The Age of AI in Cybersecurity
Welcome to Trend Micro’s monthly newsletter, The Strategic CISO. Discover the latest and most popular blogs from the CISO Resource Center, a dedicated space for the latest strategic insights, best practices, and research reports to help security leaders better understand, communicate, and minimize cyber risk across the enterprise.
Our goal is to inform security leaders about best practices, the latest industry insights, and more. Let us know what you would like to see from The Strategic CISO newsletter.
We Expand Our AI-Powered Cybersecurity Platform to Combat Accidental AI Misuse and External Abuse
Securing the AI Journey
We introduced new capabilities to protect every person accessing public or private generative #AI services across organizations. The new elements in Trend Vision One? – Zero Trust Secure Access (ZTSA) continue Trend's leadership as the first vendor to focus on securing AI services as well as the people using them across the enterprise:
Building on years of using AI to better protect customers, the newly launched capabilities in Trend Vision One? help to manage the human risks inherent in using AI. These arrive as additions to proven capabilities for contextualizing alerts and decoding complex scripts, powering threat-hunting queries that can help eradicate credential #phishing, recommending customized response actions, and more.
Experts at Trend also provided guidance to the US Cybersecurity and Infrastructure Security Agency (CISA) on possible revisions to its Zero Trust Maturity Model (ZTMM), which aims to help organizations secure emerging tech integrations in their projects. Trend upholds a robust responsible AI model and believes that all security vendors have a responsibility to ensure technologies are developed and used in ways that are ethical, transparent and accountable. This cyber risk associated with AI applies to security vendors as well.
As a trusted partner to global law enforcement and security advisory committees, Trend proudly provided guidance to the US Cybersecurity and Infrastructure Security Agency (CISA) on its Zero Trust Maturity Model (ZTMM), which aims to help organizations secure emerging tech integrations in their projects. Additionally, Trend is a proud signatory of the "Tech Accord to Combat Deceptive Use of AI in 2024 Elections" to fight misinformation.
Find out more here, "Trend Micro Expands AI-Powered Cybersecurity Platform to Combat Accidental AI Misuse and External Abuse "
Back to the Hype: An Update on How Cybercriminals Are Using GenAI
In August 2023, we published an article detailing how criminals were using or planning to use generative AI (#GenAI) capabilities to help develop, spread, and improve their attacks. Given the fast-paced nature of AI evolution, we decided to circle back and see if there have been developments worth sharing since then. Eight months might seem short, but in the fast-growing world of AI, this period is an eternity.
Compared to eight months ago, our conclusions have not changed: While criminals are still taking advantage of the possibilities that #ChatGPT and other LLMs offer, we remain skeptical of the advanced AI-powered malware scenarios that several media outlets seemed to dread back then. We want to explore the matter further and pick apart the details that make this a fascinating topic.
We also want to address pertinent questions on the matter. Have there been any new criminal LLMs beyond those reported last year? Are criminals offering ChatGPT-like capabilities in hacking software? How are deepfakes being offered on criminal sites?
Criminals are using generative AI capabilities for two purposes:
To better understand the approach of criminals toward the adoption of a new technology, one must understand three fundamental rules of cybercriminal business model:
Find out more in our blog, "Back to the Hype An Update on How Cybercriminals Are Using GenAI "
The CISO Credibility Gap
This disconnect between IT/cyber and business leadership is manifested in one other very obvious and damaging way. Some 79% of global cybersecurity leaders have felt boardroom pressure to downplay the severity of cyber risks facing their organization. Of these, 43% say it is because they are seen as being “repetitive” or “nagging”, and 42% that they are viewed as overly negative. A third (33%) claim they have been dismissed out of hand. The truth is that boards have little time for death-by-PowerPoint presentations from the CISO, crammed with industry jargon and irrelevant metrics.
领英推荐
The C-suite wants to know things like:
? How is cyber supporting our business objectives?
? What is the ROI of our investments in cyber?
? What are the cyber-risk implications of our latest digital transformation initiative?
These may not be easy questions to answer. But they get to the heart of the matter for boards. They aren’t interested in the minutiae of managing a cybersecurity program. They want to know answers to big-picture strategic questions like “how secure are we?” and “how does our security program compare with our peers?”
CISOs unable to answer these questions suffer a major credibility gap, which is why boards are belittling and shutting them down. On the other hand, when they are able to align cyber with business strategy, the benefits are clear. Half (46%) of respondents say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been viewed with more credibility.
