As the world eagerly anticipates the upcoming Olympic Games in Paris, it’s crucial to address a persistent and increasingly sophisticated threat: cyberattacks. Russia, in particular, has a notorious history of targeting the Olympics with various forms of cyber aggression. In this article, we will look at Russia’s frankly very checkered past when it comes to hacking the games and provide tips on how to protect your organization during the 2024 Olympics.

One attack that’s gone down in hacker history concerns the 2018 Winter Olympics in Pyeongchang in South Korea, known as Olympic Destroyer. 

Three months ahead of the games starting, hundreds of members of the organizing committee and others involved in the preparation for the games got an email with the subject “List of Delegates” and an attached zip file, with a Word document inside of it. When opened, there was just garbled text but there was a helpful button at the top of the document – Enable Content. Clicking it executed a PowerShell script that downloaded and executed a malware program, which installed a backdoor, and also presumably fixed the garbled text. Amongst the recipients were mailboxes at two IT firms that supplied servers and networking for the games.  

Then, on February the 9th, 2018, the opening ceremony started, and at about the same time, the worms planted on computers inside the Olympic network woke up. Scanning the systems they had been planted on, they found browser and network credentials and used these to log on to other systems and then repeated the same process on that system, quickly spreading throughout the confined network. And once the credentials were exfiltrated, it wiped the Boot Configuration Data, specifically targeting Active Directory Domain Controllers (DCs), crashing them and making them unbootable.  

The IT staff at the Technology Operation Center for the games were fortunately prepared, and within a short amount of time they’d worked around the missing DCs, bringing up Wi-Fi access and internet connected TVs just before the opening ceremony concluded. They then spent the rest of the night fighting against the malware, severing the connection between the Olympic network and the internet and by the next morning they’d eradicated the malware from the network, allowing the games to proceed.  

Once the dust had settled, the question of who was behind the attack started being investigated. The obvious culprit was of course North Korea, and the initial forensics work on the malware found many similarities to previous malware from them, but this didn’t quite make sense. North Korea had actually reached out before the games, Kim Jong-un sent his sister as a diplomatic emissary to the games, and the two countries even combined their women’s hockey teams for the games. 

The main clues as to the true source of the malware came from the Rich Headers in the malware, which gives information about the source files present in the compilation of the program, and these matched exactly between this new malware and earlier samples of North Korean malware. A researcher at Kaspersky Labs, Igor Soumenkov, dug deeper into this match and it didn’t make sense to him, as even a minor change in any of the source files will result in a very different header, so the chance that an identical match is found should be slim. Analyzing Rich Headers isn’t normally part of forensics attribution for malware but proved crucial in this case. Further research showed that this was indeed the case, the malware authors had swapped the Rich Headers on purpose to point the finger at North Korea.  

The real culprits were discovered by noting the IP address and URL that the initial stages (remember that zipped Word document?) of the malware communicated with (C2), which turned out to be identical to the URL used in an attack on the election systems in Illinois and Arizona in the run up to the 2016 US election (200,000 voter’s data was stolen). And there it was, we knew who was behind the attacks on the US elections in 2016 and so Russia was behind this attack as well and had tried to point the finger at the North Koreans. They just forgot the golden rule of operational security – don’t reuse infrastructure between operations – it’ll eventually lead to accurate attribution.

The “hack” that started it all was the doping scandal, where RUSADA, the Russian Anti-Doping agency was facilitating the cheating, rather than stopping it. Starting after the 2010 Winter Olympics (Russia didn’t win “enough” medals), Vitaly Stepanov, who was working at RUSADA and had realized the magnitude of the cheating tried getting the World Anti-Doping Agency (WADA), to take notice, but without much luck. 

He and his wife eventually found a German journalist who took their story seriously, and they broke it in a 2014 TV documentary. Finally, WADA looked at the allegations, investigated and found mass doping, which was then followed by a ban by the International Olympics Committee for Russia to participate in the 2018 Winter Olympics, a ban which still stands today.

In addition to 2018, Russia targeted anti-doping officials and organizations for the 2016 games in Rio, and Tokyo in 2020. 

Several prominent cyber security firms ascertain that cyber-attacks and disinformation campaigns are ramping up ahead of the games next month. Read Microsoft’s take here, and here, along with Mandiant’s report here.  

Hornetsecurity’s Security Lab ascertains that there are two main risks for the Paris games, one is destructive attacks against IT infrastructure for the games (including athletes, the International Olympic Committee, payment and ticketing systems and physical infrastructure), and the other one is disinformation campaigns. The most brazen example of disinformation is a fake documentary named Olympics has Fallen (a play on the 2013 movie) which uses Tom Cruise’s likeness to discredit the International Olympic Committee and advance Russian disinformation. 

Given the ongoing war in Ukraine, expect tie-ins to the games from Russia to also be designed to weaken the resolve of the support across Europe for Ukraine.

Employees can be your company’s weakest link in cybersecurity, or its best line of defense. During the 2024 Paris Olympics, the risk of phishing emails and other cyber scams will be higher than ever. Training your team to recognize these threats is crucial in managing cyber risks. Our Security Awareness Service offers automated, customized training solutions to ensure your employees are always prepared. Learn more about how it can help keep your organization safe here.

Our next-gen email hygiene solutions will be vigilant to stop phishing attempts using the games as lures – a favorite, not only with Russia’s intelligence agencies (as we saw in 2018), but also with common criminals. Any popular event or societal occasion is used to increase the likelihood of compromised victims. Phishing themes will be along the lines of “free tickets to see this game here” (catering to greed) or “your tickets have been cancelled due to a clerical error” (anger) and “terrorist attack at game stadium likely” (fear), along with many other “creative” varieties.  

If you’re a business involved in or supporting the Paris Olympics – it’s very important that you raise your threat awareness in light of the expected activity from Russia (and others). We might also see DDOS attacks against various entities involved in supporting the games.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Are you prepared for the games? For sports enthusiasts this question brings up long watching marathons, cheering on your favorite country and celebrating exceptional athletic prowess. For cyber defenders, that question has a totally different meaning – so, are you ready?

Artificial intelligence, commonly known as AI has been around since the 1950s. However, its growth has surged in years due, to advancements in computer technology that have made it more accessible to a range of organizations. This expansion is fueled by the availability of cost-effective computer chips and the vast amounts of data available for training AI systems.

Applications like email spam filters and virtual assistants showcase a glimpse of how AI is being used today. With the increasing digitization of our world, the risk of cyber attacks on interconnected devices and systems is also on the rise underscoring the importance of AI in cybersecurity efforts. By leveraging AIs ability to analyze volumes of data for anomalies and threats organizations are transforming their approach to cybersecurity.

