In a recent Revelry webinar, I had the opportunity to explore a topic that continues to challenge business leaders in new and troubling ways: cybersecurity; more specifically, cybersecurity in the age of artificial intelligence. From advanced phishing that leverages audio and video cloning to the creation of language models designed to generate malware, modern cybercriminals are well armed with AI-driven tools – and businesses are more vulnerable to attacks than ever before.
The solution: a posture of cyber resiliency. The National Institute of Standards and Technology (NIST) defines cyber resiliency as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.”
As to what cyber resiliency looks like in practice, an abbreviated look at the four steps is below. For greater detail, along with specific examples of how AI is being used to both attack and defend organizations of all sizes and industries, check out the webinar recording.
Cyber Resiliency, Step 1: Anticipate
Anticipating cyberattacks requires you to not only have the appropriate systems in place (i.e. intrusion detection and prevention systems, code-scanning tools, etc.), but also conduct regular firewall and network security audits, as well as employee and service account permissions evaluations.
Of equal – and perhaps even greater – importance is fostering a blameless culture, and a commitment to ongoing security improvement (versus simply maintaining).
A current and practiced incident response plan is vital, as well, as it will guide you through every step of maintaining cyber resiliency. You can look to NIST’s Computer Security Incident Handling Guide for a comprehensive resource for developing a plan.
Cyber Resiliency, Step 2: Withstand
Withstanding a cyberattack demands multiple layers of security, and a Security Information and Event Manage (SIEM) platform provides critical visibility across layers and systems. An incident response plan that your IT / IS / Engineering teams are familiar with and comfortable executing will be crucial to guiding your response. This may include dramatic measures, like taking systems down to isolate them from causing further harm or invalidating credentials; staff should understand the steps for doing this, as well as what the impact(s) will be.
Cyber Resiliency, Step 3: Recover
Recovering from a cyberattack requires equal parts process and questioning (in the most humble of ways…don’t forget the blameless culture portion of Step 1.)
Begin by confirming how the breach happened, and then fix it by leaning into your backup and restoration strategy. You’ll want to quickly determine if you need outside support / expertise, both technical and legal. You should also notify all affected parties, clearly explaining what happened and what’s being done to resolve the situation.
Cyber Resiliency, Step 4: Adapt
Adapting to business as usual post-cyber attack – moving forward feeling confident in what you’ve learned and how you’ve adapted to prevent future attacks – is easiest when you:
- Conduct a thorough post-mortem(s), documenting all details of the event.
- Learn lessons from the attack(s) and modify your security strategy appropriately.
- Share what you’ve learned. It can be difficult to share about hard knocks, but the more we share, the stronger we are – as individuals, as businesses, and as a society.
View the recording of Eric’s full webinar presentation, “Good vs. Evil: Cybersecurity in the Age of AI.”.
Want to chat more on this topic (or anything tech)? Connect with our team. We love this stuff!
We're building an AI-powered Product Operations Cloud, leveraging AI in almost every aspect of the software delivery lifecycle. Want to test drive it with us? Join the ProdOps party at ProdOps.ai.