paint-brush
Defending Your Organization Against AI-Powered Hackersby@blinkops
188 reads

Defending Your Organization Against AI-Powered Hackers

by Blink OpsAugust 3rd, 2023
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

Bad actors are now using new AI-powered tools to launch more sophisticated attacks. In this post, we outline steps you can take to defend your organization.
featured image - Defending Your Organization Against AI-Powered Hackers
Blink Ops HackerNoon profile picture

With the surge in popularity of generative AI tools and large language models, individuals now have the incredible capability to amplify the quantity and caliber of their work like never before.


However, all great advancements have a dark side. The world of cybersecurity is not exempt from this revolution, as malicious actors can now employ AI-enabled tools to outwit organizations and capitalize on vulnerabilities on a grand scale.


To stay ahead of emerging AI-powered threats, it’s crucial for your organization to be adequately prepared. This post outlines essential steps that you can take to safeguard against these challenges.


Strengthening Your Organization’s Security Foundations

Even before the popularization of AI tools, most organizations were not adequately prepared for serious cybersecurity attacks. There are dozens of reasons for this, but at its core, maintaining a strong security posture is like running on a treadmill.


There are always new vulnerabilities being uncovered and exploited. Malicious actors don’t stand idle while organizations undergo changes in management, backfill team members, implement new policies, or accrue technical debt.


The gap between the demand for cybersecurity jobs and the supply of experts has been well documented. The reality is that many organizations are falling behind compared to the threats they face. It’s never been more important to build out a robust cybersecurity team and empower them to develop lasting security systems.


Get the Security Basics Right

While the new AI technologies can accelerate how hackers attack, organizations still need to execute the basic security best practices:


  • Is MFA enabled on critical applications?

  • Are you using strong passwords?

  • Do you have endpoint security and device management tools installed everywhere?

  • Do you have firewalls and strong network security settings?

  • Are you rotating access keys periodically?

  • Are you following the principle of least privilege when assigning permissions?


By reducing weak links and variability across your attack surface, you can ensure a maintainable baseline security posture. If you don’t have the basics solved, you’re vulnerable regardless of what technologies bad actors are using.


Expand Security Education Across Teams

Your security is only as strong as your weakest link. In many attacks, all it takes is one non-vigilant employee to open the door to a breach. Consistent education and training for all employees is a core component of strong security posture.


Phishing attacks in particular have grown eerily convincing. It’s simple to use generative-AI tools to build webpages, write persuasive messages, and even impersonate someone’s tone with a sample of their writing.


Organizations with higher cyber literacy and a culture of security awareness have the competitive advantage and are more resilient against attacks. Consider what your security training program looks like for employees across the entire company.


  • What threats are not currently covered in your regular training?

  • How frequently do you remind employees of social engineering attack red flags?

  • How can you make it easier for employees to know what actions are risky?


By providing security education and training, organizations can ensure their employees are better equipped to detect and report threats. A security-first company culture makes for easier and faster responses to severe threats from the security team.

Monitor Attack Surfaces and Manage Alerts

It’s critical to equip your organization with the proper tools to monitor for malicious activity and malware. Now is the time to consider every possible attack surface: company and personal devices, email inboxes, networks, exposed digital resources, APIs, SaaS applications, and even corporate offices.


Do you have tools or processes that monitor your organization’s status in each area and notify you of any suspicious activity?


Many organizations have a dedicated Security Operations Center (SOC) that receives alerts from various security tools, prioritizes which alerts are serious threats, and investigates to determine whether they are critical, contained, or false positives.


If you are in a large organization with a large attack surface, you could see thousands of alerts every day.


Some of these alerts are native to the tools you use. For example, Okta will notify you about suspicious login attempts and CrowdStrike will notify you if malware is detected on a device. If you have custom rules and policies your team has set using a cloud security or security automation platform, you would receive alerts from events that meet that criteria.


Triaging security alerts at scale is a discipline that requires your team to iterate constantly. They must prioritize which alerts require thorough investigation, which alerts should be resolved with automated workflows, and what policies can be implemented and enforced to minimize common low-level alerts.\

If you don’t have an efficient way of fielding alerts, your team will end up with alert fatigue, burn out faster, and struggle to make the most out of their time.

Launch Proactive Security Automation at Scale

So far, we’ve walked through some fundamentals to invest in a security team, implement basic security best practices, create a culture of security awareness, and monitor for malicious activity across your organization. If your team is already at this stage, then you are in good shape to face the security threats of… 2015?


The security landscape changes constantly. The shift to cloud computing, SaaS applications, and a new generation of monitoring tools has added significant complexity for security and IT teams to manage.

Streamline Communication Workflows Across Your Organization

Maintaining a strong security posture in 2023 requires coordination across multiple teams. Large organizations have teams designated for specific security use cases:


  • Security Operations Center (SOC)

  • Identity and Access Management (IAM)

  • Governance Risk and Compliance (GRC)

  • IT/ SaaS Security

  • Cloud Security


To create streamlined communication and amplify the impact of your security team, you need automated workflows to connect your tools to your people in a seamless way.


For example, when Okta sends out an alert for a suspicious login, does your team need to manually read the alert, draft an email or message, send it to the employee to verify that they were the person trying to log in, and resolve the alert if it’s a false alarm?


Handling tasks like this manually has a serious opportunity cost when you could be spending that time proactively improving your security posture.


Enforce Security Best Practices with Modern Automation at Scale

While fielding alerts in a sophisticated way is important, taking steps to implement security best practices as enforced policies can reduce the overall volume of alerts.


For example, once you set an automated policy that checks whether a new AWS S3 bucket is publicly-accessible, you can catch poor security configurations upfront and notify the AWS user that launched it that they need to change the settings.


Without the automation in place to run this check, you only avoid public-accessible buckets by routinely querying across your AWS account and manually following up with users and updating settings. The context-switching required for this makes it impractical, especially considering how many different AWS resources could have insufficient security settings.


In this framing, consider how easy it is for your team to create automated workflows. Does it require scripting or submitting a request to a security analyst?


Your team’s ability to create automated workflows (whether it’s to handle alerts, enforce policies, or streamline communication) is the exponential lever on the impact of your daily work.

Security automation previously required scripting, then came low-code tools that enable you to drag-and-drop actions into a canvas and build custom automation across tools faster than ever. And now, there’s another seismic shift.


Incorporate AI Capabilities into Your Security Systems

“When a new S3 bucket is created, check if it is publicly accessible. If it is public-accessible, notify the AWS user that they need to update the settings to block public access.”


This is a security workflow in two sentences. How powerful can a couple of lines be? Much more powerful than you’d think.


Introducing generative AI into the security automation equation means now all you need is a prompt to generate an automated workflow. In other words, it’s never been easier to turn security best practices into active security policies for your organization.


This next generation of security automation comes at a critical time since malicious actors are also adopting AI technology to formulate new attacks and extract more damage.


If you have brittle or legacy security infrastructure, you may be prepared for the types of attacks we’ve seen in recent years, but you may not be able to adapt to the new types of attacks that we haven’t seen yet.


Fundamentally, security teams will need to embrace AI-powered tools to gather information faster, enforce new security policies at scale, and interact with targeted employees in-real time to validate their identity and obtain additional context.