InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
🔧 Definition: Reproduces the exact behavior of one system on a different system. 🎯 Goal: Act like the real system, often for compatibility. 📦 Example: Running an old video game console on your PC using an emulator.
Key Traits:
Mimics both hardware and software behavior.
Used when accuracy is critical (e.g., legacy system support).
Slower but more faithful to original system.
Simulation
🧪 Definition: Models a system’s behavior to study or predict how it operates. 🎯 Goal: Understand or analyze system behavior, not necessarily replicate it exactly. 📊 Example: Simulating weather patterns or network traffic.
Key Traits:
Abstracts certain behaviors for analysis.
Focused on performance, outcomes, or patterns.
Often used in design, training, or testing.
👥 Analogy:
Emulation is like impersonating someone exactly—their voice, walk, habits.
Simulation is like creating a role-play of their behavior to study how they might act.
🔍 Emulation vs. Simulation: Side-by-Side Comparison
Feature
Emulation
Simulation
Purpose
Replicate exact behavior of a system
Model system behavior to understand, test, or predict outcomes
Accuracy
Very high – mimics original system closely
Approximate – focuses on behavior, not exact replication
Use Case
Compatibility, legacy system testing
Analysis, design, forecasting, training
Speed
Slower due to detailed replication
Faster due to abstraction
System Behavior
Includes full hardware/software behavior
Models only necessary parts of the system
Cybersecurity Example
Emulating malware in a sandbox to observe behavior
Simulating a DDoS attack to test how a network would respond
The U.S. National Institute of Standards and Technology (NIST) has raised concerns about the security vulnerabilities inherent in artificial intelligence (AI) systems. In a recent report, NIST emphasizes that there is currently no foolproof method to defend AI technologies from adversarial attacks. The institute warns against accepting vendor claims of absolute AI security, noting that developers and users should be cautious of such assurances.
NIST’s research highlights several types of attacks that can compromise AI systems:
Evasion Attacks: These occur when adversaries manipulate inputs to deceive AI models, leading to incorrect outputs.
Poisoning Attacks: In these cases, attackers corrupt training data, causing the AI system to learn incorrect behaviors.
Privacy Attacks: These involve extracting sensitive information from AI models, potentially leading to data breaches.
Abuse Attacks: Here, legitimate sources of information are compromised to mislead the AI system’s operations.
NIST underscores that existing defenses against such attacks are insufficient and lack robust assurances. The agency calls on the broader tech community to develop more effective security measures to protect AI systems.
In response to these challenges, NIST has launched the Cybersecurity, Privacy, and AI Program. This initiative aims to support organizations in adapting their risk management strategies to address the evolving landscape of AI-related cybersecurity and privacy risks.
Overall, NIST’s findings serve as a cautionary reminder of the current limitations in AI security and the pressing need for continued research and development of robust defense mechanisms.
As vehicles become increasingly connected, integrating sensors, software, and internet connectivity, they offer enhanced safety and convenience features. However, this technological advancement also exposes them to significant cybersecurity risks, making them susceptible to hacking and unauthorized access.
A notable example occurred in 2024 when researchers, including Sam Curry, identified a vulnerability in Kia’s web portal. This flaw allowed unauthorized reassignment of control over internet-connected features in Kia vehicles manufactured after 2013. Similarly, certain Subaru models were found to be remotely hijackable and trackable due to security weaknesses.
The financial impact of such cyberattacks on the automotive industry is substantial. According to a report by VicOne, the industry faced approximately $22.5 billion in cyberattack costs, including $20 billion from data breaches, $1.9 billion due to system downtime, and $538 million in ransomware damages.
Modern vehicles are vulnerable to various cybersecurity threats, including remote hacks through Bluetooth, Wi-Fi, and cellular connections; physical access attacks via diagnostic ports like OBD-II; software vulnerabilities that can be exploited for unauthorized control or data theft; and malware or ransomware injections that can incapacitate vehicle systems.
In-vehicle networks such as the Controller Area Network (CAN) and Local Interconnect Network (LIN), which manage critical functions from engine control to seat adjustments, were not originally designed with security in mind. This oversight leaves them particularly susceptible to hacking. Implementing measures like encryption, authentication, and intrusion detection systems is essential to safeguard these networks.
The advent of autonomous vehicles introduces additional security concerns. Self-driving cars rely heavily on AI algorithms and sensor systems, necessitating robust cybersecurity measures to protect against both external and internal threats. Ensuring the integrity of communication between these components is critical for the safety of passengers and the public.
Manufacturers and regulators must prioritize cybersecurity in vehicle design and operation. This includes conducting thorough risk assessments, implementing comprehensive security protocols, and staying vigilant against emerging threats to protect consumers and maintain trust in automotive technologies.
MITRE CALDERA is an open-source cybersecurity platform developed by MITRE for automated adversary emulation and security assessment. It enables organizations to simulate real-world cyberattacks based on MITRE ATT&CK techniques to test and improve their defenses.
Key Features:
Automated Red Teaming – Simulates adversary behaviors using predefined or custom attack chains.
Run CALDERA: python3 server.py --insecure Access the web UI at http://localhost:8888 (default credentials: admin:admin). This default may not work in ver 5.0 – check conf/default.yml
2. Deploying Agents
CALDERA uses lightweight agents to simulate adversarial actions on endpoints.
Create New Adversary Profiles: Define a new attack sequence with custom scripts or commands.
Use Plugins: Enhance CALDERA with plugins like Stockpile (TTP Library) and Manx (Remote Access Tool).
Use Case Examples
Credential Dumping Simulation – Test if your security tools detect LSASS process memory access.
Lateral Movement Testing – Simulate adversaries moving between hosts using SMB or RDP.
Data Exfiltration Exercise – See if your DLP solutions flag unauthorized file transfers.
Creating Custom Attack Simulations in CALDERA
To build a tailored adversary emulation plan, you’ll need to create custom TTPs (Tactics, Techniques, and Procedures) and integrate them into an adversary profile.
Automating Response Testing – Check if your SIEM or SOAR detects and mitigates the attack.
Example for a specific attack scenario, like lateral movement or credential dumping:
Example: Simulating Lateral Movement Using CALDERA
Lateral movement techniques help assess an organization’s ability to detect and respond to adversaries moving across systems. In this example, we’ll create a CALDERA attack simulation that uses SMB-based remote command execution (ATT&CK ID: T1021.002).
1. Creating the Lateral Movement TTP (Ability)
We’ll define an ability that uses psexec (a common SMB-based remote execution tool).
