowing automation to work at an unprecedented scale, targeting millions of individuals and systems simultaneously on multichannel attacks with advanced persistent threats (APTs). On the other hand, this security evolution, Google’s Quantum Resilient Security Key, is already raising conversation on quantum-safe cryptography. Given this panorama, I’m touching upon AI today to describe how this technology is reshaping our digital landscape and focusing on countermeasures for corporate cybersecurity.
How AI Is Raising The Cybersecurity Bar
AI-powered bots for malicious means can take endless forms and modify code to bypass even the most secure of corporate detection tools. Last year’s phishing attack reports alone exceeded 500 million, which accounted for 36% of all data breaches in the USA. Long past poorly worded emails from foreign princes in far lands, this scheme has evolved to the most believable and persuasive results. This year’s phishing attack statistics confirm that “83% of all companies experience a phishing attack each year” when every one of those “costs corporations $4.91 million, on average.” Meanwhile, hacking and malware tools have only grown exponentially since the pandemic.
With their natural contextualized knowledge, AI tools can constantly learn from their own failed attempts to also refine their tactics and become increasingly effective over time. Tie these capabilities to human manipulation and we get new malicious versions of the already very famous ChatGPT being trained on malware-focused data.
We need to keep working on preventing rings of attackers from acquiring sensitive corporate information and gaining unauthorized access to business systems. But how do we do that in the new world of AI?
AI As Its Own Medicine: Strengthening Business Security
It might help to think of AI not just as a tool for attackers, but also as key to the finest cybersecurity. Depending on your state of technology (SOT), you could resort to anti-incident automated replies to immediately isolate triggers from a network.
New Large Language Models (LLMs) can help detect and flag malicious attempts with an amazing ability to process big data across sources. Capable of parsing logs, LLMs can also identify pattern deviations and work with technical documentation to summarize and even strategize.
With adversarial models, machine learning (ML) can also adapt to evolving tactics and detect irregular traffic patterns to help counter network attacks, for example. From perfect behavioral biometric profiling to high-quality image analysis, ML can detect deepfakes as much as combine big data to point out miscellaneous inconsistencies.
Natural Language Processing (NLP), on the other hand, can refine security on text-based interactions for sentiment analysis and message tone detection, useful to protect our email and messaging tools. We can further code unique defense mechanisms this way.
While common practice has dictated we secure email gateways, establish network perimeter security controls and set up firewalls, Endpoint Detection and Response (EDR) tools can furthermore help secure end-user devices and points, especially in remote work settings.
Most people speak of Security Orchestration, Automation and Response (SOAR), a stack TechTarget describes as providing security response and threat data with reduced human automation for improved physical and digital security. Yet, now, we can also consider data augmentation and cloning as part of these measures.
Our go-to productivity tools also open new lines of threat, making cloud infrastructure security paramount. Cloud Access Security Brokers (CASBs), Secure Access Service Edge (SASE) and cloud-native tools are vital.
Finally, advancements related to the Internet of Things (IoT) also call for us to consider countless other devices. From toys to insulin pumps and pacemakers, the most unthought-of items, including smart blenders or even fish tanks, can put in serious jeopardy the most robust of security systems. IoT’s own medicine includes embedded nano agents and real-time monitoring as much as zero-day attack protection.
Related read: Safety First: A Comprehensive Guide to Corporate Security
But Activating a Security Measure Can Result in Diverse Counterattacks.
As a true story about a specific antivirus we used for many years in one of our tech companies, we were facing around 2,900 phishing attacks per week with it. When we activated its anti-phishing system, however, the attacks changed. Malicious attempts started moving to a different strategy. We saw actions as inventive as a new LinkedIn profile posing as one of our team members in what to us makes a far-away area of the world.
Now, aside from conceiving diverse AI security integrations, we’re already diversifying our antimalware, anti-ransomware, anti-exploits and anti-phishing providers for a combined vision of what best supports our corporate cybersecurity. This brings me to perhaps the last fundamental aspect of this quick discussion.
The Value Of A Risk Management Assessment For Cybersecurity Measures
For as fascinating as AI is, our very first step in corporate cybersecurity should be for us to focus on our unique corporate needs. This is why corporate risk assessments are a must. Mapping out where we wish to go, our corporate mission, vision and objectives can act as the perfect compass. Those may even scratch some of the trendiest measures off our business to-do list, and it helps to be open to that.
All in all, we need to consider our unique threats and vulnerabilities to build security controls that take us to an acceptable level of risk—for us. As tech leaders, especially, we can furthermore coach business partners on where to invest and what measures to take for best security practices. Doing so can help us build even stronger collective work. In the end, we’re all trying to do our best as we navigate all possible sides of AI. I wish you the best in your digital transformation journey.
This article was originally published on Forbes.com