Insights

GenAI – The new cybersecurity weapon for good or bad

By Tony Velleca, CEO, CyberProof

CISOs and CIOs face pressure from all sides to sharpen their cyber readiness and organizational resilience. The lack of talent challenges their security teams; there are many fast-changing cybersecurity solutions, and there is a need for a more integrated and consolidated approach. That's before we mention the explosion of endpoints to monitor and protect, including IT, OT, and IoT devices that are driving the need to ingest more expensive data.

At the same time, threat actors are rapidly adapting, often leveraging generative AI (GenAI), and the expectation is that security organizations will be proactive to ensure rapid response and meet more stringent compliance mandates such as the new SEC final rule. To manage the organization effectively, the Board and C-suite need a more real-time view of business risk related to cybersecurity. This view must drive day-to-day work and investments. An annual audit is simply not enough in this new dynamic risk environment. But is this too tall an order?

DIVIDER

Implementing risk-based cybersecurity

Let's face facts — it's virtually impossible always to protect everything. Enterprise environments are complex and dynamic, and budget and talent will always be scarce. Most think that quantifying risk is the most important consideration. I disagree. Instead, I believe it is taking it a step further and using an understanding of business risk to drive day-to-day business decisions on where to spend precious time and budget. Implementing a risk-based approach by understanding the business risk associated with various threat scenarios, designing responses to meet the risk tolerance (for example, containment time), and classifying assets and investments accordingly is now imperative.

As far back as 2019, McKinsey shared how a maturity-based model had run its course and suggested organizations move to a risk-based model, measuring and reporting on risk reduction rather than implementing capabilities. Today, a checklist for a risk-based model includes:

• Mapping the most valuable assets in line with business risk. For example, defining the acceptable loss level for a specific IT system, such as downtime or data loss, and then designing defense accordingly. By creating acceptable risk models across all functions, the right resources can be applied to the right problems at the right time.
• Adapting in near real-time to active threats as they occur. With accurate threat intelligence that aligns the threat with the business context, companies can choose which alerts are most critical and which assets are most vulnerable. According to Forrester, organizations now have more than half of their application portfolios in the cloud, and cloud security offers more real-time posture management approaches that must be leveraged.
• Identifying the most critical and urgent vulnerabilities or policy gaps and patching or resolving these first is table stakes. Equifax, for example, moved all its assets into the public cloud and implemented robust real-time posture management. This, in turn, feeds a business's risk analysis processes and strategy.

DIVIDER

Using GenAI to your advantage

A focal point worth discussing with the C-suite is GenAI, where security leaders find themselves at a critical juncture. AI technologies are proving their value, from detecting anomalies through Machine Learning to leveraging GenAI for comprehensive data analysis. GenAI enables the articulation of risk gaps and priorities and provides insights into policy inquiries. It remains a significant enabler for cybersecurity.

At the same time, AI attack mechanisms are on their way. There has been a 2400% increase in the number of posts on Dark Web forums about how to exploit ChatGPT and a 135% surge in related social engineering campaigns. AI technologies need to be integrated into security solutions to power smart incident response and ensure that the security tools keep pace with AI-driven attack mechanisms on the other side of the table.

Top tips from Forrester include:

• Don't move too fast: AI tools can show great results, but misuse and human error can also cause vulnerabilities.
• Think beyond chatbots: Using AI tools as part of the analyst and security team's workflow and with descriptive datasets will be far more powerful.
• Don't worry about humans: GenAI will not replace your team. It will enhance and augment what they can do.

At CyberProof, experts utilize their knowledge and experience to bolster the power of AI.

DIVIDER

It takes a village — utilizing ready-built AI tools in an increasingly consolidated world

Instead of building from scratch, leveraging GenAI solutions from Microsoft and Google makes sense. Hyperscalers are already consolidating security and leveraging cloud services to become a platform that integrates data and creates robust GenAI models.

The consolidation of security solutions, or more specifically – the data, makes sense in the new world of GenAI. As companies move into one or more of the Hyperscalers, the data matters. The innovations around data, such as data fabric, will offer substantial opportunities for security teams. The Hyperscalers also make their solutions multi-cloud, and GenAI models are generally available on multiple clouds. As security becomes more complex, information from multiple systems will be required for context. This requires a means to accumulate and manage this data cost-effectively. And, of course, cloud providers strategically make it expensive to move data out of their clouds but free or less expensive to bring it in.

At CyberProof, we were an early adopter of what Microsoft now calls Microsoft Defender XDR, centered around their Copilot for Security. We also recently expanded our partnership with Google Cloud. Google offers its Duet AI, similar to Microsoft's Copilot, which leverages many years of Mandiant Threat Intelligence and Forensic information to summarize information, create reports, and provide context and suggestions for remediation in the case of a security event.

Microsoft and Google have spent billions on their cybersecurity initiatives, dwarfing the budgets of others and each taking a unique path to market. Microsoft announced a budget of $20B to enhance cybersecurity between 2021 and 2026, while Google committed $10B.

The challenge for large enterprises will be to adapt these generalized security models to their business risks and policies as we proceed.

CyberProof's enhanced collaboration with Google Cloud and our existing relationship with Microsoft Defender XDR are both aimed at helping clients build future-ready security architectures that reduce cyber risk at the cloud scale through the power of generative AI. Customers can access enhanced threat intelligence and response and gain a holistic view across all tools and solutions - solving problems with business context and a risk-based model in mind. One example is reducing Mean-time-to-Respond (MTTR), as Duet AI, Google search, Big Data, threat intelligence, and other relevant integrations work together on the Google platform to parse data and get answers and mitigation quicker.

Leaning on the right solutions is key to meeting today's challenges and adopting a risk-based cybersecurity model. There's only going to be so much money to go around, and intelligent consolidation can reduce costs while enabling more effective detection and faster response through a collaborative cloud-based approach.