The risk of AI, advanced persistent threats, and nation state actors are driving the need to move to zero trust network access in order to improve the cybersecurity posture of all organizations. Chip Wagner, IBM Cybersecurity Leader, and I, got a chance to have a thought-provoking and informative discussion that explores these issues and their impact on information security programs at any sized organization.
In the world of cybersecurity, striking the right balance is critical. On the one hand, you want to cast a wide net in terms of the events you log, in order to catch as many incidents as possible, but on the other hand, you do not want to create too much work for your security team by generating too many false positives.
The emergence of large language models (LLMs) and AI has made it easier for criminals to mount more convincing and difficult-to-detect attacks. As threats continue to evolve, and tensions escalate, AI has both aided and eroded security. AI has made new threats that make it difficult for organizations to protect themselves. For instance, ChatGPT and other LLM tools have made it easier for threat actors to write convincing phishing e-mails in order to steal credentials and better business e-mail compromise (BECs) e-mails that look genuine. The rise of LLMs has made it easier for attackers to create sophisticated phishing e-mails that are capable of fooling even the most tech-savvy people.
This post will review my discussion with Chip, where we talk AI security, emerging threats, and the zero trust principles designed to mitigate both.
AI security
AI is nothing new for IBM, who has created various expert systems and AI tools over the last 20 years. However, ChatGPT increased the average person’s awareness and experience with this rapidly growing technology. AI helps bad actors create more convincing phishing e-mail (more on this later) and automate their attacks. However, IBM has also been working on solutions to mitigate the risk of attacks, such as its Guardian and Polar data security solutions.
Chip said, “We’ve developed a deep learning expert system. I think of it as the brains of an incident responder in a box. When you think of incident response and the MITRE ATT&CK framework, there is this gold standard for detecting attacks. And we take every behavior—we break it down into the individual behaviors that attackers exhibited during an incident or attack campaign.”
Wagner explained that the AI solutions IBM has built to detect and fight cyberattacks are based on the experiences of seasoned cybersecurity professionals.
Another area of security where AI is helping in the fight is triage. False positives are a huge problem. AI helps find real incidents from false positives faster.
“The more detection you do, the more work you create, the more difficult it is,” Chip elaborated. “As we looked at this problem, we said, okay, how do we solve this? How do we fix this so that, as a security team, I can look at all the information, I can do the investigation, but can I quickly analyze it to determine if this is a false positive?”
IBM has several tools that scour third-party databases, examine parent and child processes for anomalies, and build a timeline and cohesive story. Chip continued, “You get this triage, and then you can spend your time doing the important work of analyzing it to make those human determinations.”
Emerging cybersecurity threats
Ransomware is a primary concern for many organizations. Equally concerning is business e-mail compromise. In this attack style, a scammer poses as the intended recipient to steal money. For example, a criminal might compromise an e-mail account in the business office of a vendor in order to intercept the payment of an invoice. The criminal pose as the vendor and instructs the customer to pay the bill to a new bank account. After the customer pays the invoice to the wrong bank account, the actual vendor reaches out, wondering why they have not been paid. This can take weeks or months to discover due to the length of time it takes customers to pay invoices. After weeks or months, the money is gone and the vendor never gets paid.
Generative AI helps threat actors, especially those who may speak English as a second language, craft more convincing BEC attacks and phishing e-mails.
Chip noted, “I’ve witnessed the sophistication of the phishing e-mails that I get today versus a year ago. It’s a night and day difference. There is no language barrier when trying to write these now. So, it has given attackers an edge for getting in for that human component, right? If I [can] trick you into believing that I am the person you think I am, or conveying the message you think I am, that’s the entry point.”
Learn more: How to upgrade and modernize your e-mail security strategy
A quickly developing threat is the use of audio deep fakes—AI tools that have been designed to synthesize voices. In these attacks, well-known organizational leaders such as the CEO or CFO call unsuspecting employees and tell them to transfer funds or pay an invoice. With a voice sample as small as two or three minutes, AI can generate a relatively believable simulation of these leaders. What I recommend to help prevent this kind of scam is for business leaders to create a personal passphrase with staff to prove they are who they claim to be, especially regarding financial transactions.
Additionally, AI can translate text or audio into different languages from English (or vice versa). For this reason, enterprises outside the United States must be aware that criminals are also targeting them. Multinational companies need to be especially aware of international attacks.
Read on: Cybersecurity highlights of 2023: New SEC cybersecurity rules and the major breaches driving them
Zero trust
While AI has added new challenges to the cybersecurity landscape, there are ways to mitigate these risks. Organizations can enhance their defenses against emerging threats by embracing zero-trust principles, like robust identity and access management, and stringent data security measures. The zero-trust framework, which is founded on the guidelines provided by NIST SP 800-207, insists on verifying users, data, devices, applications, the network, virtually everything, and never automatically trusting someone or something just because it is on the corporate network.
This approach (also referred to as appropriate trust) serves as an excellent starting point for discussions with C-level executives and board members about how to make the organization ransomware resistant. The CBTS Zero Trust Readiness Assessment helps organizations identify and prioritize their zero-trust journey.
IBM has adaptive access in its identity solution, which can detect factors like the hand you are typing with, the tone of your voice, and the keyboard you are using. These identifiers can help verify the identity of the person accessing the data and raise a red flag if they detect a breach.
Ultimately, zero trust and similar security efforts aim to protect sensitive data. Sure, devices matter, but data is the valuable (and targeted) asset here. You should also apply the principles of appropriate trust or zero trust to how your organization is storing data, who has access to it, as well as when they can access it and where.
Also read: SASE vs. zero trust: The basics
The threat landscape has changed
Chip pointed out that AI is similar to nuclear technology. “It’s important to be very cautious [and] be a custodian of AI. It’s very important that we’re leveraging it in the right ways.”
The threat landscape is expanding, and our data is dispersed across various locations. It is crucial to enhance your cybersecurity measures actively. Implementing principles such as zero trust or appropriate trust access into your cybersecurity strategy is essential. Moreover, there are solutions available from IBM and other providers that can help mitigate these risks.
Get in touch to learn how the CBTS Security team can help you get the most out of AI-powered security while staying safe from emerging threats.