However, incorporating AI into security measures comes with its challenges. While AI offers opportunities to enhance security practices it also introduces vulnerabilities that threat actors can exploit. Some malicious parties have already begun using AI to launch sophisticated cyber attacks globally prompting organizations to adapt quickly to this evolving landscape.

According to findings from the 2021 Middle East CEO Survey, an increasing number of respondents view cyberattacks and data breaches as threats to business growth compared to years. As a result, many organizations are looking to allocate resources toward cybersecurity and data privacy initiatives in response. This heightened awareness underscores the importance for business leaders in staying proactive against cyber threats amidst growing competition, in the realm of intelligence.

Artificial intelligence (AI) encompasses a variety of computer science methods that enable machines to learn from experience adjust to inputs and carry out tasks in a manner of human intelligence. The significance of data, in AI cannot be overstated as it plays a role in shaping the decisions made by AI systems and the quality of those decisions.

There are three ways an AI system may be trained:

• Supervised User-guided machine learning, such as distinguishing between pedestrians and road signs.
• Unsupervised learning involves identifying patterns, correlations, and clusters in data
• Reinforcement learning involves teaching a model to solve problems via trial and error.

AI has the potential to revolutionize a wide range of complicated human functions, whether locally, nationally, or globally. AI systems may be trained to identify health concerns, operate cars, estimate restaurant food demand, and optimize global retail supply chains.

In today’s age where technology is the backbone of the operations of many businesses, cybersecurity teams often face the challenge of juggling multiple tasks within limited timeframes dealing with overwhelming data flows, and coping with skill shortages. AI has emerged as a tool to assist these teams in overcoming these hurdles and enhancing cybersecurity measures in these key aspects:

• Enhancing the accuracy of threat detection in control systems
• Speeding up investigative processes
• Automating response mechanisms
• Coordinating and managing responses effectively

By leveraging AI capabilities organizations can fortify their cybersecurity defenses across different fronts from classifying data and pinpointing vulnerabilities to thwarting spam attacks. At a level, AI can identify malware threats, patch up weak points proactively, and be taught to monitor activities from your Security Operations Centers (SOCs), prevent unauthorized access attempts, and gather intelligence on potential threats lurking in less accessible corners of the internet, like the Dark Web.

In essence, AI is transforming the playing field of cybersecurity by empowering systems to perceive risks and analyze situations intelligently, the closest to what a human, sense,  think and act with improved speed.

1. Sense: Sensors, text analytics, natural language processing, and biometrics all aid cybersecurity systems in detecting odd or suspicious behavior within the organization’s networks.
2. Think: Given the volume of data, machine learning, particularly deep learning, enables systems to improve over time by constantly learning patterns of behavior and lowering the number of false positives or missed attacks.
3. Act: Automated, organized cybersecurity systems respond to threats, closing weaknesses and alerting businesses to attempted attacks.

Deploying an AI-powered cybersecurity system comes with its set of challenges. One major hurdle that organizations face is the lack of cybersecurity data, across all departments, which is crucial for the AI system to effectively learn. Moreover integrating AI raises governance issues for businesses. For instance systems learning is solely dependent on the provided data potentially influenced by biases in data selection. If the quality of data is poor or if the system lacks understanding during analysis it may generate many false positives affecting its decision-making accuracy. To be considered as replacements, for rules-based solutions AI-driven systems must demonstrate accuracy levels.

In addition to data quality and governance, organizations face a dearth of experienced AI professionals and cybersecurity specialists to implement and operate systems on an ongoing basis.

Unfortunately, it’s not the ‘good guys who have realized the potential of AI. Cybercriminals are also using AI strategically to target organizations and speed up cyber attacks by automating tasks like erasing their footprints from internal systems. Therefore organizations need proper cybersecurity measures to protect AI systems across all functions including within their cybersecurity defenses. The three primary AI threat vectors are data, input, and model which are targets to be exploited by attackers through extraction or manipulation. They might tamper with the data that an AI system learns from by ‘poisoning’ it or extracting data for information to understand how the AI system operates. A notable instance of manipulation is seen in the vehicle industry. Attackers can disrupt a car’s behavior by placing pieces of tape, on red traffic lights so that the car’s AI system fails to recognize them leading to the vehicle ignoring stop signs.

Organizations need to safeguard their AI systems from cyber threats by managing access permissions, verifying data to prevent tampering, and educating the AI systems to learn from past breaches and prevent future manipulation.

AI now plays a role, for companies looking to bolster their cybersecurity defenses against sophisticated threats in our electronic world. One of the advantages of utilizing AI is the ability to anticipate security risks through data gathering, filtering, and analysis. By Integrating machine learning into data analysis enhances threat detection proactively allowing organizations to address and mitigate threats effectively. AI is also instrumental in identifying and thwarting phishing attempts by recognizing patterns and analyzing the content of the email.

Furthermore, developers are leveraging AI technology to enhance authentication procedures by addressing any existing weaknesses. Additionally, by examining network traffic patterns AI can develop customized policies and recommendations tailored to needs while enhancing behavioral analytics.

In the future, AI cybersecurity framework will be a cornerstone element, across all aspects of defense strategies. Here are some of the use cases and advantages of AI:

• In the world of cybersecurity having foresight is invaluable.
• Detecting cyber threats ahead of time provides organizations, with the window to effectively thwart these dangers.

• This year over 2,000 distinct cybersecurity vulnerabilities have been documented.
• Managing these vulnerabilities with resources would be nearly impossible.
• AI introduces an approach.

• Managing network security operations demands an amount of time and human effort to oversee and control effectively.
• AI can introduce automation to tasks enabling cohesive operations while reducing the margin of error.

• AI and machine learning play a role in combating phishing attacks.
• These technologies can trace over 10,000 phishing sources.
• They also enable differentiation between legitimate sources.

• Passwords have consistently been identified as one of the weakest links in security measures.
• Biometric authentication is viewed as an alternative, for security enhancements.
• Developers are exploring authentication by addressing any vulnerabilities to enhance the robustness of behavioral analytics.
• AI and machine learning can be used to enhance behavioral analytics by examining patterns.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

In summary, AI-driven tools have quickly become essential and is some cases over-reliant for assessing and improving cybersecurity measures. These advanced solutions help companies save time, money, and resources by identifying potential risks and weaknesses. Additionally, they enable real-time monitoring of security threats and vulnerabilities while streamlining cybersecurity testing procedures.

