At Mandiant, consultants have been leveraging AI to analyse threat actors’ smart contracts, investigate on an alert for a PowerShell script reduce investigation time, and increase the speed of malware analysis. The company’s Chief Technology Officer for APAC, Steve Ledzian, believes in AI’s ability for threat detection, repetitive task elimination and digital transformation.
How have information security awareness, adoption, regulation and enforcement evolved?
Steve Ledzian: There is an increased focus on cyber risk and addressing that risk, we are seeing a lot more activity presenting to boards who have taken a greater interest in cyber risk. CISOs need to have a seat at the board table and have cyber risk seen as a business problem instead of as a technology problem, and I think great strides have been made there. A lot of the Board’s organisations are seeing the headlines, seeing the impact and treating cyber risk as a business risk, as it should be treated. Governments are taking cybersecurity more seriously.
What are ways for the lesser-privilege organisations to protect themselves?
Steve Ledzian: It’s really important for companies large and small to do this piece of detection and response combined with prevention to be more resilient. The detection and response piece is a little bit harder because of the prevention technologies. They're largely set-and-forget technologies. You put them in the block, the detection and response technologies have to be piloted by expertise and as you said small organisations might not have that expertise. In fact, there's a talent crunch, even the very large organisations are struggling to find the right people who have that expertise. A lot of organisations are outsourcing that detection and response efforts security services.
Specifically, there are the MSPs (Managed service providers), but there’s something called managed detection and response. It’s a separate category from MSSPs (Managed security service providers)
How do you find the balance between innovating and keeping the systems running?
Steve Ledzian: It’s really important that security is architected into the solution from the very beginning. It's really important that security is stressed that there's a risk assessment. And those risks are addressed right from the beginning, right in the architecture.
I think it's got to be more the mindset. It has to be a culture of security where security is everyone's responsibility. If it's not, you'll go down a path where you're innovating without security considerations, and inevitably attackers find issues and exploit them.
You'll find organisations that have a culture of security and everyone has an ownership stake in security, not just the security team and the CISO.
And then you'll find organisations where it's more heavily adjusted to just the security team. And I think you get better security outcomes if you have a culture where security scene is happening.Steve Ledzian
What can you say about encountering risks, security, privacy and ethical questions around AI?
Steve Ledzian: We're still in their early days. We'll see a lot more from this incredibly powerful technology. It comes back to doing things at the architectural level.
So at Google, we make very, very intentional efforts to be bold, but also to be responsible with what we're doing with AI. So we have AI security principles that we laid out long ago that we follow to address concerns around trust privacy and safety issues.
At Google, we also have what's called a secure AI framework that we just released in June of this year. And that's meant to mitigate some of the specific risks against AI systems, and we even have teams that are Red teams, taking the position of an attacker and trying to break or exploit in some way.
To what extent can I trust AI to lead talent shortage? And is it the right approach?
Steve Ledzian: I think AI can help remove a lot of the toil with a lot of tasks that are repetitive in nature, speed things up for security practitioners and make the existing talent a lot more efficient. It doesn't mean that AI is going to replace human jobs. The way to think about AI is as an assistant and assisting those practitioners. That opens the talent pool a little bit and it also allows that talent to be more efficient and get the answer that they're looking for more quickly.
There are endless combinations and possibilities that AI can be used just for the security discipline alone. And I think, you know in the next year and forward we'll see in pretty incredible advancements and hopefully some relief on the pressure for that cyber talent demand.
Where do we get the balance between aggressive digital transformation innovation and cyber security?
Steve Ledzian: Digital transformation has been great for organisations, great for the customers of those organisations, but it's also good for attackers because as organisations become more agile, can develop more quickly.
The security teams are still responsible for securing everything whether those development teams tell them what they're doing or not. And so, a security team struggle often to know what assets we need to protect, what new assets we have today that we didn't have yesterday, what assets either new or old, might have a new exposure, a new vulnerability which might pose risk.
Managing and understanding the attack surface is critical for digitally transformed organisations. And it's as important as all the other things we mentioned that preventative technology is the detection and response technologies.Steve Ledzian
Cybersecurity and AI
AI expands the capabilities of threat actors by abusing the technology for social engineering schemes, password hacking, deepfakes, and data poisoning among others.
However, it can also be a game-changing tool for defenders to immediately detect and respond to malicious players. It can provide organisations with an edge in preventing attacks, stopping breaches, protecting data, and lowering IT costs for enterprises