AI is changing cybersecurity and businesses must wake up to the threat.

Yuichiro Chino/Getty Images
WhatsApp Group Join Now
Telegram Group Join Now
Instagram Group Join Now

Corporate boardrooms must be better coordinated and agile when addressing cybersecurity issues, as threat actors turn to artificial intelligence (AI) to up their game.

The primary role of the board is to promote and protect the interests of the company along with its management team. With digital so integral to many organizations today, making cyber security part of the board’s growth strategy is crucial, Clifford Capital Chairman Sanjeev Mishra said during a panel discussion at Starry Global’s Charter Asia Pacific Cyber ​​Congress in Singapore. Should.

Also: Cybersecurity 101: All About Protecting Your Privacy and Staying Safe Online

Misra said that without cybersecurity, the board’s ability to grow its business would be severely compromised. Fellow panelist Ensign InfoSecurity Chairman Lee Fook Sun agreed, noting the connection between the physical and cyber realms. For example, the conflicts in Ukraine and Gaza have increased the number of online threat activities, driven by hacktivism and nation-state attacks.

Lee said boardrooms need to know how such real-world developments affect the online environment and, thus, translate into business risks for the company under their charge. A successful approach requires an awareness of what and where the threats are and who the attackers are. Threat intel provided by security vendors like Ensign, which recently published some of these indicators, can offer insights for boards, Lee said.

While awareness of cyber threats has increased in boardrooms, Li said there is a lack of coordination between boards and the rest of the organization. Attention to cyber threats is often driven by regulatory concerns, with greater urgency usually only expressed after an organization has suffered its first breach.

Lee urges boards to understand the work of their CIO and CISO and determine how effective these executives are in their roles. In order to run a “well-oiled machine,” boards need to have an open dialogue with the two people responsible for identifying and defending the company against online threats, he said.

Besides that: The best VPN services (and how to choose the right one for you)

And since most boards likely have other pressing issues, such as finances, he suggested they delegate cyber risk management to a subcommittee. The unit can then assess the effectiveness of the company’s cybersecurity strategy and cyber resilience, providing some oversight, he said.

Misra emphasized the need for boards to recognize cyber threats and their impact on the business. They will then be able to prioritize these risks, so that they can identify which elements should be addressed most urgently and how those risks should be addressed. And they must start this activity soon, as the volume of cyber attacks continues to grow.

Institutions should take necessary steps

Interpol has warned that the biggest security threat at the upcoming Paris Olympics will be cybercrime. The 2021 Tokyo Olympics saw 450 million cyberattacks, more than double the total during the 2012 London Olympics.

Such attacks can disrupt activities that require support from IT systems, including ticketing, transportation and administration. According to its Minister for Communications and Information, Josephine Teo, the ever-increasing cyber threat highlights the need for nations like Singapore, where digital development is relatively advanced, to prioritize cyber security and enhance its cyber defense capabilities.

Teo said during his speech to Congress that this priority is meant to increase the digital infrastructure and resilience of companies operating in the country. “They provide the services that people use and define our online experiences,” he said, urging organizations to do more to secure their cyber operations.

Pointing to a study conducted by Singapore’s Cyber ​​Security Agency (CSA), Teo noted that the research revealed the need for more companies to adopt the necessary security measures.

Also: How AI Firewalls Will Secure Your New Business Applications

On average, the surveyed organizations adopted about 70% of security measures in five categories, including using secure configuration settings for hardware and software, controlling access to data and services, and software on devices and systems. Includes updating. Teo said partial adoption of these necessary measures is “inadequate”.

The study surveyed more than 2,000 organizations across 23 industries and seven charity sectors. Most respondents had experienced at least one cyber incident in the past year, such as ransomware or phishing attempts.

Also: How AI Can Improve Cybersecurity by Harnessing Diversity

“We are only as strong as the weakest link. Until all these necessary steps are taken, organizations will continue to be exposed to unnecessary cyber threats,” said the Singaporean minister. “In CSA’s view, a ‘passing mark’ should be high enough to assure — to your C-suite, employees, suppliers, and customers. This means that all five of the required steps have been completed. Adopting the complete package. types.”

He added that only one-third of organizations have adopted all measures in at least three categories. Nearly 60% acknowledged a lack of skills or experience in effectively implementing cyber security.

“Cyber ​​threats have increased and are evolving rapidly. This has contributed to the shortage of cyber professionals, [where] Even the most sophisticated organizations struggle to keep up,” said Teo. He noted that Singapore has expanded its cybersecurity talent pool through programs such as the CyberSG Talent, Innovation, and Growth Plan (TIG Plan). Working to promote

Also: Want to work in AI? How to pivot your career in 5 steps

According to Alvaro Garrido, Group CISO at Standard Chartered, generative AI can also be a great equalizer amid the global skills shortage in cybersecurity. During a panel discussion at Congress, Garrido said that people who have not previously configured the system can now do so through gestures.

Creative AI increases productivity and provides a way to translate complex threat intel into information that can be universally understood, he said. Emerging technology has made it easier for professionals to join the cybersecurity field, even if they couldn’t before, and bridge the skills gap.

His team is experimenting with creative AI and applying it to some tasks where they see an average 30% increase in productivity.

Daryl Pereira, Asia Pacific CISO of Google Cloud, cited similar benefits from his team’s use of generative AI, including a 70% improvement in detecting malicious scripts.

Also: Employees feed sensitive data into creative AI tools despite risks.

The US vendor is working on threat detection and triage for security incidents. Cloud-powered AI can crunch data and deal with potential threats faster than humans, Perera said.

He also noted the possibility of arming non-security professionals to perform some SecOps (security operations) tasks, using generative AI with natural language prompts as a guide. For example, they can manage day-to-day operations in the SOC (Security Operations Center), such as reviewing logs, freeing up the core cybersecurity team to focus on more advanced defense functions.

Threat actors are using generative AI.

Companies that have not yet used generative AI to improve their cybersecurity capabilities will have to contend with online adversaries that already exist.

In particular, threat actors use generative AI to craft more persuasive phishing email messages, Simon Green, president of APAC Japan at Palo Alto Networks, said at the security vendor’s Ignite on Tour event in Singapore this week. noted during

Citing the results of an internal test, Green said the company’s SOC team achieved a 25% click-through rate for phishing emails created using generative AI. The email was sent to every employee who has been with Palo Alto for at least three years, asking them to update their employee records after reviewing the company’s recently updated staff handbook. was

Besides that: Best VPN Services for iPhone and iPad (Yes, You Need to Use One)

Noting that the click-through rate for the test would likely be higher for non-security companies, he said Generative AI fixed a problem that made it easier to identify phishing email messages earlier. was given Emerging technology has enabled hackers to produce these messages quickly and on a large scale without grammatical errors.

Access to such tools and information in the cloud also allows threat actors to rapidly replicate attacks, modify and improve ineffective attacks, and establish new attack vectors with high success rates. is given

In addition, the growing adoption of AI brings a new category of vulnerabilities, such as poisoning and deepfakes in large language models.

That change requires a shift in how cybersecurity is developed and deployed, according to Green, who said Palo Alto is looking to implement AI capabilities into its product portfolio and integrate an AI “copilot.” Trying to.

WhatsApp Group Join Now
Telegram Group Join Now
Instagram Group Join Now

Leave a Comment