When choosing AI-based security tools it is important to consider factors such, as cost, precision, scalability, and user-friendliness. It is at utmost importance to ensure that the selected AI-driven security solution undergoes evaluation and frequent updates. Lastly understanding the applications of AI-based security tools is key to selecting the suitable solution, for your needs.

It’s time to get serious about securing healthcare systems, solutions, and data!

Cybersecurity in the health sector needs urgent care—followed by long-term therapy.  Cyber-attacks are on the rise in this vulnerable sector: wreaking financial havoc, posing national security concerns, even threatening patients’ lives. And many of these attacks are completely preventable.

The recent Change Healthcare cyber-attack is a case in point. The “most disruptive cyber-attack on US critical infrastructure to date” is now sounding a wake-up call among industry watchdogs. It led a US Congressional subcommittee to explore cybersecurity vulnerabilities in healthcare during a May 16 hearing. What it found: The healthcare industry treads on shaky cyber ground, facing more, and more dire, threats than ever before. In this article we conduct our own post-mortem of the Change Healthcare cyber-attack.

The Change Healthcare cyber-attack made splashy headlines, but it was only one of a growing number of intrusions plaguing the sector with increasing frequency and severity. The number of hospital systems hit with ransomware nearly doubled in 2023, to 46, from 25 in 2022, the New York Times reports.

Nor is it only a US problem: Healthcare events globally nearly quadrupled in 2023 over the previous year, the European Repository of Cyber Incidents found. Hostile nation-states attack healthcare providers daily, the US House Energy and Commerce Committee Subcommittee on Health learned in its hearing.

Interconnectedness makes the healthcare system particularly attractive to cyberthieves. Physicians’ offices, clinics, hospitals, medical devices, laboratories, pharmacies, electronic health records, insurers, support services, and others affiliated with care form a vast, interlocking web of information that, once breached, can provide a treasure trove of valuable data.

Stolen health records pose an especially juicy target, selling on the dark web for 10 times more than stolen credit card numbers, the American Hospital Association notes.

Security in this sector is notoriously weak. The COVID-19 pandemic is partly to blame, the Lancet reports. To provide care during a time of quarantines and lockdowns, facilities rushed to adopt new digital technologies such as mHealth, telehealth, and AI-supported diagnostic tools. In their haste, they tended to give security short shrift.

And keeping up with technology updates costs time and money that many facilities don’t have. Instead, they use outdated technologies and software.

A single vulnerability is all malicious actors need to bring down an entire system, or even an ecosystem. And with lives at stake, medical providers are much more likely to pay the ransom for the sake of continuing care.

The cyber-attack on Change Healthcare, one of the world’s biggest health payment processors, gave cybercriminals access to 4 terabytes of data, shut down healthcare facilities across the US, and cost UHC $22 million in ransom alone, not to mention legal fees, recovery costs, and other expenses expected to total at least $1.6 billion.

Why were the effects of this cyber-attack so devastating and far-reaching? Investigations are underway, but the known cybersecurity failures so far include:

• Stolen credentials. Bad actors entered a software portal connecting to Change Healthcare’s systems using credentials stolen in a phishing expedition, UHC CEO Andrew Witty told a US Congressional subcommittee May 1. UHC believes the ransomware group purchased these stolen credentials on the dark web, he said.
• An MFA snafu: The attackers entered through a systems software portal for which MFA had not been switched on.
• Undetected lateral movement: The criminals moved laterally to exfiltrate data for nine days, undetected by security monitoring, before deploying ransomware.
• Vulnerable backup systems: Change Healthcare was still using 40-year-old technologies to run its medical claims and payment processing systems, and storing data in on-premises servers, Witty said. (UHC, which purchased Change in late 2022, had begun modernizing and upgrading these systems, moving data and systems to the cloud.)

As a result, neither Change’s prime nor backup IT systems were isolated. The attack disabled both. Cloud-based servers were up and running again fairly soon, but legacy data centers have taken much longer to restore.

The Change Healthcare cyber-attack shut down medical claim and payment processing for more than one month. Cashflow problems mean that facilities may not be able to make payroll or pay for services, which in turn may compromise patient care.

Mortality rates rise at nearly one-quarter of organizations after suffering a cyber breach, the May 16 hearing found.

The effects of the attack have been widespread and long lasting. Nearly three months later, an American Medical Association survey found that:

• 60% of respondents continued to face challenges in verifying patient eligibility.
• 75% were having trouble submitting claims.
• 79% still could not receive electronic remittance advice.
• 85% continued to experience disruptions in claim payments.

Recovering from a data breach in the healthcare and public health sector averages $10 million per incident, far more than in any other sector, the Congressional subcommittee heard. Put another way, remediating health care breaches costs nearly three times more than the costs of remediating breaches in other sectors, according to the AHA: an average of $408 per stolen health care record versus $148 for non-health records.

Costs of the Change Healthcare cyber-attack in the first quarter alone totaled some $870 million, John Rex, President and Chief Financial Officer, said in an earnings call.

Some $595 million, he said, “were direct costs due to the clearinghouse platform restoration and other response efforts, including medical expenses directly relating to the temporary suspension of some care management activities.

“For the full year, we estimate these direct costs at $1 billion to $1.15 billion.” The disruption in Change Healthcare’s operations due to the cyber-attack was expected to cost another $350 million to $450 million, he said.

And in addition to the $22 million the company paid in ransom to unlock its systems, another group appears to have demanded a second ransom payment to stop leaking the data stolen in the attack, it seems that the criminal group supplying the ransomware kit made off with the entire ransom rather than giving the affiliate who performed the attack their cut. Lawsuits and other legal fees and fines will most likely follow, as well.

“This hack could have been stopped with cybersecurity 101,” Sen. Ron Wyden (D-Ore.) reportedly said during the hearing into the Change Healthcare cyber-attack.

Indeed, the health sector “lags far behind most essential infrastructure sectors … on research to understand the risks and develop specific plans to protect, respond, and recover from cyberattacks,” The Lancet reports.

But with investigations underway and more hearings perhaps pending, it’s a given that the industry will need to step up its cyber game. To get started, here are some measures we recommend putting in place:

A phishing email tricked someone into entering their login credentials, which were then sold on, starting the chain of events that led to the Change Healthcare cyber-attack. This is usually the way attacks begin: human error accounts for 95% of all cybersecurity incidents, the World Economic Forum reports.

Next steps: A little education can go a long way. Hornetsecurity’s next-gen Security Awareness Service trains employees using realistic spear phishing simulations and AI-powered e-training, heightening awareness of cyber security risks and threats. Employees learn effectively how to protect themselves and their company. The service is fully automated and easy to use.