Test Defense Evasion: Modify commands to use encoded PowerShell payloads.
Check SIEM Logs: Verify if your security tools detected and logged the lateral movement attempt.
Example: Simulating Lateral Movement on Linux Using SSH
Lateral movement on Linux often involves SSH-based remote command execution (MITRE ATT&CK ID: T1021.004). This simulation will test whether security controls detect an attacker moving across Linux systems via SSH.
1. Creating a Custom SSH Lateral Movement TTP (Ability)
yamlCopyEdit- id: fghij67890
name: Linux Lateral Movement Test
description: Simulates an adversary moving laterally via SSH on Linux
atomic_ordering:
- abcde12345
Save this file in caldera/data/adversaries/.
3. Running the Lateral Movement Simulation
Restart CALDERA to load the new configurations:bashCopyEditpython server.py --insecure
Deploy an Agent on an initial Linux system.
Ensure SSH Credentials Are Available:
Modify the agent to include SSH credentials using CALDERA’s fact system:cssCopyEditfact: {remote.user: "testuser", remote.pass: "password123", remote.host: "192.168.1.100"}
Create a New Operation:
Go to: Operations → Create Operation
Adversary Profile: Select Linux Lateral Movement Test
Assign an Agent
Start the Operation
Monitor Execution:
If successful, the target machine will have a file /tmp/loot.txt containing the username.
Check logs to verify execution.
4. Enhancing the Simulation
Use Key-Based Authentication Instead of Passwords:yamlCopyEditcommand: | ssh -i /home/#{remote.user}/.ssh/id_rsa #{remote.user}@#{remote.host} "whoami > /tmp/loot.txt"
Simulate Data Exfiltration: Copy files from the remote system using scp.
Test SIEM Detection: Ensure logs capture unauthorized SSH connections.
A Fortune 50 company recently made the largest known ransomware payment—a staggering $75 million—to the Dark Angels ransomware gang after 100 terabytes of data were stolen. Surprisingly, the company did not disclose the attack, even though SEC regulations require public companies to report significant cyber incidents. Unlike typical ransomware cases, the company’s systems were not shut down; they paid purely to keep the data private, highlighting the immense value organizations place on reputation.
Many companies choose to silence cyberattacks out of fear—concerned that disclosure could lead to customer loss, stock declines, and lawsuits. Executives often believe they won’t be targeted, treat each attack as an isolated event, or try to downplay incidents. Even with stricter SEC rules, businesses are finding ways to disclose as little as possible, fueling a cycle where ransom payments encourage more attacks.
This quiet ransom-paying culture increases risks across industries, making companies more attractive targets. Hackers are incentivized to continue their attacks, knowing that major corporations would rather pay up than risk public fallout. The more companies cave to these demands, the more cybercriminals are emboldened.
The solution? Proactive cybersecurity investments to build resilience before an attack happens. However, as history shows, preventive measures are a hard sell—many organizations react only after a crisis, rather than prioritizing security before disaster strikes. Breaking this cycle requires a mindset shift toward long-term cyber preparedness over short-term damage control.
The article highlights seven key cybersecurity projects that organizations should prioritize in 2025 to address emerging threats and enhance their security posture. These projects focus on leveraging advanced technologies, improving processes, and adapting to new regulations.
Summary:
Zero Trust Architecture: Organizations are increasingly adopting zero trust to minimize security risks by verifying all users and devices before granting access to resources.
AI-Powered Threat Detection: Leveraging artificial intelligence to detect and respond to sophisticated cyber threats in real time is becoming essential.
Cloud Security Enhancement: As cloud adoption grows, securing cloud environments and addressing risks like misconfigurations and unauthorized access remains a top priority.
Third-Party Risk Management: Businesses are focusing on assessing and mitigating risks posed by vendors and supply chain partners to safeguard sensitive data.
Endpoint Security Modernization: With remote work continuing, companies are upgrading endpoint protection to secure devices from advanced attacks.
Compliance Automation: Automating compliance workflows helps organizations meet regulatory requirements more efficiently while reducing human error.
Employee Awareness Programs: Regular training to combat phishing and social engineering attacks is vital for creating a security-conscious workforce.
These projects aim to strengthen resilience against evolving threats while aligning cybersecurity strategies with business objectives and regulatory demands.
For the first time ever researchers crack RSA and AES data encryption
Chinese scientists reveal D-Wave’s quantum computers can break RSA encryption, signaling an urgent need for new cryptography solutions.
A group of Chinese researchers has successfully cracked RSA and AES encryption using D-Wave quantum computers. This breakthrough marks the first time such widely used encryption methods have been defeated. RSA, used in digital security protocols like HTTPS, relies on the difficulty of factoring large prime numbers. AES, on the other hand, protects sensitive data by converting it into unintelligible code. Both encryption methods are foundational to modern cybersecurity and global data protection systems.
The researchers employed a combination of advanced quantum computing and innovative algorithms to break the encryption. Quantum computers, unlike classical systems, process information using quantum bits (qubits), enabling parallel computations at an unprecedented scale. This capability makes them uniquely suited to solving problems like factoring large numbers or solving complex mathematical challenges—processes essential for breaking RSA and AES.
This achievement signals an urgent need for post-quantum cryptography, which can withstand quantum attacks. Governments and technology organizations worldwide are now accelerating the development of cryptographic systems designed for this new era. This breakthrough emphasizes the importance of adopting quantum-resistant encryption to ensure long-term security for sensitive information in areas like banking, healthcare, and national defense.
The implications of this research extend beyond encryption. Quantum computing’s power could revolutionize fields such as medicine, artificial intelligence, and materials science. However, it also presents significant challenges to current cybersecurity practices. Researchers and policymakers must urgently address these dualities to harness quantum computing’s potential while mitigating its risks.
Cybersecurity involves technologies, processes, and measures aimed at safeguarding systems, networks, and data from cyber threats. A strong cybersecurity strategy minimizes the risk of attacks and prevents unauthorized access to systems, networks, and technologies.
Cybersecurity focuses on protecting computer systems from unauthorized access, damage, or events that would make them inaccessible.
People:
It is important that all staff are informed about how to identify and avoid common cyber threats, and for those responsible for the technical aspects of cybersecurity to keep up to date with the latest skills and qualifications.
Processes:
Processes are crucial in defining how the organization’s activities, roles, and documentation are used to mitigate the risks to the organization’s information. Cyber threats change quickly, so processes need to be continually reviewed to ensure you stay ahead.