Learn more about the CISO Credibility Gab here .
Trend Micro Protects Consumers in the Age of the AI PC
While AI presents great promises to consumers, it has also afforded cybercriminals the opportunity to perpetrate scams and fraud in the form of tactics such as harder-to-detect #phishing emails or deepfake videos. In a recent study conducted by Trend, nearly 72% of respondents expressed excitement about #AI's potential to enhance task quality and uncover new opportunities, but almost 65% said they worry about AI's role in spreading misinformation while 58% are concerned about AI's misuse of their images and likeness. Beyond these potential abuses of AI, there are other possible vulnerabilities to AI applications themselves that, without protection, may result in consumers unknowingly being misdirected or unintentionally exposing their private data.
Eva Chen, Co-Founder and CEO at Trend: "Generative AI represents an infrastructure shift that requires us to use our long history of understanding digital threats to develop innovative solutions and meet the moment. Our goal is to ensure every user, from individual consumers to the largest organizations in the world, can harness the full potential of AI and AI PCs securely and confidently."
The arrival of AI PCs also represents another shift in how consumers will use AI applications in the future, thanks to the neural processing units (NPUs) that power them. IDC predicts AI PCs will make up nearly 60% of all PC shipments worldwide by 2027, growing from 50 million units in 2024 to more than 167 million in 2027.* With an AI PC, consumers will now be able to use AI applications locally on their devices, promising better speed and privacy than having to access or send data to be processed in the cloud. This additional computing power also presents the opportunity for Trend to deliver some of its cloud AI capabilities on device and introduce new capabilities that take advantage of the efficiency and data privacy benefits that AI PCs offer.
Trend will be delivering solutions for consumers in the second half of 2024 that are designed to protect AI, protect users from AI abuses, and leverage AI in both existing and new products and services including:
Find out more about our protection of consumers in the age of AI here .
Deepfakes and AI-Driven Disinformation Threaten Polls
With 2024 having many elections occurring around the world, and the US looking at a Presidential election in November, we’re already seeing some concerning aspects of what is to come. In my opinion, misinformation/disinformation campaigns are the most significant challenges we will have as citizens trying to figure out what news is real or fake. The technological advances over the past few years have allowed anyone worldwide to post information on the Internet about any topic they want. Whether this is using bots in social media to spread information quickly and broadly or newer deepfake technologies that can imitate a person via video or audio just by asking an app to create any messages they want, people are finding it harder and harder to identify what is real versus fake.
Technology like AI and Generative AI (GenAI) allows anyone, anywhere in the world, to utilize it to support misinformation campaigns. GenAI can be used to create information in any language, so non-English speaking people can easily create an English-based piece of content that they can share. Note the goal of the person or group is not flawless content production. Analysts and the educated public can usually tell that a particular video or voice is deepfake now. However, their target audience is often distracted by the way they consume news and information in general, which is often from the small screen of the mobile device. They also tend to share very emotionally provoking content quickly. So, even poor-quality deepfakes have viral potential, as they quickly spread and influence a significant portion of the common public.
One of the potential biggest changes compared to the previous elections is the accessibility of AI has significantly grown, and the cost of access to AI technologies, primarily related to the manipulation of digital media, permits non-resourceful players to jump in. The line between manipulation and jokes will be very thin, and the costs of potential misinformation campaigns are affordable to ordinary people and the SMB segment, not just large corporations and state-sponsored actors. This gives significant opportunities to conduct False Flag operations and have initial investigations exposed to individuals and small business entities instead of governments who may be looking to orchestrate this.
Learn more in our blog, "Deepfakes and AI-Driven Disinformation Threaten Polls "
Before you go:
Check out our newest episode of Trend Talks Biz Sec where Jon Clay, VP Threat Intelligence, and Greg Young, VP Cybersecurity, discuss the Verizon Data Breach Report, RSA Conference, and More.
Watch here .
Smart Legal Coverage for Small Businesses | Solutions That Protect and Empower ??| Tap the App ??
5 个月Our IDShiled member plans include VPN Proxy One protection by Trend Micro. Im a member myself and wouldn’t be without it. Thank You Trend Micro!
Partner , DATABANK COMPUTER SERVICES and Databank Computer Maintenance
5 个月Nice