It’s not a matter of “if” you’ll be attacked, but “when,” particularly in healthcare. Being able to recover swiftly—resilience—is key to minimizing costs, damage, and downtime.

Next steps: Modernize your backup system with Hornetsecurity’s 365 Total Backup Solution. Among its features:

• Automatic backup of Microsoft 365 data multiple times a day;
• Protection from ransomware attacks as well as third-party disruptions via backup storage and security on Hornetsecurity infrastructure, independent of Microsoft;
• Easy search and recovery;
• Hassle-free, unlimited storage;
• Centralized management; and
• Data storage in local, secured, robust and redundant Hornetsecurity data centers, granting control over data jurisdiction.

Have safeguards in place for storing, accessing, and sharing sensitive personal health information, and adopt a zero-trust model with Hornetsecurity’s 365 Permission Manager tool. Using it, you can

• Perform bulk actions to manage permissions at scale;
• Use Quick Actions to fix permissions on multiple sites at once;
• Assign out-of-the-box best practice policies, or create custom defined compliance polices for SharePoint sites, Teams, or OneDrive accounts;
• Receive alerts for critical shares or policy violations; and
• Use the Audit function to approve or reject policy violations.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Don’t wait for a crisis: get your checkup and preventative care now. If you’re in the healthcare sector, your organization is especially vulnerable to breach by criminals emboldened by the success of the cyber-attack on Change Healthcare. Truly, it’s not a matter of if your healthcare organization will be hit, but when. Predators prey on the weak; make sure you’re not seen as an easy target. Fortunately, as outlined above, there are several simple ways to bolster your defenses and the time to act is now.

Businesses that embrace technology will have a bright future since the world is changing at an accelerated rate. Entertainment, new products, and business are just a few of the domains where digitization has quickened development. Since the service provider is equipped with all the tools needed to supply goods or services, the client receives what they want right away.

The digital age has many disadvantages in addition to its many advantages and conveniences. One of the biggest and most detrimental hazards involved is the possibility of losing your personal information. There have been several well known cases of identity theft, data breaches, and financial loss over the last ten years.

Cyberattacks are frequently pervasive and impact people, companies, and nations. Threat actors can now access their targets at any time and from any location in the world. In modern business environments, there is an immense attack surface that is growing at a breakneck pace. This suggests that more than just human involvement is needed to assess and improve a company’s cybersecurity posture.

Since these kinds of technologies can quickly evaluate millions of data sets and identify a wide range of cyber dangers, from malware attacks to suspicious behavior that could lead to phishing attacks, with algorithms that are always developing and getting better, using past and present occurrences to identify new attack types that might happen today or tomorrow.

Artificial Intelligence (AI) has improved cybersecurity in addition to revolutionizing service delivery. 15% of businesses worldwide are thought to have incorporated AI technology advancements. Adoption of new technologies, however, affects businesses in both positive and negative ways. Hackers will utilize the same technology that you use to protect yourself if your business does not put strong security measures in place. Because of this, you should never take technologically based security measures for granted.

Instead, to keep your business safe, you should update your AI security solutions regularly. For example, companies need to have unique coded signals that AI technologies might interpret as a threat to the company. Conducting regular cybersecurity risk assessments is one of the safest methods to update your artificial intelligence system. If a business is the target of a hack, one should look into how the threat actors accessed the organization’s systems and create detections to stop similar activity in their networks.

An employee may infect other computers when they click on a malicious link and infect a networked workstation. Other network users are thus forced to decide whether or not to click on the malicious application. On the other hand, a virus that finds its way into an automated machine-to-machine network spreads far more quickly when humans are removed from the business process, which amplifies the effect.

Cybersecurity is therefore more important than it has ever been. An attempt by a cybercriminal to enter a target’s network or computer without authorization, to harm, or alter it is known as a cyber-attack. The attack on information systems and the undermining of their operations is organized, methodical, and purposeful. Criminals will try to get around even the most effective security precautions in place.

Cyber threats are unlikely to ever be eliminated since hackers are resourceful and tenacious, constantly seeking new ways to get past a company’s security measures. They’re also huge, organized criminal enterprises, with hundreds of “staff”, HR departments, research and development departments, along with the commensurate budget, financed by previous successful attacks. For many businesses, automating dozens or even hundreds of manual tasks is becoming essential. But the same qualities that make automation so effective also present new risks for enterprises.

This is because malicious actors can take control of the new technologies and wreak havoc. After all, AI allows corporations to remotely monitor computers and force them to connect with one another.

Therefore, the purpose of this article is to explain how artificial intelligence (AI) addresses cybersecurity challenges, particularly preventing potential network attacks caused by malicious programs like viruses and phishing emails that dupe users.

Imagine a threat actor who uses AI to carry out their malicious deeds. This person might infiltrate a network to gather information about a company’s employees and could then convince employees to reveal customer data or blackmail the company with attacks using AI to customize messages and visuals like showing pictures of known individuals.

While interactions between machines might reduce the need for intervention IT professionals need to rethink how they authorize access to their growing number of computer systems. Even if a machine receives an automated request to retrieve data from another system about a person the requesting computer must be able to verify the request.

This poses a challenge for businesses whose data systems are primarily accessed by humans instead of other machines. It has taken years, along with high-profile cyberattacks, government regulations and penalties for companies to establish stronger cybersecurity defenses. They have mostly focused on preventing attacks from humans targeting machines. In other words, stopping skilled attackers. Passwords have weaknesses in today’s era of automation; they are prone to sharing and can be exploited to gain entry into multiple systems since they are often written down and exchanged.

There’s no denying that technology is developing steadily. Technology is being used by businesses to enhance several areas of their operations. Even if there are benefits, there is still a risk from cyberattacks. Following the introduction of technology, organizations need to put cybersecurity measures in place to protect their systems and data. In order to prevent cyberattacks that target IT infrastructures, networks, and applications, defenses must be put in place. The cybersecurity plan must incorporate safeguards against ransomware, phishing scams, data breaches, crypto jacking events, and Internet of Things (IoT) dangers. It is necessary to work with knowledgeable IT specialists or ethical hackers to guarantee the robustness of your AI security solution.

• Relationship between cybersecurity and artificial intelligence:

Artificial intelligence is a crucial aspect in computer decision-making. For example, the computer may detect suspicious activities and restrict access until authorized. These artificial intelligence technologies rely on Machine Learning, which involves IT specialists creating algorithms based on historical data. The system is designed to distinguish between authentic and fraudulent access. Machine learning improves security by predicting attacks and irregularities. The precision and speed with which threats are identified are unmatched by humans. As a consequence, artificial intelligence and machine learning technologies can avert cyber-attacks that might cost your company millions to remedy.