Technology:
To mitigate cyber risks, you must first identify what risks your organization faces. From there, you can implement technological controls. Technology can be used to prevent or reduce the impact of cyber risks, depending on your risk assessment and the level of risk you consider acceptable.
Why is cybersecurity important?
The cost of cybersecurity breaches is risingEmerging privacy laws can mean significant fines for organizations. There are also non-financial costs to consider, like reputational damage.
Cyber attacks are increasingly sophisticated Cyber attacks continue to grow in sophistication. Attackers use an ever-expanding variety of tactics, including social engineering, malware, and ransomware.
Types of cybersecurity threats
Phishing
Phishing is a method of social engineering used to trick people into divulging sensitive or confidential information, often via email. These scams are not always easy to distinguish from genuine messages, and can inflict enormous damage on organizations.
Social engineering is used to deceive and manipulate victims into providing information or access to their computer. This is achieved by tricking users into clicking malicious links or opening malicious files, or by the attacker physically gaining access to a computer through deception.
Malware
Malware is short for “malicious software.” It can take the form of viruses, worms, Trojans, and other types of malicious code. Malware can be used to steal personal information, destroy data, and take control of computers.
Ransomware attacks
Ransomware is a form of malware that encrypts victims’ information and demands payment in return for the decryption key. Paying a ransom does not necessarily guarantee that you will be able to recover the encrypted data.
The article emphasizes the growing importance of cybersecurity as a boardroom priority in today’s digital economy. With cyber risks increasing, cybersecurity is no longer just a technical issue; it is a critical concern that board members must address to safeguard business operations, reputations, and financial health.
Key points include:
Cyber Threats Are Escalating: The frequency and severity of attacks like phishing and ransomware are rising, with the average cost of a data breach hitting $4.88 million. This creates both immediate and long-term impacts, such as financial loss, regulatory fines, and reputational damage.
Board Engagement Is Crucial: Board members must actively engage in shaping cybersecurity strategies, understanding key threats, allocating resources, and fostering a security culture throughout the organization.
Proactive Measures for Resilience: Boards should implement comprehensive cybersecurity frameworks (ISO, NIST e.g.,) prioritize employee training, and ensure robust incident response plans. Regular security assessments and simulations can help mitigate risks.
In summary, cybersecurity must be integrated into business strategy, with board members leading the charge to protect the organization’s future and maintain stakeholder trust. Cybersecurity is now a strategic imperative, essential for long-term resilience and sustainable growth.
You Can’t Keep Up with Emerging Threats or Technologies
Business Impact: Staying ahead of emerging threats and technologies is essential for protecting your business from cyberattacks. Falling behind can leave your business vulnerable to breaches, resulting in data loss, financial damage, and reputational harm. A cybersecurity consultant can help you stay current and implement the latest defenses, ensuring your business remains secure and competitive.
Expectation: CEOs should expect cybersecurity consultants to provide continuous education and training programs for their staff, ensuring the team stays updated with the latest cybersecurity trends and technologies. This empowers employees to recognize and respond to threats more effectively and reinforces a culture of security within the organization.
You Need an Impartial Security Assessment
Business Impact: Internal disagreements about security protocols can lead to inefficiencies and increased risk. An impartial assessment from a cybersecurity consultant can provide clarity, help to align your team and ensure that security measures are effective and unbiased. This can lead to a more cohesive security strategy and a more robust overall security posture.
Expectation: CEOs should expect cybersecurity consultants to conduct regular third-party security audits. These audits maintain an unbiased perspective on the company’s cybersecurity posture, uncover hidden vulnerabilities, and ensure that security measures evolve with the changing threat landscape.
You’re Lacking Innovation in Your Security Strategies
Business Impact: Innovation in security strategies is vital to staying ahead of cyber threats. A consultant brings fresh perspectives and innovative solutions that can enhance your existing security measures, leading to improved efficiency and effectiveness. This can result in cost savings, better resource allocation, and a more robust defense against cyber threats.
Expectation: CEOs should expect consultants to help establish a dedicated innovation team within the security department. This team should explore and integrate new technologies and methodologies, collaborating with the consultants to bring cutting-edge solutions to the organization.
You’re Unable to Meet Your Security Goals
Business Impact: Failing to meet security goals can expose your business to risks and hinder growth. A consultant can help identify the root causes of these challenges and provide actionable insights to achieve your objectives. Meeting security goals can enhance your business’s credibility, reduce the risk of breaches, and support overall business growth.
Expectation: CEOs should expect cybersecurity consultants to implement a structured framework like the NIST Cybersecurity Framework. This framework guides the security strategy and goal-setting processes, helping to identify gaps, set realistic goals, and track progress effectively.
Your Business Isn’t Growing, and You Don’t Know Why
Business Impact: Stagnant growth can indicate underlying security issues that are not immediately apparent. A cybersecurity consultant can conduct a thorough analysis to uncover hidden problems and provide solutions. Addressing these issues can remove barriers to growth, improve operational efficiency, and enhance your business’s financial performance.
Expectation: CEOs should expect cybersecurity consultants to perform a comprehensive security health check during the business strategy review. This health check identifies unseen security issues that may be hindering growth, and addressing them can streamline operations and enhance overall performance.
You’re Stalling on Implementing New Security Measures
Business Impact: Delaying important security initiatives can leave your business vulnerable and impede progress. A consultant can provide the expertise and resources needed to implement new security measures promptly. This can improve your security posture, reduce risk, and enable you to confidently take advantage of new business opportunities.
Expectation: CEOs should expect cybersecurity consultants to develop a clear, phased implementation plan for new security measures, prioritizing critical vulnerabilities first. This plan should include milestones and timelines to ensure steady progress and accountability.
You’re Working Outside Your Expertise
Business Impact: Focusing on areas outside your expertise can lead to suboptimal decisions and wasted resources. By hiring a cybersecurity consultant, you can ensure that specialized tasks are handled by experts, allowing you to focus on your strengths. This can lead to better decision-making, increased efficiency, and a higher quality of security measures.
Expectation: CEOs should expect cybersecurity consultants to establish a strategic partnership to handle specialized tasks. This ensures reliance on expert advice and services, allowing the CEO to focus on core business activities and leading to better overall outcomes.
You Lack In-House Security Expertise
Business Impact: A lack of in-house cybersecurity expertise can leave your business vulnerable to attacks and regulatory non-compliance. A consultant can fill this gap, providing the necessary skills and knowledge to protect your business. This can enhance your security posture, ensure compliance with industry regulations, and reduce the risk of costly breaches.
