At our recent Melbourne Cyber Security Leaders Forum event we turned our focus to one of the hottest topics doing the rounds at the moment – What effect is rapidly advancing AI have on our cyber security and ability to remain cyber resilient?
Presenting the view from the national level, Dr Derek Bopping of the Australian Signals Directorate set the scene by describing the role of the Australian Signals Directorate, emphasising the demise of the hoodie wearing hacker and the rise of organised criminal groups and nation-state-backed cyber incidents.
With this background, he provided a fascinating overview of the ASD’s view on how the fast development of AI capabilities is likely to work both favour of the Attacker, but also in favour of the Defender.
In favour of the Attacker, fast-evolving AI capabilities may:
- Allow less skilled adversaries to exploit technical vulnerabilities at scale
- Speed up and automate the lifecycle of ransomware attacks
- Help search out and find better targets within organisations
- Become very good at guessing passwords, based on what it knows and learns
- Become very good at procuring domain names and computers on which to host malware or receive exfiltrated data
- Become very adept at configuring and making changes to systems
- Be able to scan for exploitable vulnerabilities on a massive scale
But AI advancements also put new capabilities into the hands of defenders to:
- Enable the bulk triage of data in great volumes that will generate analysis and identify trends
- Allow for the broader technical sharing and utilisation of Indicators of Compromise (IoCs)
- Generate advice on threat or attack blocking measures
- Develop, access and progress advanced cyber defence technologies that will strategize and act like we might imagine automated chess players would.
Dr Bopping highlighted that one-third of the ASD’s REDSPICE program is dedicated to advancing these cyber defence technologies for Australia’s defence.
The overarching state of play right now
- It’s easy to get caught up in the hype around AI, but in reality right now, attackers do not even need to use AI because 41% of data breaches reported are still the result of attackers obtaining and using valid credentials through phishing and business email compromise efforts, pointing to enduring gaps is organisational security awareness, fundamental security protections and detection and response capabilities, with a further 31% of reported data breaches stemming from poor patching or simple system misconfigurations.
- With new tactics aimed at providing an attacker with persistent access to networks, the most stressful aspect of any security incident is the uncertainty in not knowing how far an actor may have moved through the network or how long they have been there. This lack of clarity makes it challenging to make decisions or issue advice or communication with any certainty. It is too late mid-crisis to be trying to decide your criteria for who, how and when response actions will be triggered.
Essential need-to-knows for Australian business leaders
Aaron Bugal from Sophos and Joe Ciancio from Maxsum Consulting echoed Dr Bopping’s views by focusing the lens on Australian businesses. The resounding message to business leaders was that:
- Implementing good cyber security governance and assessing and progressing your cyber maturity and coverage against globally recognised frameworks like the NIST Cybersecurity Framework, is the key to both identifying and filling current gaps across all five Identify – Protect – Detect – Respond – Recover functions of a robust cyber security incident response.
- Preparedness and Communication are key – Do you have a Cyber Incident Response Plan that covers the detection and response, communication, reporting and recovery phases with clear trigger points AND accountabilities assigned?
- That AI-powered cyber threat detection and response capabilities like Managed Detection and Response are already available to business to assist them to automate and dramatically speed up incident response times.
- The key to cyber resilience in the age of AI will be to combine good governance, expert human oversight, and highly adaptable, AI-driven capabilities to drive speed, consistency, efficiency and improvement in your cyber response capabilities and ongoing cyber resilience.
Thank you to all who attended and contributed to final Melbourne Cyber Security Leaders Forum for 2023. Stay turned for our return in early 2023.