• Artificial Intelligence Operations

AI systems utilize a network of trained computers to identify and prevent activities on networks. This technology is built to autonomously recognize threats reducing the chances of security breaches and unauthorized access to an organization’s data. While the AI operates mostly independently, it may also receive guidance when needed. This guidance plays a role in assessing and classifying risks within the organization. By programming the system to categorize threats like ransomware or malware based on their characteristics management can make informed decisions about enhancing the AI’s capabilities.

• Artificial Intelligence in Cybersecurity

Advancements in technology have significantly altered cybersecurity measures. AI-enhanced techniques and methodologies are a game changer in cybersecurity. AI is increasingly widely used in several industries, making it more than just a buzzword. AI has spurred growth in several fields, including customer assistance, healthcare, and robotics. Additionally, it contributes significantly to combating cybercrime.

AI serves multiple purposes, involving cybersecurity. AI can help security professionals stay aware, automate threat detection, and respond more efficiently than traditional software and human techniques, especially with the increasing number of gadgets.  Here are the advantages and applications of AI in cybersecurity:

• Threat Detection: Artificial intelligence can recognize cyber threats and harmful activities. AI plays a role in keeping pace with the influx of new infections that emerge every week, a task that conventional software struggles to manage efficiently. AI algorithms can detect software identify patterns and spot basic viruses or ransomware attacks before they infiltrate computer systems. By leveraging natural language processing AI enhances its capabilities and safeguards data by analyzing articles, news updates, and cyber risk research. This proactive approach enables the detection of anomalies potential cyber-attacks and effective preventive measures. Moreover, as cybercriminals evolve their tactics in line with trends AI-driven cybersecurity solutions offer real-time insights into industry-specific risks to support well-informed decision-making. It is essential not to focus on individual vulnerabilities within systems but to identify potential targets proactively.
• The era of the Bots: Bots represent a portion of all internet traffic and can pose risks. Issues such as identity theft, fake account creation, and data breaches are concerns. Dealing with automated attacks through responses is inadequate. AI and machine learning play a role in understanding web traffic patterns and distinguishing between bots (such as search engine crawlers) malicious bots and human users. AI empowers cybersecurity teams to analyze a range of data sources and adjust to evolving threats. By studying trends companies can address questions, like “What constitutes a user interaction” and “What signals a potentially risky or abnormal activity.”
• Assessing the Risk of a Potential Breach: AI technology assists in creating records for system users, connections, and applications with varying access privileges. By leveraging intelligence organizations can anticipate risks and distribute resources strategically by considering asset inventory and exposure to threats. Through AI-driven assessments, businesses gain recommendations to enhance their cybersecurity strategies and bolster resilience against cyber threats.
• Endpoint Protection: As the number of devices grows AI can play a role in enhancing their security. While antivirus and EDR software can help prevent cyber threats they often depend on signatures. Keeping these signatures updated is crucial to defend against dangers that may arise. If virus definitions become outdated due to a lack of expertise from the software provider or failure to update the antivirus program it could pose a risk. Although traditional signature-based security may not be effective against newer malware attacks the advantage of AI-powered endpoint security lies in its learning process to establish a baseline behavior for each device. AI can alert professionals and restore systems to a state after being hit by ransomware. This approach offers protection against threats than solely relying on signature updates.
• Detecting Phishing with AI: Phishing, a technique often employed by cybercriminals to distribute malware or gain access to user accounts, is a threat. Approximately one in every 99 emails is a phishing . Artificial intelligence (AI) plays a role in detecting and thwarting phishing attacks. AI can identify and monitor more than 10,000 phishing websites enabling quicker responses to incidents compared to human efforts. Through machine learning, AI can spot phishing threats on a scale. Possesses comprehensive knowledge of various phishing strategies. It excels at pinpointing websites.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

In conclusion, Artificial intelligence has greatly improved our lives, made us more efficient in executing our day-to-day tasks, and helped mitigate cybersecurity threats. But it is a double-edged sword, as the results indicate that technological advancements have empowered hackers to improve their strategies and tools for targeting individuals and organizations.

Making technology choices can help businesses prevent crises. Artificial intelligence is increasingly essential for enhancing the efficiency of information security teams. Human capabilities alone are no longer sufficient to secure against attacks, making AI crucial for monitoring and detecting threats to enhance defense measures. Additionally, AI can aid in identifying and prioritizing risks by guiding incident responses, and spotting malware attacks before they happen. Despite some drawbacks, artificial intelligence is poised to advance cybersecurity efforts and bolster security for businesses.

AI is already starting to have an impact on the future of cybersecurity.

Currently, threat actors are using ChatGPT to create malware identify weaknesses in code, and to get around user access restrictions. Social engineers are employing AI to carry out accurate and convincing phishing attacks and deepfakes. Hackers are utilizing AI-powered techniques for password guessing and cracking CAPTCHAs to gain information entry.

Interestingly, 85% of security experts who have observed a surge in cyber-attacks over the last year attribute this increase to actors using AI.

Nevertheless, AI, machine learning, predictive analytics, and natural language processing are also being employed to enhance cybersecurity in many ways. Spotting irregularities pinpointing potential attack paths and automatically reacting to security breaches.

Due to these benefits, 82% of IT leaders intend to invest in AI-driven cybersecurity within two years with half (48%) planning investments by the end of .

To truly understand the impact of AI on cybersecurity, CISOs and other IT leaders specializing in security must understand both the advantages and risks associated with artificial intelligence. Let’s delve deeper into these aspects below.

Despite the fact that potential attacks powered by AI dominates the headlines, artificial intelligence is a powerful tool for enterprises looking to improve their security. Algorithms that can analyze huge volumes of data enable the rapid identification of threats and vulnerabilities, risk mitigation, and attack prevention. Let us take a closer look at these usage scenarios.

•  Recognizing warning signs before an attack occurs:

Artificial intelligence technologies, machine learning, and deep learning systems can sift through datasets and uncover patterns that human analysts might overlook. This skill enables the detection of risks and irregularities thereby preventing security breaches and enabling a proactive approach to threat detection rather than a reactive one.

AI systems can be taught to recognize patterns and identify malware attacks before they infiltrate a system.

By combining analytics with natural language processing AI can gather information from news sources, articles, and research on emerging cyber threats and trends in cyberattacks to compile data sets enhance operations and mitigate risks before they escalate into major security incidents.

• Improving understanding of cybersecurity threats

Generative AI technology utilizes learning models or algorithms to generate text, images, videos, code snippets, and other outputs based on their training data. This not only assists analysts in pinpointing threats but also aids in comprehending them more effectively.

