Securing the Future: Cybersecurity Perspectives for 2024
In an insightful exploration into the future of cybersecurity, Collider Convo recently hosted experts from Altimetrik to discuss the role of AI in cybersecurity. Expert Aladdin Elston, a black belt in information security whose early days as a teenage hacker informed his development of security frameworks for global organizations, was joined by Matthew Manalac, a cybersecurity engineer and penetration tester, whose decade-plus experience in tech provides a rich perspective on digital defenses.
Hosted by Altimetrik Collider’s Jacob Smith and Rhyan Robinson, this conversation steers us through the vital discussions on the advancements and challenges in artificial intelligence (AI), machine learning (ML), large language models (LLM), zero trust networks (ZTN), and cloud security for the year ahead.
Understanding Cybersecurity
When discussing cybersecurity trends, we must ground ourselves in cybersecurity’s core principles. Described as our digital world’s guardian, cybersecurity protects our computers, networks, and data against threats. It is a collective effort that requires the collaboration of individuals and organizations alike to deploy strategic defenses against digital adversaries.
"We take an adversarial perspective,” says Aladdin Elston, head of information security at Altimetrik, “We think with the attacker's mindset."
This approach is about foreseeing potential threats by adopting an attacker's viewpoint, aiming to spot vulnerabilities from an external perspective. It’s a strategy that not only uncovers current weaknesses but paves the way for a comprehensive educational roadmap toward achieving security maturity. As AI’s integration into our daily work routine becomes ever more pervasive, concerns about its security are at the forefront of every organization.
"Last year AI was huge, now people adopt it, and it is in everyone's top of mind," Elston notes, pointing out the dual-edged sword of AI adoption and its security implications.
The exciting prospects of chatbots and AI systems are tempered by the potential risks they pose if manipulated by hackers, explains Elston.
"So while people are excited about the revolution, they're also very cautious," says Elston.
Altimetrik's response focuses on identifying AI, ML, and LLM vulnerabilities, emphasizing security risk assessments, AI threat modeling, and the importance of traditional cybersecurity best practices. Part of this requires delving deeper into the adversarial threat landscape.
"We really want to dive in and do some red teaming, actually attack the model, actually attack the chatbot," says Elston.
The Importance of Red Teaming
Red teaming is one method that organizations can use to take a proactive approach to cyber security.
According to technology provider, IBM:
“Red teaming occurs when ethical hackers are authorized by your organization to emulate real attackers’ tactics, techniques, and procedures (TTPs) against your own systems. It is a security risk assessment service that your organization can use to proactively identify and remediate IT security gaps and weaknesses.”
Matthew Manalac, Altimetrik’s cybersecurity engineer and penetration tester, emphasizes the critical role of red teaming in adapting security testing methodologies to the unique challenges posed by AI technologies.
"I was able to get the chatbot to give me access or actually to give me an outline of the APIs that are being used within the application,” says Manalac.
This exercise revealed a hidden deprecated API with admin functions and underscored the necessity of comprehensive cybersecurity measures to prevent unauthorized data access and manipulation.
But how are these attacks happening?
According to Manalac, injection attacks are likely the most common cybersecurity attacks due to the proliferation of AI chatbots. This shift highlights growing vulnerabilities as AI becomes more integrated into business operations, making such attacks more prevalent and a higher priority in cybersecurity strategies.
The discussion extends beyond technology to the implications of cybersecurity in politics, news, and factual reporting. Elston stresses the importance of robust defenses in these domains to ensure that the public can trust the integrity of the information they receive, safeguarded from the risks of deep fakes or forgery.
“Any kind of factual organization is going to want to have these kinds of defenses built into the environment,” says Elston.
Leveraging AI in Cybersecurity
Although AI can present cybersecurity vulnerabilities if not properly fortified, it can also offer opportunities for companies to strengthen their defenses. AI's capability for real-time data analysis and threat detection, alongside its application in phishing detection and other security tasks, showcases its potential as a powerful ally in bolstering cybersecurity.
“In many ways, AI can be used for offensive purposes, but it can also be used to secure your company's infrastructure as well as increase the security posture," says Manalac.
When used appropriately, AI can be leveraged in cybersecurity workflows to boost efficiency and enhance security teams' abilities.
"Not only am I more efficient with a lot of my security testing, but it's also enhanced a lot of my current abilities," says Manalc.
Integrating Cybersecurity into Your Operations
The imperative to embed cybersecurity into an organization’s operational fabric is becoming increasingly evident. The insights provided by Elston and Manalac offer a compelling roadmap for leveraging AI to fortify defenses against the myriad of cyber threats.
Part of that roadmap includes scaling security teams.
“That has been one of the biggest problems security has faced for the last few years: not having enough people to do the work to secure the environment,” says Elston.
Altimetric offers services to help companies develop their in-house security teams, including bespoke training dedicated to educating employees on becoming security analysts. These security trainings range from web and mobile application security to penetration testing.
This, Elston reflects, is a big differentiator from other security firms.
“At Altimetrik, we really bring that training mentality to organizations,” says Elston, “So anyone with a technical mindset or interest in the field we can teach to become security consultants.”
Fortify Your Organization’s Cybersecurity for the Year to Come
Cybersecurity should not be an afterthought but a foundational element of our strategic planning and daily operations. By prioritizing integrating robust cybersecurity measures, you can protect your digital assets and ensure your ventures' resilience and sustainability in the face of evolving challenges.
Don’t be a victim. Contact Altimetrik to learn what you can do to take a proactive role in your organization’s cybersecurity.