Can Gen AI Transform Organizations Cyber Posture

Artificial intelligence (AI) will and shaping every other industry and cyber security is no exception as per recent research report. The estimated the global market for AI-based cyber security products was about $15 billion in 2021 and will surge to roughly $135 billion by 2030. Further the recognition of AI is gaining momentum and organization understand the  potentiality that has led 76% of enterprises to reorganize their budget on investment that is AI  driven and machine learning .

This is because huge volume of data that necessitates analysis to identify and combat security threats effectively can be monitored.

Growing AI presence in Cyber posture of an organization

Cyber security driven organizations increasingly rely on AI to pally with their traditional tools like antivirus protection, data-loss prevention, fraud detection, identity and access management, intrusion detection, risk management and other core security areas. The most dangerous threats that poses challenges to individual and organization include ransomware, malware, social engineering, denial of service, or distributed denial of service attacks (DoS, DDoS).

These kind of cyber threats affects the global GDP, including the supply chain and we cannot deny the amount of misinformation over the web that flows in every day over cybercrime and other attacks. To counter false campaign AI based cyber security is an essential tool to understand the threat landscape and its vast coverage

Why is AI taken seriously as the nature of AI is in its ability to  analyze enormous sets of data and find patterns and in this AI fits in.

What AI can do to combat modern threat patterns?

• AI can detect with more accuracy actual attacks if deployed creating fewer false-positive results. This includes prioritizing responses based on their real-world risks.

• Identifying and flagging the type of malicious emails and messages often employed in phishing campaigns by hackers.

• Simulating social engineering attacks, which help security teams spot potential vulnerabilities before cybercriminals exploit them

• Analyzing huge amounts of incident-related data rapidly, so that security teams can swiftly take action to contain the threat.

• AI ensures  application security by default, eliminating vulnerabilities for users and eradicating negative defaults.
•  AI guarantees precision in detecting attacks or modalities of attack vectors which can expedite  investigations with automation response mechanisms.
• AI-driven solutions specifically the biometrics can foster secure app development and promote a safe data ecosystem, contributing to a robust infrastructure through behavioural analysis.

As we move ahead in AI driven based cyber security solutions we find AI has the potential to be a game-changing tool in penetration testing. This is possible with intentionally probing the defences of software along with networks to identify weaknesses.

CISA has developed a Roadmap for Artificial Intelligence, which is a whole-of-agency plan aligned with national AI strategy. This will promote the benefices of AI and enhance cyber security capabilities. Also ensuring that AI systems are protected from cyber-based threats, and deter the malicious use of AI capabilities to threaten the critical infrastructure Americans rely on every day.

Intercept is moving ahead and developing products to target cyber hack technology that is evolving everyday so that, organizations will be better able to identify their weaknesses before hackers can exploit them.

BISO Analytics from Intrucept stands out as the pioneering security analytics platform designed to assist enterprises in effectively handling their first-party, third-party, and emerging risks, all within a single platform. This comprehensive solution facilitates a quicker and safer progression for your business.

Having this intelligence would provide cybersecurity organizations with a significant edge in preventing future attacks. Stopping breaches before they occur would not only help protect the data of individuals and companies, but also lower IT costs for businesses. 

CHAT GPT in Cyber security strategy is gaining the trust and momentum to understand the AI perspective. How can Chat GPT be useful?

• Information gathering: ChatGPT can help individuals and organizations gather information on specific cybersecurity topics, such as different types of cyber threats, security best practices, and emerging trends in the industry
• Education and training: ChatGPT can provide users with resources and information to help educate themselves on cybersecurity, such as links to online courses, tutorials, and articles. This can be particularly helpful for individuals and small businesses that may not have the resources to hire dedicated cybersecurity personnel.
• Risk assessment: ChatGPT can help users assess the potential risks and vulnerabilities of their systems and networks, by providing them with information on known vulnerabilities, attack vectors, and potential mitigations.
• Incident response: In the event of a cyber-attack, ChatGPT can help users identify and contain the attack, by providing them with information on how to respond, what actions to take, and what tools to use.

Regulations in AI Cyber security

As AI evolves in cybersecurity domain there are concerns about data privacy and risk management for both individuals and businesses as this is a domain where concerns are growing.

Regulators are considering ways to develop AI so that there is maximization in benefits received and less negative impact.

CISO perspective on AI Cyber security

As we dig deeper AI we find AI making considerable strides in automating various aspects of cybersecurity, positioning itself as a valuable tool for CISO community. But the challenge is ensuring that every cybersecurity strategies align with broader business objectives of the organization.

Business environment has to support goals, challenges and industry dynamics and AI can assist in analyzing data and providing insights.