In the absence of AI tools in the past analysts had to rely on query languages, processes and reverse engineering techniques to analyze data sets for threat assessment. Generative AI algorithms are capable of scanning code snippets and network traffic to detect threats while offering insights that aid analysts in deciphering the behavior of malicious codes and other security risks.

• Enhancing access control and password procedures

The use of AI improves access control and password protocols through the implementation of authentication methods. Biometric verification methods, like recognition or fingerprint scanning, can enhance security measures by decreasing reliance on passwords.

AI algorithms can also assess login patterns and behaviors to detect irregularities and suspicious login attempts enabling organizations to address potential security breaches and mitigate insider threats more efficiently.

• Reducing and prioritizing risks

The attack surface for businesses is extensive and expanding constantly. Managing and enhancing such a vulnerable landscape now requires more than what humans alone can accomplish.

As malicious actors exploit new technologies to execute attacks, conventional software and manual approaches fall short. Artificial intelligence and machine learning have become tools for information security teams to diminish breach risks and fortify security by pinpointing vulnerabilities in systems and networks. Machine learning models can scrutinize infrastructure, code and configurations to reveal weaknesses that attackers could exploit. By identifying vulnerabilities and applying patches organizations can substantially lower the likelihood of cyberattacks. Through utilizing machine learning algorithms organizations can streamline risk evaluations. Allocate resources efficiently.

AI has the capability to offer insights on the likelihood and impacts of types of attacks empowering cybersecurity teams to prioritize their efforts in mitigating risks.

Simply put AI-driven cybersecurity platforms can prioritize threats not just based on what cybercriminals might use to target your systems but on what they’re most likely to employ. This approach allows security and IT leaders to effectively allocate resources toward addressing the vulnerabilities.

• Automation: detection and response to threats.

With AI in place, cybersecurity systems can automatically respond to potential risks. This includes blocking IP addresses, shutting down compromised systems or disabling user accounts immediately as well as using machine learning algorithms to analyze emails and web content for detecting and preventing phishing attacks.

By harnessing the power of AI technology for threat detection organizations can enjoy real-time monitoring capabilities and swift response times. Machine learning algorithms continuously scrutinize network activities, user behaviors, and system logs to flag any activities.

By leveraging AIs’ capacity to process amounts of data organizations can detect and thwart threats promptly narrowing down the time window for attackers looking to exploit vulnerabilities.

• Enhancing productivity and effectiveness

A ‘portion’ of data breaches, around 82% are attributed to human mistakes. By automating duties AI can significantly reduce the chances of misconfigurations, unintentional data disclosures, and other accidental errors that may jeopardize security measures.

Moreover, AI provides cybersecurity teams with tools and insights that enhance their efficiency and effectiveness. Through the analysis of threat intelligence data by machine learning models teams can gain an understanding of the threat landscape and proactively address emerging risks.

Security and compliance automation platforms powered by AI streamline processes allowing teams to respond swiftly and accurately to incidents. By delegating labor tasks to automation cybersecurity experts can concentrate on strategic initiatives and in-depth threat assessments.

From analytics to automated identification of threats and incident handling, AI enhances the capabilities of cybersecurity teams by enabling them to implement defense strategies. Embracing AI technology empowers organizations to remain at the forefront in the era of cybersecurity while protecting their assets.

Cybersecurity leaders who are eager to use AI to improve their security posture must first address several difficulties and dangers, such as transparency, privacy, and security.

• Data privacy issues often arise when using AI systems. These systems typically rely on data sets raising privacy issues. For instance, if AI is employed for analyzing user behavior it may necessitate access to information that is considered sensitive. Questions surrounding the storage location of AI-generated data, its accessibility and the procedures for handling data are becoming more prevalent. Many companies are finding themselves in a balancing act between safeguarding user privacy and leveraging data effectively. Businesses must embrace an AI governance framework that covers every stage of the data lifecycle – from collection to processing, access control, and disposal. Incorporating privacy-focused design principles will be paramount throughout the lifecycle of AI projects and in governance strategies. This includes employing techniques like data anonymization to protect user privacy while maintaining data utility, for AI applications.
• Reliability and Accuracy: Despite their ability to swiftly process large amounts of information AI systems are not infallible. Instances of false positives or false negatives can occur intermittently potentially resulting in wasted resources or overlooked risks. Given that the effectiveness of AI and ML algorithms relies on the quality of the data they process companies will have to focus on refining their data preparation procedures to organize and cleanse datasets for precise results. This task is increasingly crucial, due to the rise of data poisoning, which involves introducing or altering training data in AI models to influence their outcomes. An influential study demonstrated that introducing 8% of incorrect training data could lead to a significant 75% drop in AI accuracy.
• The lack of transparency in AI systems, and learning models poses a challenge as they often operate as enigmatic entities that make it hard to comprehend how they reach specific conclusions or forecasts. This opacity creates obstacles for cybersecurity professionals who require insight into an AI system’s decision-making processes especially when addressing security threats. Without transparency, trust in AI-generated decisions declines. Verifying their accuracy becomes problematic. Moreover, false positives generated by AI systems can inundate security teams with efforts while false negatives may result in overlooked threats and compromised security measures. The absence of explanations for these errors, complicates the refinement of AI models enhancement of accuracy levels, and resolution of issues.

Cybersecurity professionals must verify the choices made by AI systems to adequately protect against new-evolving cyber threats.

Different kinds of biases can impact an AI system and the two main types include training data and algorithmic biases. Let us delve deeper into them below.

• Training data biases occur when the data used to train AI and machine learning (ML) algorithms lacks diversity or fails to represent the spectrum of threats. This can lead to errors, such as overlooking threats or misidentifying behavior as malicious. Often this stems from biases in the developers who curated the training dataset. For instance, imagine an AI developer who perceives hackers from Russia as a threat to US companies. Consequently, the AI model would be trained on data that are skewed towards threats from this region potentially missing out on identifying threats originating elsewhere, notably from within domestic boundaries.

Similarly, if a developer believes that a particular attack method, like social engineering attacks, is more prevalent than others the AI model may excel at detecting and countering this type of attack but struggle with identifying other significant threat categories such as credential theft or vulnerability exploits.

• Algorithmic bias also plays a role where the AI algorithms themselves can introduce bias into detection methods through processes, like pattern matching. Sometimes a situation might arise where harmless actions get wrongly identified due to patterns, such as marking any email with abbreviations or slang as phishing attempts. When an algorithm leans towards positives like this it can cause people to become overly alert. On the other hand, an AI system that relies on pattern recognition might miss variations in known threats leading to false negatives and overlooking potential dangers.

