AI: Know thy enemy & know yourself
By Vivek Gullapalli, Global CISO APAC.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” – Sun Tzu, Art of War
As the ancient Chinese military strategist Sun Tzu wisely stated in his famous and highly influential treatise “The Art of War,” understanding both the enemy and yourself is the key to triumph in battle. His words also apply to cyber security, where we find ourselves engaged in perpetual warfare against cyber adversaries.
Know thy enemy and know yourself
In 2023, the spotlight shines brightly on AI, ChatGPT and Generative AI. The benefits and risks are focal points for conversations across industries and job-functions, worldwide.
At present, lawmakers are concerned about AI-based technologies' ethical implications. At the same time, malicious actors (unencumbered by ethical quandaries) are leveraging the technology to bypass or sidestep corporate cyber security controls. In other words, they're using AI to craft sophisticated cyber threats at-scale, placing CISOs in a perpetual state of disadvantage.
As a result, it’s tough for CISOs to ‘know thy enemy’ and it’s even more challenging for CISOs to anticipate the adversaries’ tactics, techniques and procedures (TTPs). Deepfakes and voice fakes are exacerbating the issue – making it even harder distinguish friend from foe.
Artificial intelligence acceleration
The power of AI must be used for good; to not only understand the enemy, as Sun Tzu suggests, but to also retain security controls that adapt faster and with a greater degree of precision than what adversaries can overcome.
AI is hungry for data. It thrives on historical data, but also requires real-time insights from global cyber events and the constantly evolving threat landscape. AI can become an ally within organizations, fortifying security controls across the spectrum; from code to cloud, infrastructure to application and data to users.
CISOs must take a different approach in the age of AI and not expect the conventional static security controls to able to stand up to AI-based threats. To prevail, we need to acknowledge the wisdom of Sun Tzu and massively accelerate our cyber security programs, using AI almost as a Chief Strategist.
Combating sophisticated cyber threats
Cyber security leaders need a consolidated, platform-based approach that provides unified visibility and management across all of the security controls within the organization.
In addition, it’s worth noting that almost 99% of cyber attacks start with a mechanism that uses phishing links sent via email, chat, collaboration platform or social media.
AI can be extremely effective in both identifying and preventing such phishing link-based zero days and in delivering advanced capabilities with which to protect your organization.
For more CISO insights from Vivek Gullapalli, please see CyberTalk.org’s past coverage. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.