The emerging attack techniques are a matter of concern for the CISO community and they are finding themselves working in tandem with AI teams a cross functional domain to establish a proper AI based cyber strategy.

For security teams it is now a responsibility to push AI with security leaders and creating a framework for AI adoption to combat threat modules.

As per research following steps are most soughed after to establish AI with the organizational AI journey

• First they should create an AI asset inventory to understand the requirement
• Educate themselves on users methodology and their requirements
• Strongly enforce AI policy within the organisation for all employees to follow
• Refer to use cases as an when required and work within existing framework and refer on and off to same framework

Deloitte in their research paper highlighted few important pointers on Gen AI

• While AI has increased our defense capabilities and postures, could Gen AI take us even further?
• How could it be used to limit blast radiuses of attacks, protect against data loss, and expand our threat response capabilities within budget and on time?
•  In other words, can it help us get ahead— and stay ahead—of attackers?

CISOs must remain vigilant about the potential risks AI introduces.

Some 45% of cybersecurity professionals believe that some of the biggest security challenges stem from the introduction of AI use in enterprises.

The dark side of AI is real, with threats such as high-quality deepfakes, powerful attacker tools like PentestGPT, and copyright misuse of AI input or output.

The effectiveness of Business Email Compromise (BEC) attacks, amplified by AI, is a stark reminder that AI can be a double-edged sword in cybersecurity. These threats not only demonstrate AI’s potential to aid cybercriminals but also highlight the ongoing need for human judgment and oversight.

(Sources: https://www.isc2.org/Insights/2024/10/Will-AI-Replace-CISOs)

As per Deloitte research paper ‘Gen AI is a force multiplier of value because it can do humanlike work at hyper speeds that no human can match’.

What is so interesting about the GEN AI in cybersecurity?

The paper addresses that Gen AI uses foundational neural network models that are powered by and trained on vast amounts of data, working across data silos and acting as a bridge between data sets. This can give analysts a more natural method for identifying, synthesizing, and summarizing insights.

Gen AI can help transform cybersecurity activities like these

1. Risk scoring and prioritization Analyze asset inventories, security logs, and threat intelligence to predict risk scores and recommend preventative measures
2. Actionable and precise threat intelligence Generate summarized reports/ executive briefings for active threats from historic trends or publicly available data
3. Controls testing and automation Create test cases/sample scenarios; expected outcomes; develop supporting documentation
4. Role mining Use Gen AI to recommend role assignments based on user attributes to ensure adaptive access control
5. Third Party Risk Management Analyze data in vendor submitted and external documentation to evaluate the security posture of third-party providers
6. Threat correlation and detection Identify correlation between alert data and threat intelligence reports to determine impact on infrastructure
7. Secure code generation Develop application code and relevant supplementary test cases in line with the latest security considerations (backward integration of secure coding guidelines)
8. Data classification and monitoring Classify and monitor unstructured text-based data, which enables better protection against exfiltration
9. Automated policy review & orchestration Map current policies, standards and procedures against standard industry and regulatory frameworks to meet compliance requirements
10. Security incident response Automate incident response activities, including triaging alerts, correlating events, and guiding incident handlers with response playbooks
11. Enhanced vulnerability scanning Correlate vulnerability data (scan data, external information and remediation plans) to prioritize action plans
12. Deliver personalized and targeted threat/crisis response trainings to employees based on roles, responsibilities, and job requirements
13. Cybersecurity maturity assessments Self-assess the organization’s cyber risk maturity; identify gaps in cyber strategy and generate relevant improvement recommendations
14. Enhanced recovery and remediation Create specific responses that can guide security analysts in remediation and recovery activities
15. Enhanced systems design/configuration Augment system/security architecture design by drafting preliminary technical specification and/or recommending optimal configuration
16. Gen AI-enabled phishing detection Use Gen AI to detect threats and/or phishing attempts created by LLMs

My view is as AI continues to evolve, CISOs will align to leverage these technologies effectively. In future AI can serve as a powerful tool in CISO’s kit, acting as a catalyst for more robust security controls .

Sources:

https://www.cisa.gov/sites/default/files/2023-11/2023-2024_CISA-Roadmap-for-AI_508c.p

https://www.rsaconference.com/library/blog/ciso-perspectives-tackling-the-rise-of-ai-powered-cyber-attacks

https://www.grantthornton.mk/insights/blogs/a-tool-that-can-offer-long-term-benefits

https://www.deloitte.com/global/en/services/consulting-risk/perspectives/the-ciso-guide-to-generative-ai-opportunities-outcomes-and-the-urgency-of-now.html#