If left unattended both types of biases could create a false sense of security, inaccurate threat identification, alert exhaustion, susceptibility to risks and changes as well as legal and regulatory complications.

As the utilization of AI in cybersecurity expands, CISOs and other cybersecurity executives will have a role in leveraging AI potential while ensuring its efficient integration. By adhering to these recommended approaches these leaders can proficiently incorporate AI while addressing concerns regarding transparency, privacy, and security.

• Aligning AI strategy with business & security goals

Prior to implementing AI cybersecurity leaders should align their AI strategy with the organization’s business and security objectives. Clearly defining the desired outcomes pinpointing the cybersecurity issues that AI can tackle and ensuring that AI endeavors are consistent with the security strategy of the organization.

• Investing in AI professionals

While AI can greatly benefit a cybersecurity framework it should not overshadow expertise. Creating a team for utilizing AI is paramount.

Invest in recruiting information security experts well versed in AI technologies. By having a team equipped with the knowledge you can effectively implement AI solutions while continuously enhancing their performance. Cybersecurity leaders should advocate for promoting understanding of AI within their organizations to empower team members to utilize these tools and grasp their limitations.

• Thoroughly scrutinize solutions utilizing intelligence

Evaluate the reputation of the vendor, the effectiveness of their AI models and their dedication to cybersecurity and data privacy. Conduct trials to test the solution’s compatibility with your existing cybersecurity setup. Make sure that the AI solution meets your organization’s security needs and complies with requirements.

It is important to assess how they address bias in their solutions and what measures they use to do so. Strategies such as data collection and preprocessing practices diversity within AI development teams, continuous monitoring investments, and employing layers of AI can help reduce bias and enhance the impact of AI in cybersecurity.

• Establish a data governance framework as a foundation for AI success

This framework should focus on maintaining quality well-managed data while ensuring its integrity and privacy. Develop procedures for data collection, storage, labeling and compliance with regulations. Implement security measures to safeguard data throughout its lifecycle and enforce access controls for information.

Lastly prioritize using interpretable AI models that offer insights into their decision-making processes.

• Implement security measures to protect your AI infrastructure effectively

Ensure that you encrypt AI model details and data throughout the training, deployment, and inference stages. Safeguard AI systems, from entry and manipulation, by incorporating robust authentication methods, secure APIs, and access restrictions. Consistently. Patch AI frameworks and dependencies to tackle security weaknesses.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

The cybersecurity sector needs to get ready for challenges like the emergence of “Shadow AI,” where AI functions without supervision, and the possibility of AI-driven “Poly Crisis” resulting from complex cyberattacks. “Poly Crisis” situations refer to scenarios where multiple crises occur simultaneously or sequentially, interacting with and exacerbating each other, leading to a compounding effect that amplifies the overall impact. In the context of cybersecurity, this could mean a combination of coordinated attacks on different systems, cascading failures, or simultaneous breaches across various sectors, all driven or facilitated by advanced AI.

Moreover, there’s the anticipation of AI facing off against each other in offensive scenarios presenting a new dynamic in cybersecurity strategies. These changes require security testing and ongoing adjustments to proactively address risks.

AI is not a new term in cybersecurity. It has been a part of cyber protection for quite some time. Artificial intelligence (AI) is a wide term that includes numerous subfields such as machine learning (ML), deep learning (DL), and natural language processing. These fields frequently overlap and complement one another.

Machine learning (ML) is a subset of artificial intelligence that employs algorithms to create prediction models. This has been the most frequently used field in cyber security, from the early days of User and Entity Behavior Analysis (UEBA) in 2015 to SIEM, EDRs, and XDRs, and the technology has stabilized, allowing us to detect behaviors and abnormalities on a large scale.

In that climate, ChatGPT 3.5 was launched in late 2022, and since then, particularly since mid-2023, there has been an unceasing discussion about how AI will transform cybersecurity. This is almost like hearing the same stories from the early days of UEBA and XDR. Almost every cybersecurity product provider offers or intends to offer a Generative AI-powered layer on top of their current product. There is a lot of misinformation about how AI, particularly when used by malicious actors, introduces new hazards and that we need AI to combat them.

Large Language Models, also known as LLMs, are intelligence systems that can analyze and produce text resembling human language. By leveraging learning methods and extensive training data these systems can. Generate natural language text, for a range of purposes such as chatbots, translation services, content creation, and other applications.

In this piece, we shall concentrate on this element.

Short answer: Yes. However, in my opinion, a better question is whether AI poses a new risk to cyber defenders.

A great resource to understand AI risks is the MITRE ATLAS framework at https://atlas.mitre.org/matrices/ATLAS.

AI Security Threats and ATT&CK Enterprise Matrix Comparison

As shown in the diagram above, practically all the techniques, apart from ML Attack Staging, are similar to the ATT&CK enterprise matrix techniques (=traditional cyber-attacks). Even if we look at the strategies, the vast majority are related to attacks on LLMs themselves, making them incredibly relevant to LLM developers. What about LLM consumers? Do they share the same risks as developers? Can they do anything about it? Or what about the industry’s concern about bad actors leveraging LLMs? Does this information have any significant implications for the existing foundations of cyber defense?

According to security professionals, most of the problems associated with LLMs existed before LLMs, but the scale of attacks and efficiency of attackers have increased. Here are some of the risks:

• Attackers become more efficient when they use LLMs.
• Consumers inadvertently expose data in public LLMs through queries and uploads.
• LLM developers are concerned about the security and privacy of LLM technologies.
• Other issues, such as ethics, bias, and intellectual property.
• LLMs expand the attack surface.

This field has the most FUD (Fear, Uncertainty, Doubt) in the business, with companies marketing AI-enabled solutions to combat bad actors.

Looking at the most recent Gartner Hype Cycle for AI, we can see that Generative AI has reached its high, and the only route ahead is disillusionment.

Hype Cycle for AI (source: Gartner)

Attackers are usually looking for the easiest route out. What’s the sense of doing the difficult thing if defenders still don’t understand the basics and attackers continue to have easy opportunities?

According to the X-Force research, the most common attack vectors are identity theft, phishing, and compromising public-facing applications. This theme is also present in other reports, such as Verizon DBIR and Mandiant M-Trends reports.

Is there an advantage for attackers who use LLMs over those who do not? Possibly. They could create better phishing emails with higher click rates, perform better social engineering, or produce dangerous malware faster. Do we need to adapt our defensive tactics? Not really, because even without LLMs and with lower click rates, the possibility of compromise remains. Even a single compromised account can escalate to a larger crisis due to lateral movement and privilege escalation, as evidenced by numerous real-world cases in recent years.