Expectation: CEOs should expect cybersecurity consultants to help implement an MSSP to supplement in-house capabilities. An MSSP provides continuous monitoring, threat detection, and response services, ensuring robust security even with limited internal resources.
You Have Tunnel Vision Regarding Security Issues
Business Impact: Working too closely on security problems can limit your perspective and lead to missed solutions. A consultant brings fresh eyes and can identify issues and solutions you might overlook. This can lead to more effective problem-solving, reduced risk, and improved overall security.
Expectation: CEOs should expect cybersecurity consultants to host regular brainstorming sessions with cross-functional teams. These sessions encourage diverse insights into security challenges, helping to uncover innovative solutions and prevent oversight.
You’re Working on a Time-Sensitive Security Project
Business Impact: Urgent security projects require expertise and efficiency to ensure success. A consultant can provide support to meet tight deadlines and achieve project goals.
Expectation: CEOs should expect cybersecurity consultants to utilize project management tools and methodologies like Agile to manage time-sensitive security projects efficiently. These tools streamline workflows, enhance collaboration, and meet critical deadlines without compromising quality.
FAQ’s
How do you verify the credentials and experience of a cybersecurity consultant?
To verify a cybersecurity consultant’s credentials and experience, you can:
Check Certifications: Look for reputable certifications like CISSP, CISM, CEH, or others recognized in the industry.
Review Past Projects: Ask for case studies or examples of past work that demonstrate their ability to handle challenges similar to yours.
Seek References: Contact previous clients to get feedback on their experiences with the consultant.
Interview Thoroughly: Conduct in-depth interviews to assess their knowledge, approach, and how they keep up with industry changes.
Assess Continuous Learning: Inquire about their commitment to ongoing education and professional development.
What are the typical costs associated with hiring a cybersecurity consultant?
The cost can vary widely based on factors such as the scope of work, the consultant’s experience, and the duration of the engagement. Typical costs might include:
Hourly Rates: Ranging from $150 to $500+ per hour.
Project-Based Fees: Project fees can range from a few thousand dollars to hundreds of thousands, depending on the complexity.
Retainer Agreements: Monthly retainers can range from $5,000 to $20,000 or more for ongoing support.
Discussing and agreeing on the fee structure upfront is essential to ensure it aligns with your budget and expectations.
What are the common red flags when interviewing potential cybersecurity consultants?
Some red flags to watch out for include:
Lack of Specific Experience: They must provide detailed examples of past projects or relevant experience.
Overemphasis on Certifications: While important, certifications alone don’t guarantee practical expertise.
Poor Communication Skills: Inability to clearly explain complex concepts or their approach to your specific issues.
Vague proposals lack details about how they will address your needs or what deliverables you can expect.
Unrealistic Promises: Guarantees of absolute security or immediate fixes are often unrealistic and should be scrutinized.
Can you provide examples of successful cybersecurity consultant engagements?
Examples of successful engagements include:
Incident Response: A consultant helped a mid-sized company recover from a ransomware attack by quickly identifying the breach, containing the threat, and restoring data from backups, minimizing downtime and data loss.
Security Program Development: A consultant worked with a healthcare provider to develop a comprehensive security program, achieving regulatory compliance and significantly reducing the risk of data breaches.
Vulnerability Assessment: For a financial services firm, a consultant conducted a thorough vulnerability assessment, identifying and addressing critical security gaps that previously went unnoticed, enhancing overall security posture.
.
How do cybersecurity consultants stay updated on the latest threats and technologies?
Cybersecurity consultants stay current by:
Continuous Education: Regularly attend training sessions and webinars and obtain advanced certifications.
Professional Networks: Being active in professional organizations like (ISC)², ISACA, and others, which offer resources and networking opportunities.
Industry Conferences: Participating in conferences such as Black Hat, DEF CON, and RSA Conference to learn about the latest trends and technologies.
Research and Publications: I read industry publications and research papers and participated in cybersecurity forums and discussions.
Hands-On Experience: Engaging in ongoing practical work and simulations to apply new techniques and tools in real-world scenarios.
This commitment to continuous learning ensures they can provide up-to-date and effective security solutions.
Some inauthentic networks used artificial intelligence in their campaigns to push certain political agendas, according to Meta.
Meta says it cracked down on propaganda campaigns on its platforms, including one that used AI to influence political discourse and create the illusion of wider support for certain viewpoints, according to its quarterly threat report published today. Some campaigns pushed political narratives about current events, including campaigns coming from Israel and Iran that posted in support of the Israeli government.
The networks used Facebook and Instagram accounts to try to influence political agendas around the world. The campaigns — some of which also originated in Bangladesh, China, and Croatia — used fake accounts to post in support of political movements, promote fake news outlets, or comment on the posts of legitimate news organizations.
A network originating in China, for example, consisted of several dozen Instagram and Facebook accounts, pages, and groups and was used to target global Sikh communities, Meta says. Another campaign traced to Israel used more than 500 Facebook and Instagram accounts to pose as local Jewish students, African Americans, and “concerned” citizens praising Israeli military actions and discussing campus antisemitism, among other types of content.
Some of the content shared by those two networks was likely created using generative AI tools, Meta writes. Accounts in the China-based campaign shared AI-generated images, and the Israeli campaign posted AI-generated comments, Meta found. The report says that, for now, AI-powered influence campaigns are not sophisticated enough to evade existing systems of detection.
Influence campaigns are regularly discovered on social media platforms. Earlier in May, TikTok said it had uncovered and disrupted a dozen such networks on its platform, including one that it traced to China.
Threat actors can use generative AI to write malware and more skilled cybercriminals could exfiltrate information from or inject contaminated data into the large language models (LLMs) that train GenAI.
Recent quantum computing and AI advancements are expected to challenge established cryptographic algorithms.
Today, enterprises block 18.5% of all AI transactions, a 577% increase from April to January, for a total of more than 2.6 billion blocked transactions.
Some of the most popular AI tools are also the most blocked. Indeed, ChatGPT holds the distinction of being both the most-used and most-blocked AI application.
Of the people who clicked on fraudulent links from supposed tax services, 68% lost money. Among those, 29% lost more than $2,500, and 17% lost more than $10,000.
9% of Americans feel confident in their ability to spot deepfake videos or recognize AI-generated audio, such as fake renditions of IRS agents.
HiddenLayer | AI Threat Landscape Report 2024 | March 2024
98% of companies surveyed view some of their AI models as vital for business success, and 77% have experienced breaches in their AI systems over the past year.
