How AI is Changing the Security Landscape
Artificial Intelligence (AI) is the ability of machines to perform tasks that would typically require human-level intelligence to accomplish. It involves the development of algorithms and computer programs that can process data, learn from it, and make decisions or predictions based on that learning.
AI has been around since the early days of computing. The term “Machine Learning” was coined by Arthur Samuel in 1956, who developed a checkers-playing program that could improve its performance through experience. Over time, improvements were made to AI, resulting in the development of ChatGPT (Generative Pre-Trained Transformer), which is actively being used by cybercriminals. Unfortunately, this has opened everyone’s eyes to how “good” AI can be for bad actors.
For example, in December 2022, an anonymous poster claimed that ChatGPT wrote an info stealer application that searches for specific files, zips them, and sends them home. Similarly, in the same month, a threat actor dubbed USDoD posted a Python script, which he emphasized was the first script he ever created. It was made by ChatGPT. Furthermore, everyday bad actors are using ChatGPT to craft believable phishing emails. This raises concerns about the authenticity of people we interact with online, especially with the potential integration of deepfakes with AI Natural Language Processing.
To protect our environments, we need to add AI to our toolkit to identify threats faster and respond automatically. However, it all comes down to people, process, and technology. We need to foster a culture of security and awareness within our organization, educate our employees on security best practices, and identify weaknesses in our security positions. Additionally, we should implement MFA and Conditional Access, secure and protect our on-premise and cloud-based applications, and continuously monitor for security risks.
Many vendors are already integrating AI solutions into their products. For example, ConnectWise announced its intent to integrate OpenAI ChatGPT into its Automate RMM platform. Sophos Intercept X has implemented Deep Learning to detect malware, while KnowBe4 is providing on-demand webinars and training to educate on the capabilities of ChatGPT.
To achieve a Zero Trust environment, we should focus on the business outcomes and design from the inside out. We need to determine who/what needs access, inspect and log all traffic, and implement identity management policies to prevent unauthorized access to our protect surface. Finally, we need to monitor and maintain our protect surface and setup alerting and logging of flows into and out of it.
AI has both positive and negative implications for our cybersecurity. While it can be used to identify threats faster and respond automatically, it can also be used by bad actors to craft believable phishing emails and integrate deepfakes with AI Natural Language Processing. However, by fostering a culture of security and awareness, identifying weaknesses in our security positions, and implementing MFA and Conditional Access, we can add AI to our toolkit and achieve a Zero Trust environment to protect our environments.
If you have questions about AI and how it can effect your business, consider partnering with a trusted vendor, or reach out with questions about how we can support your people and foster a culture of security.