It is critical to retain the high maturity of existing controls while focusing on post-exploitation controls that can prevent and/or detect post-exploitation strategies such as lateral movement, persistence, privilege escalation, command and control, etc.

At the moment, getting fundamental cyber hygiene configuration right and ensuring the efficacy of existing controls should suffice. We should only be concerned with esoteric attacks after the basis is solid.

This may alter in the future as the AI becomes more capable and develops new assault vectors, but as long as the attack vectors remain the same, the defensive controls can remain the same, albeit more agile and faster.

Data loss within organizations has always posed a threat with the rise of numerous public machine-learning models. This trend has opened avenues for enterprise users to inadvertently leak corporate information. While cybersecurity experts are well aware of these risks the average user may not be as vigilant.

A concerning issue arises when users unknowingly share data through chatbots or upload documents containing information for analysis. This poses a security risk.

Organizations often rely on Data Loss Prevention (DLP) Cloud Access Security Broker (CASB) Secure Services Edge (SSE) or Proxy solutions to monitor and regulate user activities. However, the emergence of Generative AI technology presents a challenge as many existing solutions lack categorization for Gen AI. Without this classification, it becomes increasingly difficult to keep track of the growing number of LLMs and the continuous influx of new ones each week.

Even if your current tools support Gen AI categorization it is important to recognize the benefits that this technology offers in addressing user challenges and enhancing efficiency. Therefore, it is crucial to ask questions such, as:

• Do we want to prevent all access to LLMs? This is arguably the simplest control to implement: block the Gen AI category of URLs in SSE/Proxy or other tools, as long as they support it. At the same time, we must be mindful of the possibility that we are impeding business growth. Whether we like it or not, Gen AI is an enabler, and businesses will undoubtedly seek to exploit it for increased efficiencies. If the environment is regulated and such use is prohibited, the decision becomes easy. Otherwise, we should be flexible in our approach.
• If not blocking, then what? Use a risk-based approach. Perhaps people entering their prompts and receiving responses is acceptable but pasting data/scripts or uploading documents is not. Perhaps we can enable the use of public LLMs while blocking any paste or upload actions with SSE/DLP or something similar. This can be developed further. Perhaps we should enable pasting or uploading data while blocking sensitive info. This necessitates that the organization has developed data protection rules and the ability to identify sensitive data.
• Can we supply an authorized LLM for the enterprise? While the majority of LLMs are public and free to use, providers such as OpenAI, Google, and Microsoft have begun to offer premium and enterprise versions. One such example is Microsoft Copilot (previously Bing Chat Enterprise), which is included with practically all M365 and O365 SKUs for free. It utilizes the well-known GPT 4 and DALL-E 3 LLMs. When using a Work or School account, it offers commercial data protection. Commercial data protection means that both user and organizational data are secured. Prompts and responses are not saved, Microsoft has no direct access to the chat data, and the underlying LLMs are not trained using the inputs. This could be a suitable choice for organizations using M365 or O365, as well as analogous solutions for non-Microsoft stacks. If your budget allows, there’s also Copilot for Microsoft 365 which has access to the same internal documents and files that a user has and is a very powerful productivity enhancer.

The final solution can be a win-win situation, giving users something that increases their productivity while also providing them with new and fascinating technology to play with, but banning all other LLMs. We still need to train users on the hazards of Intellectual Property protection, mistakes, and submitting sensitive data.

In the business sector, as opposed to consumer solutions, LLMs are meant to solve an issue using enterprise data, which means users ask questions or provide insights based on corporate data. Invariably, such LLMs will have several connections with inputs, data sources, data lakes, and other business applications.

Attackers are noted for their creativity in using current capabilities to evade defenses. Living off the Land Attacks are widely documented. Can we expect a Living of the LLM attack in the future? Access control and permission across the entire stack, including interfaces and APIs, will be critical. As companies speed up the deployment of LLMs and connect them with organizational data, cyber defenders will need to step up and devise tactics to prevent misuse or abuse of this new attack surface.

If you’ve gotten this far, you’re probably wondering if there are any benefits to LLMs in cyber security. The quick answer is yes, but considerably less than the present noise that surrounds this industry. Let us look at some of the use scenarios that can truly help cyber defenders:

• SOC teams have traditionally faced challenges in quickly and accurately assessing incidents. LLMs can help enhance this process to some extent. By analyzing volumes of data adding context to alerts, evaluating severity levels and recommending actions LLMs offer valuable support. When SOC analysts ask questions in plain language LLMs can translate them into more complex queries, retrieve relevant data and present it in an easily understandable manner. This trend towards leveraging AI technologies is evident in the cybersecurity industry with the emergence of solutions like Microsoft Copilot for Security and various other AI chatbots integrated within EDR/XDR/CNAPP offerings.
• While the capability appears to be encouraging, it also poses risks. Without appropriate grounding, LLMs are prone to distorted perceptions, and a SOC Analyst, who may not have a lot of experience, is more likely to trust the output of an LLM. What if it’s wrong? While there is a rush to incorporate LLMs into every product, as customers, we must be mindful that the benefits of standalone products will be small, and the true benefits will come from solutions with access to huge data lakes such as SIEM or XDR. If the solution landscape is fractured, you may wind up with numerous LLMs embedded in each solution, putting us back at square one, with the human needing to correlate them all.
• Potential Threat Hunting. This could be the most important use case, but the world has yet to see a model capable of doing threat hunting. A model that may assist the SOC Analyst in hunting by transforming natural language questions to complicated SIEM/XDR query language will greatly reduce fatigue and make life easier.
• SecOps Automation. LLMs are similar to advanced SOAR playbooks in that they can contextualize an alarm and perform or recommend specific remedial actions. The capacity to develop bespoke playbooks on demand for each alert can significantly increase productivity. However, given their proclivity for hallucinations, it will take a courageous company to permit LLMs to execute responsive actions. This use case will still require a human in the loop.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Gen AI has evolved at a rapid and astounding rate. Since the debut of ChatGPT, various revisions of Gen AI technology have been published at a rapid pace. It’s hard to believe that it’s only been over two years since ChatGPT’s original debut in November 2022, and we’re already seeing multiple multi-modal (being able to work with text, audio, images and video) LLMs with varied capabilities.

While the cyber security community was still working to define XDR, we now have a new vector to consider. Threats may be handled today with existing processes and technologies, but the future will undoubtedly be different. While the impact of AI in cybersecurity has a bright future we expect to see AI-powered autonomous attacks with enhanced defense evasion in the coming years, which will be a significant issue.