61% of IT leaders acknowledge shadow AI, solutions that are not officially known or under the control of the IT department, as a problem within their organizations.
Researchers revealed the extensive use of AI in modern businesses, noting an average of 1,689 AI models actively used by companies. This has made AI security a top priority, with 94% of IT leaders dedicating funds to safeguard their AI in 2024.
Code42 | Annual Data Exposure Report 2024 | March 2024
Since 2021, there has been a 28% average increase in monthly insider-driven data exposure, loss, leak, and theft events.
While 99% of companies have data protection solutions in place, 78% of cybersecurity leaders admit they’ve still had sensitive data breached, leaked, or exposed.
More than 95% of respondents believe dynamic content through Large Language Models (LLMs) makes detecting phishing attempts more challenging.
Phishing will remain the top social engineering threat to businesses throughout 2024, surpassing other threats like business email compromise, vishing, smishing or baiting.
88% of cybersecurity professionals believe that AI will significantly impact their jobs, now or in the near future, and 35% have already witnessed its effects.
75% of respondents are moderately to extremely concerned that AI will be used for cyberattacks or other malicious activities.
The survey revealed that 12% of respondents said their organizations had blocked all access to generative AI tools in the workplace.
Cisco | Cisco 2024 Data Privacy Benchmark Study | February 2024
63% have established limitations on what data can be entered, 61% have limits on which employees can use GenAI tools, and 27% said their organization had banned GenAI applications altogether for the time being.
Despite the costs and requirements privacy laws may impose on organizations, 80% of respondents said privacy laws have positively impacted them, and only 6% said the impact has been negative.
91% of organizations recognize they need to do more to reassure their customers that their data was being used only for intended and legitimate purposes in AI.
Some notable colleges and universities renowned for their cybersecurity programs and courses include:
Carnegie Mellon University (USA)
Information Networking Institute (INI)
The Information Networking Institute (INI) at Carnegie Mellon University (CMU) educates and develops engineers through technical, interdisciplinary master’s degree programs in information networking, security and mobile and IoT engineering that incorporate business and policy perspectives.
Institute for Information Security & Privacy (IISP)
The Georgia Institute of Technology’s Institute for Information Security & Privacy (IISP) is a research institution dedicated to advancing cybersecurity and privacy technologies. Established within Georgia Tech, the IISP serves as a focal point for interdisciplinary research, education, and collaboration in the field of information security and privacy.
MIT Department of Electrical Engineering and Computer Science
A joint venture between the Schwarzman College of Computing and the School of Engineering, EECS is grounded in three overlapping sub-units: electrical engineering (EE), computer science (CS), and artificial intelligence and decision-making (AI+D).
Cyber Policy Center and Computer Science Department
The Cyber Policy Center brings together researchers across the Stanford campus to solve the biggest issues in cybersecurity, governance and the future of work.
An independent subsidiary of SANS, the SANS Technology Institute offers graduate programs (master’s degree and graduate certificates) that develop technically-adept leaders and undergraduate programs (bachelor’s degree and undergraduate certificate) for people who want to enter the cybersecurity field.
The School of Information is a graduate research and education community committed to expanding access to information and to improving its usability, reliability, and credibility while preserving security and privacy. This requires the insights of scholars from diverse fields — information and computer science, design, social sciences, management, law, and policy.
The Department of Computer Science and Technology (formerly known as the Computer Laboratory) is the academic department within the University of Cambridge that encompasses computer science, along with many aspects of technology, engineering and mathematics.
The Global Cyber Security Capacity Centre (GCSCC) is an international centre for research on efficient and effective cybersecurity capacity-building, promoting an increase in the scale, pace, quality and impact of cybersecurity capacity-building initiatives across the world.
How to learn it…As a Cybersecurity professional you learn something new everyday, as this is an evolving field. Happy Learning!
Learning cybersecurity involves a combination of formal education, self-study, hands-on practice, and staying updated with the latest developments in the field. Here’s a step-by-step guide to help you get started:
Understand the Basics: Familiarize yourself with the fundamentals of computer science, networking, and operating systems. This will provide you with a strong foundation for understanding cybersecurity concepts.
Choose a Learning Path: Cybersecurity is a broad field with various specializations such as network security, ethical hacking, digital forensics, and cloud security. Decide which area interests you the most and focus your learning efforts accordingly.
Take Online Courses: There are numerous online platforms offering cybersecurity courses for beginners to advanced learners. Some popular ones include Coursera, Udemy, Pluralsight, and Cybrary. Look for courses that cover topics like cryptography, malware analysis, penetration testing, etc.
Earn Certifications: Certifications can validate your skills and knowledge in specific areas of cybersecurity. Some widely recognized certifications include CompTIA Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), and Offensive Security Certified Professional (OSCP).
Practice with Hands-on Labs: Hands-on experience is crucial in cybersecurity. Set up a lab environment using virtualization software like VirtualBox or VMware, and practice implementing security measures, performing penetration tests, and analyzing malware.
Read Books and Whitepapers: Supplement your online learning with books and whitepapers written by cybersecurity experts. These resources provide in-depth insights into advanced topics and real-world case studies.
Join Cybersecurity Communities: Engage with cybersecurity communities and forums to connect with fellow enthusiasts and professionals. Websites like Reddit’s r/netsec and Stack Exchange’s Information Security offer valuable discussions and resources.
Participate in Capture The Flag (CTF) Competitions: CTF competitions are cybersecurity challenges where participants solve various tasks related to hacking, reverse engineering, cryptography, etc. Participating in CTFs is an excellent way to sharpen your skills and learn new techniques.
Stay Updated: Cyber threats evolve rapidly, so it’s essential to stay updated with the latest news, trends, and vulnerabilities. Follow cybersecurity blogs, subscribe to industry newsletters, and attend conferences and webinars.
Consider Formal Education: If you’re serious about pursuing a career in cybersecurity, consider enrolling in a degree program or bootcamp specializing in cybersecurity. A formal education can provide you with structured learning and access to industry experts.
Remember that cybersecurity is a continuously evolving field, so be prepared to adapt and keep learning throughout your career. Good luck on your learning journey!
In 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon for threat actors, according to IBM’s 2024 X-Force Threat Intelligence Index.
Attacks on critical infrastructure reveal industry faux pas
In nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, MFA, or least-privilege principals – indicating that what the security industry historically described as “basic security” may be harder to achieve than portrayed.
Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. With this growing pushback likely to impact adversaries’ revenue expectations from encryption-based extortion, groups that previously specialized in ransomware were observed pivoting to infostealers.
