{"id":65,"date":"2024-06-26T00:00:00","date_gmt":"2024-06-26T00:00:00","guid":{"rendered":"http:\/\/localhost\/wordpress\/?p=65"},"modified":"2025-02-19T12:38:35","modified_gmt":"2025-02-19T12:38:35","slug":"when-it-comes-to-cyber-resilience-and-ai","status":"publish","type":"post","link":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/when-it-comes-to-cyber-resilience-and-ai\/","title":{"rendered":"When It Comes to Cyber Resilience and AI, Be Sure to Stretch the Limits of Your Imagination"},"content":{"rendered":"

In the aftermath of the tragic fire that killed three Apollo 1 astronauts in 1967, a US congressional hearing was convened to discuss the cause and what to do about it. Frank Borman, a highly respected astronaut, testified before the committee and was asked a straightforward question: \u201cWhat caused the fire?\u201d<\/p>\n

Instead of giving an answer laced with technical details, he responded simply and eloquently: \u201cA failure of imagination.\u201d<\/p>\n

What I\u2019d like to tell all my cybersecurity colleagues and their bosses is that we are in greater jeopardy than ever at compromising our cyber resilience\u2014our ability to rebound immediately and fully from a cyberattack with minimal operational impact\u2014unless we stretch our imaginations. And the inspiration for that effort is both a threat to us and a force multiplier for us: artificial intelligence (AI).<\/p>\n

On the one hand, AI has been leveraged extensively and expertly by cybercriminals, from rogue nation-states and malicious insiders to lone wolf hackers. Other than perhaps their own persistence, it is probably their strongest weapon. On the other hand, however, it is our greatest asset and our best hope to stay one step ahead of the attackers \u2026 if we use our imagination.<\/p>\n

Threats to Our Resilience<\/h2>\n

Two years ago, I wrote about cybersecurity in a post-COVID world. Although the pandemic was not officially \u201cdone\u201d when I wrote those pieces, I stressed the need for CISOs and CIOs to put in place plans to ensure stronger cybersecurity and cyber resilience when we had finally blunted COVID. Why? It was clear that another viral threat could emerge in the future, and we had to make sure we could withstand its impact. After all, cyberattackers had learned things too.<\/p>\n

Then came generative AI.<\/p>\n

Think back a few short years, when rootkits could be easily obtained on the dark web, often triggered by phishing emails that were crude and amateurish. Now, hackers use broadly available and much more sophisticated GenAI tools like ChatGPT. Remember those phishing emails replete with spelling, grammar, punctuation, and syntax errors? Gone. All the hackers needed to do was ask ChatGPT to craft them a spotless email.<\/p>\n

Another important threat to our resilience is one we\u2019ve seen and experienced in the past, except now it\u2019s on hyperdrive. I\u2019m talking about presidential elections\u2014but not just here in the US. During 2024, there will be more than 60 elections around the world where a state leader will be selected. What a field day for political hackers who want to sow discord among populations with disinformation, deepfakes, and cherry-picked messaging tailored to the biases and fears of a single voter.<\/p>\n

I probably don\u2019t even need to bring up AI-inspired ransomware against our financial institutions. Even with the state-of-the-art cybersecurity defenses banks and other repositories of wealth and sensitive data have erected, the bad guys keep coming, thanks to their sophisticated and creative use of AI and ML algorithms.<\/p>\n

What We Need to Do<\/h2>\n

For those of us\u2014CISOs, business executives, and cybersecurity industry leaders\u2014charged with ensuring our systems are up and running and our data is protected, it\u2019s essential to define what \u201cgood\u201d looks like when it comes to cyber resilience<\/a>.<\/p>\n

One thing is clear: We must be able to block even the most sophisticated attacks without involving a single human being, if necessary. I\u2019m not saying we don\u2019t need great cyber sleuths and deeply committed security analysts; we certainly do. But we have to abandon the mindset that says we can\u2019t trust AI without direct human intervention. We have to trust the AI model. If AI tells us that a firewall indicates a problem, we must accept that and proactively block the potential attack. No time to do manual triage to tell us if it\u2019s a credible attack or a false positive. A second\u2019s delay can be catastrophic. Humans can and should augment AI models\u2014and, of course, train them\u2014but they can\u2019t be a bottleneck. Our goal must be to get as close to near-real time as possible, and we can\u2019t do that without AI.<\/p>\n

We also must reimagine our approach to managing business risk. It\u2019s not just where our organizations are today with an expanding attack surface<\/a>, dealing with runaway data proliferation, supporting the anywhere\/anytime workforce, managing complex supply chains, and meeting spiraling regulatory demands. It\u2019s that those are all going to be more complex and critical year after year.<\/p>\n

We also should reimagine our security frameworks. It\u2019s not just technologies or processes, but entire strategies for cybersecurity and resilience. Modernized, forward-thinking metrics are needed to properly measure security efficacy. If we can\u2019t tell ourselves\u2014let alone our C-suite colleagues and our board members\u2014whether our efforts are actually working, we\u2019re lost.<\/p>\n

Finally, our threat response<\/a> has to be faster, more automated, more intelligent, and more contextdriven than ever. Do we want to chase down every alert as though it represented a direct threat to our survival or handle each alert with the same gravity?<\/p>\n

AI Changes How We Do Security<\/h2>\n

The best way to understand what AI can do for our adversaries and our customers is to actually get your hands around it. We\u2019ve been engineering AI into our products at Palo Alto Networks for more than a decade. AI provides a tremendous boost for us\u2014both as a leading cybersecurity technology partner and as a large potential point of attack for criminals\u2014in several ways.<\/p>\n

It helps us and our customers supercharge security teams to be more effective and efficient\u2014a musthave capability as the pace of change in security threats accelerates. It also helps organizations block sophisticated attacks without human intervention.<\/p>\n

In order to do this, organizations must:<\/p>\n