X-Force analysis projects that when a single generative AI technology approaches 50% market share or when the market consolidates to three or less technologies, it could trigger at-scale attacks against these platforms.
“While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown” said Charles Henderson, Global Managing Partner, IBM Consulting, and Head of IBM X-Force. “Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic.”
A global identity crisis poised to worsen
Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the dark web today. In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities – with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.
This “easy entry” for attackers is one that’s harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.
This wide reach into users’ online activity was evident in the FBI and European law enforcement’s April 2023 takedown of a global cybercrime forum that collected the login details of more than 80 million user accounts. Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across dark web forums, reaffirming these innovations have caught cybercriminals attention and interest.
Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets’ need for uptime to advance their objectives.
Nearly 85% of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts. The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organizations and state-level government bodies in 2022 involved the use of valid accounts. This highlights the need for these organizations to frequently stress test their environments for potential exposures and develop incident response plans.
For cybercriminals to see ROI from their campaigns, the technologies they target must be ubiquitous across most organizations worldwide. Just as past technological enablers fostered cybercriminal activities – as observed with ransomware and Windows Server’s market dominance, BEC scams and Microsoft 365 dominance or cryptojacking and the Infrastructure-as-a-Service market consolidation – this pattern will most likely extend across AI.
X-Force assesses that once generative AI market dominance is established – where a single technology approaches 50% market share or when the market consolidates to three or less technologies – it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals.
Although generative AI is currently in its pre-mass market stage, it’s paramount that enterprises secure their AI models before cybercriminals scale their activity. Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn’t require novel tactics from attackers to target – highlighting the need for a holistic approach to security in the age of generative AI.
Where did all the phish go?
Nearly one in three attacks observed worldwide targeted Europe, with the region also experiencing the most ransomware attacks globally (26%).
Despite remaining a top infection vector, phishing attacks saw a 44% decrease in volume from 2022. But with AI poised to optimize this attack and X-Force research indicating that AI can speed up attacks by nearly two days, the infection vector will remain a preferred choice for cybercriminals.
Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a ‘high’ or ‘critical’ CVSS base severity score.
X-Force observed a 100% increase in “kerberoasting” attacks, wherein attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.
X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.
7 Cyberattacks faced by small businesses and how to prepare to counter them:
1. Phishing Attacks 🎣 Phishing attacks trick employees into revealing sensitive information. • Train staff to recognize suspicious emails. • Use email filtering tools to block malicious messages.
2. Ransomware 🔒💵 Ransomware locks your data until you pay a ransom. • Backup data regularly. • Ensure you have strong antimalware software and keep it updated.
3. DDoS Attacks 🌐💥 Distributed Denial of Service (DDoS) attacks overwhelm your servers with traffic. • Invest in DDoS protection services. • Have a response plan ready to mitigate downtime.
4. Insider Threats 👥🔪 Employees or partners can misuse access to harm your business. • Implement strict access controls. • Monitor user activities for unusual behavior.
5. Zero-Day Exploits ⚙️❗ Hackers exploit unknown software vulnerabilities. • Keep all software and systems updated. • Use intrusion detection systems to spot suspicious activity.
6. Man-in-the-Middle Attacks 🕵️ Attackers intercept communications between two parties. • Use encryption for all communications. • Implement secure VPNs for remote access.
7. SQL Injection 💾🐛 Hackers insert malicious code into your database queries. • Regularly update and patch your database systems. • Use parameterized queries to prevent SQL injection.
Being prepared can save your small business from disaster. 💼💥
In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles.
Edan highlights the challenges of technological advancements and outlines strategies for automakers to address cyber threats effectively. Additionally, he emphasizes the importance of consumer awareness in ensuring vehicle security.
Can you describe the state of cybersecurity in the automotive industry, especially in the context of electric and connected vehicles?
The automotive industry is experiencing a digital breakthrough transforming how vehicles are designed, manufactured, and used, primarily driven by the introduction and popularity of electric and autonomous vehicles. Technological advancements have been introduced and integrated throughout the vehicle life cycle. This brings numerous benefits like enhanced safety and improved efficiency to the cars we drive daily, but it also brings new and pressing cybersecurity challenges.
Now that our vehicles are becoming increasingly connected to the internet can go through Over-the-Air (OTA) updates, use remote management, contain Advanced Driver Assistance Systems (ADAS), and employ AI, the potential avenues for cyberattacks have expanded for threat actors to exploit in a significant way.
What steps are automakers taking to address cybersecurity challenges in their latest vehicle models?
We use different forms and increasing amounts of software in our vehicles. The first challenge is in the supply chain, not just in terms of who provides the software; the issue penetrates each layer. Automakers need to understand this from a risk management perspective to pinpoint the onset and location of each specific risk. Suppliers must be involved in this process and continue to follow guidelines put in place by the automaker.
The second challenge involves software updating. As technology continues to evolve and more features are added, cybercriminals find new ways to exploit flaws and gaps in systems that we may not have been aware of because of the newness of the technology. Regular software updates must be administered to products to patch holes in systems, improve existing vulnerabilities and improve product performance.
In order to address these challenges, automakers need to conduct an initial risk assessment to understand what kind of threats and the type of threat actors are active within each layer of the product and supply chain in the automotive industry. From the experience gained from the initial risk assessment, a procedure must be put in place to ensure each internal and external employee and supplier knows their role in maintaining security at the company.
The procedure determines which types of threat actors are active within the automotive industry, where they are located, and each threat’s severity. This is complicated because threat actors reside worldwide in large numbers, and each group uses various forms of attacks to various degrees. Automakers use the information collected daily to help protect their assets. Additionally, audits must be conducted regularly to evaluate each supplier and employee to verify the procedures are followed correctly, don’t need to be updated, etc.
Can you explain how vehicle manufacturers integrate cybersecurity into the design and development process?
Once you have a factory line running, the first step to integrate cybersecurity into the manufacturing process is to secure the operation technology (OT) policy by understanding the risk and how to close the gaps. Manufacturers must deal with OT threats, which involve thousands of unique threats coming from the product lines, sensors, and other equipment involved in the manufacturing process, instead of systems like computers.
These threats can be especially dangerous if left ignored because of the simplicity of the equipment used in this stage. Suppose you are a threat actor and you want to damage an automaker. In that case, it is much more difficult to conduct a cyberattack on the cloud or the employees of an automaker. Still, the factory line is easier to attack because it uses equipment that is easier to breach and actions are less detected. This is a very common area for threat actors to target.
What key strategies are you recommending for protecting connected and electric vehicles against cyber threats?
Automotive companies must take a proactive approach to addressing cybersecurity threats instead of being reactive. This allows security teams to avoid threats instead of responding later once the damage has already been done. A few proactive strategies I’d recommend for companies are the following.
Conduct a risk assessment to understand and prioritize current and future risks.
Develop company-wide security policies and procedures so all employees know their roles in maintaining security.
Hold regular security training and awareness programs to educate employees.
Implement strong network security measures, including firewalls, detection systems, and encryption, to monitor your network traffic for any anomalies regularly.
Regularly backup critical data and store it in secure locations.
Develop a comprehensive incident response plan outlining steps to be taken during a cyberattack.
Conduct periodic security audits to evaluate the effectiveness of security measures and identify improvement areas.
Cybersecurity is an ongoing process that requires constant vigilance and adaptation – current strategies will likely become outdated and need to be reworked as new threats emerge.
What role do regulatory bodies play in shaping cybersecurity standards for electric and connected vehicles?
Regulatory bodies play a role in shaping cybersecurity standards, but they do not help you secure your products directly – that is up to each individual player in the automotive supply chain. The goal of regulatory bodies is to provide automakers with best practices on steps to take in the event of a cyber hack, what players to communicate with, and how deep to reach depending on the severity of the threat.
Once an automaker is compliant with certain regulatory rules, they will then ask the regulatory bodies to come to conduct an onsite visit, where they conduct an audit for months at a time, trying to hack each layer they can and look for any areas of weakness, to identify what needs to be patched up. This process needs to be repeated until the automaker is fully compliant.
What are the best practices that consumers should be aware of to ensure the cybersecurity of their electric or connected vehicles?
Consumers need to make sure the data collected in the vehicle stays private. For example, if you have an electric vehicle (EV) and you need to charge it, you might visit a public charging station. Not many people know this, but your vehicle data can be easy to hack at public charging stations because you are not only transferring electricity but also data.
To prevent this from happening, vehicle owners need to ask the right questions. Owning an EV is no different than when a homeowner goes to buy a large kitchen appliance, for example. The right questions need to be asked, including – who made it, whether the company has a cybersecurity procedure in place, whether it is currently compliant with regulatory body requirements, etc. Making sure that all software is regularly up to date is also essential. EV users must download official software from trusted brands using a secure network.
Along with automakers, consumers are partially responsible for their own security, which needs to be stressed to the general public more. Without this knowledge, consumers are left highly vulnerable to hacks from cybercriminals.
The cybersecurity field continuously generates new terms and concepts as it evolves with time. It also repurposes words to describe new concepts. There’s a never-ending flow of jargon that some refer to as an alphabet soup of complexity. From NGAV to XDR, it appears unlikely for cybersecurity to run out of new acronyms and terminologies.
Meanwhile, some popular terms used in cybersecurity can have contradicting meanings. These are the so-called contronyms, which may add some spice to the insipidity of tech terms. Here’s a list of some famous cybersecurity words or phrases many would probably think they are already familiar with but are likely to be surprised to learn about their other meanings.
HACKING
Most people tend to equate hacking to cybercrime, an attempt to illegally access, damage, or take over a computer system. This is not surprising given that most news articles that mention hacking use the term in its negative connotation, referring to cyber attacks aimed at bypassing access controls or security measures to prevent the unauthorized use of IT resources.
However, hacking can mean something positive or useful. In cybersecurity, system hacking can refer to an authorized effort to break existing security measures to test their effectiveness and spot weaknesses. The term often used for this action is “ethical hacking,” but hacking by itself is neither good nor bad. It’s how it is used that spells the difference.
Hacking in both its malicious and ethical instances follows the same stages. Also, they use similar techniques, from password cracking to phishing, the deployment of rootkits and trojans, exploitation of buffer overflows, privilege escalation, and the use of keyloggers. These steps and techniques are observed in attempts to exploit vulnerabilities and detect security weaknesses so that they can be plugged or resolved.
PATCHING
In contrast to hacking, patching is often perceived as a positive term. It is mostly known as the application of a software patch to address a vulnerability or add new functions. Software publishers regularly release patches for their software in response to developments in the cyber threat landscape and to provide improvements in their software products.
Negatively, patching refers to the unauthorized modification of a software or system by taking advantage of system vulnerabilities. Cybercriminals can infiltrate or corrupt software pipelines, allowing them to send out malicious software patches to unsuspecting users. This works because many tend to excessively trust their automated software pipelines or they carelessly obtain their software updates from unofficial sources.
SNIFFING
Among those involved in network administration, sniffing is a legitimate process that entails the tracking and analysis of network traffic. This is done to undertake a troubleshooting task, monitor network performance, or facilitate network security-related actions. It is one of the vital actions in Intrusion Detection Systems (IDS).
However, sniffing can also refer to malicious packet sniffing, wherein an attacker intercepts the packets transmitted through a network. Sniffing allows bad actors to steal login credentials and other sensitive information. It can help them gain access to online accounts or steal crucial data. Sniffing is often used as a form of cyber attack on devices that connect to the internet through public WiFi networks.
Sniffing in the negative context is not new. It has been used as an attack for decades. Cybersecurity advocates pointed out the threat of sniffing more than a decade ago amid the proliferation of businesses that offer free public WiFi connection without strong security.
SCRIPTING
Scripting refers to the writing and deployment of scripts for the automation of repetitive tasks. It is used to automate routine actions, which enables the efficient management of systems. Scripting is also employed in penetration testing to simulate cyber attacks on a system. Similarly, it is used in log analysis and monitoring, day-to-day security operations, forensics and incident response, and cross-platform compatibility testing.
However, scripting can also be malicious, as used by threat actors. Cybercriminals can turn to malicious scripting to automate the execution of files that have been successfully introduced into a system. Successfully deceiving a computer user into downloading a file is not enough for the malicious file to inflict damage. Scripts are necessary to unleash the effects of malicious files and detect security vulnerabilities.
BACKDOOR
The term backdoor is usually known for its negative implication. Most news and articles refer to backdoors in an unfavorable context. This should not come as a surprise since backdoors are often used by cybercriminals. They serve as a way to bypass normal authentication for any computer-related system, facilitating unauthorized access or the introduction of malicious files to a computer or network.
However, backdoors can be a feature intentionally added to the software. They can be deliberately put in an app to provide an optional means of access in cases when conventional access methods are unavailable. This “necessary” version of a backdoor was in the spotlight some years ago when the US FBI asked Apple to purposely build a backdoor on their iPhones.
KILL CHAIN
The cyber kill chain is a framework developed by Lockheed Martin as part of its patented Intelligence Driven Defense model for cyber attack identification and prevention. It consists of a series of steps that represent the different stages of a cyber attack, from early reconnaissance to command and control and “actions on objectives.” This model helps organizations visualize and comprehend the different stages of an attack, focusing on critical points in the attack, developing strategies to mitigate threats, and boosting incident response capabilities.
Essentially, the kill chain is a process that is supposed to help organizations prepare for cyber attacks, successfully fend off an assault, and mitigate problems that emerge in the wake of a cyber attack. However, the phrase kill chain, in colloquial use, may refer to a successful cyber attack.
AN EXERCISE IN CYBERSECURITY JARGON COMPLEXITY
It may sound confusing, but contronyms exist everywhere. Interestingly, these words still make sense despite the auto-contradiction. In cybersecurity, contronyms reflect the complexity and flexibility of language, showing how words can change in meaning depending on their context and usage.
Isn’t it counterintuitive for cybersecurity terms to bear contradicting meanings? Possibly. However, what is ultimately important is the understanding that cybersecurity terms are far from straightforward. It is a must to properly get acquainted with them to understand what they really mean, especially with the rise of a plethora of acronyms and jargon introduced by security solution providers. Many of which tend to be marketing-speak or misnomers.
Artificial Intelligence (AI) has arisen as a wildly disruptive technology across many industries. As AI models continue to improve, more industries are sure to be disrupted and affected. One industry that is already feeling the effects of AI is digital security. The use of this new technology has opened up new avenues of protecting data, but it has also caused some concerns about its ethicality and effectiveness when compared with what we will refer to as traditional or established security practices.
This article will touch on the ways that this new tech is affecting already established practices, what new practices are arising, and whether or not they are safe and ethical.
HOW DOES AI AFFECT ALREADY ESTABLISHED SECURITY PRACTICES?
It is a fair statement to make that AI is still a nascent technology. Most experts agree that it is far from reaching its full potential, yet even so, it has still been able to disrupt many industries and practices. In terms of already established security practices, AI is providing operators with the opportunity to analyze huge amounts of data at incredible speed and with impressive accuracy. Identifying patterns and detecting anomalies is easy for AI to do, and incredibly useful for most traditional data security practices.
Previously these systems would rely solely on human operators to perform the data analyses, which can prove time-consuming and would be prone to errors. Now, with AI help, human operators need only understand the refined data the AI is providing them and act on it.
IN WHAT WAYS CAN AI BE USED TO BOLSTER AND IMPROVE EXISTING SECURITY MEASURES?
AI can be used in several other ways to improve security measures. In terms of access protection, AI-driven facial recognition and other forms of biometric security can easily provide a relatively foolproof access protection solution. Using biometric access can eliminate passwords, which are often a weak link in data security.
AI’s ability to sort through large amounts of data means that it can be very effective in detecting and preventing cyber threats. An AI-supported network security program could, with relatively little oversight, analyze network traffic, identify vulnerabilities, and proactively defend against any incoming attacks.
THE DIFFICULTIES IN UPDATING EXISTING SECURITY SYSTEMS WITH AI SOLUTIONS
The most pressing difficulty is that some old systems are simply not compatible with AI solutions. Security systems designed and built to be operated solely by humans are often not able to be retrofitted with AI algorithms, which means that any upgrades necessitate a complete, and likely expensive, overhaul of the security systems.
One industry that has been quick to embrace AI-powered security systems is the online gambling industry. For those who are interested in seeing what AI-driven security can look like, visiting a casino online and investigating its security protocols will give you an idea of what is possible. Having an industry that has been an early adoption of such a disruptive technology can help other industries learn what to do and what not to do. In many cases, online casinos staged entire overhauls of their security suites to incorporate AI solutions, rather than trying to incorporate new tech, with older non-compatible security technology.
Another important factor in the difficulty of incorporating AI systems is that it takes a very large amount of data to properly train an AI algorithm. Thankfully, other companies are doing this work, and it should be possible to buy an already trained AI, fit to purpose. All that remains is trusting that the trainers did their due diligence and that the AI will be effective.
EFFECTIVENESS OF AI-DRIVEN SECURITY SYSTEMS
AI-driven security systems are, for the most part, lauded as being effective. With faster threat detection and response times quicker than humanly possible, the advantage of using AI for data security is clear.
AI has also proven resilient in terms of adapting to new threats. AI has an inherent ability to learn, which means that as new threats are developed and new vulnerabilities emerge, a well-built AI will be able to learn and eventually respond to new threats just as effectively as old ones.
It has been suggested that AI systems must completely replace traditional data security solutions shortly. Part of the reason for this is not just their inherent effectiveness, but there is an anticipation that incoming threats will also be using AI. Better to fight fire with fire.
IS USING AI FOR SECURITY DANGEROUS?
The short answer is no, the long answer is no, but. The main concern when using AI security measures with little human input is that they could generate false positives or false negatives. AI is not infallible, and despite being able to process huge amounts of data, it can still get confused.
It could also be possible for the AI security system to itself be attacked and become a liability. If an attack were to target and inject malicious code into the AI system, it could see a breakdown in its effectiveness which would potentially allow multiple breaches.
The best remedy for both of these concerns is likely to ensure that there is still an alert human component to the security system. By ensuring that well-trained individuals are monitoring the AI systems, the dangers of false positives or attacks on the AI system are reduced greatly.
ARE THERE LEGITIMATE ETHICAL CONCERNS WHEN AI IS USED FOR SECURITY?
Yes. The main ethical concern relating to AI when used for security is that the algorithm could have an inherent bias. This can occur if the data used for the training of the AI is itself biased or incomplete in some way.
Another important ethical concern is that AI security systems are known to sort through personal data to do their job, and if this data were to be accessed or misused, privacy rights would be compromised.
Many AI systems also have a lack of transparency and accountability, which compounds the problem of the AI algorithm’s potential for bias. If an AI is concluding that a human operator cannot understand the reasoning, the AI system must be held suspect.
CONCLUSION
AI could be a great boon to security systems and is likely an inevitable and necessary upgrade. The inability of human operators to combat AI threats alone seems to suggest its necessity. Coupled with its ability to analyze and sort through mountains of data and adapt to threats as they develop, AI has a bright future in the security industry.
However, AI-driven security systems must be overseen by trained human operators who understand the complexities and weaknesses that AI brings to their systems.
