The Next Generation of AI-Powered Cybersecurity: An Interview with Cybersecurity Expert Marc Johnson
Cyberattacks are on the rise. In 2021 alone, cybercrime cost the world over $6 trillion, a number projected to increase to $10.5 trillion annually by 2025. As Marc Johnson , a senior cybersecurity advisor specializing in healthcare, says, attackers are often more willing to innovate with new technologies like AI, placing defenders at a disadvantage.
Connect with visionary leaders and innovative solutions. Join us on LinkedIn and become part of the conversation shaping the future of cybersecurity.
To gain insight into the current cybersecurity landscape and how AI can be leveraged safely and ethically, we spoke with Marc Johnson , who has over two decades of experience reducing risk across industries. Read on for Marc's thoughts on securing healthcare data, software supply chains, and AI model risks.
AI Adoption Outpacing Security Controls
"Today I would actually give the edge to the criminals. I would say that they are more reticent to stay in their old ways. They would rather be innovative and get out there, do new things. So that is allowing them to take advantage of these large language models… Versus most organizations are risk averse."
Be a pioneer! Join the first 100 visionaries co-designing cutting-edge solutions. Connect with us on LinkedIn and let’s shape the future together.
Marc believes threat actors are currently making better use of emerging technologies like AI, machine learning, and large language models. Their willingness to take risks with new attack vectors leaves defenders scrambling to implement security controls.
We've seen this dynamic play out with the rise of deepfakes as a social engineering tactic. Bad actors manipulated audio and video for credential theft before awareness and detection caught up. The rapid pace of AI adoption creates inherent security challenges.
"The biggest vulnerability is the person that's a part of my organization, right? And so we need to teach the individuals better hygiene in their personal lives with electronic information so that they can be better Stewards, not only of their own information, but for my company for my organization."
For Marc, education is key. Employees must develop security awareness in their personal lives to become organization stewards. @Cyberfame's AI assistants coach employees through security training and simulations tailored to their role and risk profile. This not only improves security posture but also saves the substantial time and money previously required for manual education.
Unleash the magic of AI in enhancing your team’s security posture. Book a demo with our specialists to experience real-time, AI-powered security insights
.Software Supply Chain Compromises Rising
Attacks targeting the software supply chain increased by 700% in 2022, an alarming figure projected to rise further in the future. When widely used software or dependencies like Log4j contain vulnerabilities, the potential blast radius is massive. We asked Marc his thoughts on securing the supply chain.
"First and foremost is, you have to have an information security program. And then I want to stress that the program is the guardrails for how the technology executes. So, technology tools. They're fine, they're great, they're dandy, they change quite often and sometimes that goes from one hot vendor to another hot vendor. But if the program is solid, then you continue to drive towards the same goal and have the outcomes that you really enjoy and need. So from an overall perspective, if you're not governing how you bring third parties into your organization, that's a huge problem."
For Marc, it all starts with a mature security program and vendor risk management. Understanding third-party connections and risk tolerance allows smarter business decisions. @Cyberfame lets you visualize your software supply chain relationships via an interactive graph. Our AI scans dependencies and components for vulnerabilities in real-time, alerting you to critical risks.
Your supply chain is visualized and secure. Book a demo to explore how our AI unveils and mitigates hidden vulnerabilities.
领英推荐
We also discussed the difficulty of tracing transitive open-source dependencies:
"I have to know who I'm doing business with. And, is there security posture the same as mine? So I need to be questioning them periodically, not just initially. When I start to think about doing business with them, I need to do it annually. I need to make sure that I understand what that software bill of materials looks like, so that I realize that they’re using an open source library, like log4j. I need to understand and know that that is my risk rather than blindly just trusting that they're going to do everything, great on my behalf."
Continuous vendor evaluations and software composition analysis are crucial. CyberFame.io lets you instantly view all components and dependencies to make informed risk decisions. Our AI scans catch vulnerabilities on any level of the supply chain.
AI Model Risks Require Safeguards
Large language models like ChatGPT show incredible promise across industries if deployed safely and ethically. However, public models trained on unfiltered data entail major risks:
If you are sharing PII (Personal Identifiable Information) and PHI (Protected Health Information) and intellectual property in your data set, then that’s a No-no. You will be liable. We have got to trust the government is going to put regulations in place to protect citizens. However, we, as an industry, need to stand up and say no. Don’t go that far as a matter of self-regulation. We need to require attestation, as an industry, that you are doing the right things to protect PII, PHI, etc. within the large language models. If that attestation is found to be false, there will be consequences."
Marc believes the cybersecurity industry must self-govern the use of AI via standards and agreements. Technologies like ChatGPT should attest to keeping sensitive data private. Those who expose intellectual property or violate regulations must face consequences
Incentivizing the Shift to AI-Powered Security
Despite AI's advantages, many view cybersecurity as a cost center inhibiting adoption. Marc shared his vision for making the business case:
“If you choose the secure path, then your insurance should be less. And that’s where, again, I get back to that risk. If we’re sharing the risks and how we’re mitigating & assigning those risks with insurance carriers…you don’t have to share all the details of the risk… But you have to get the insurance carriers to provide breaks for doing the right thing. So, it’s that ‘give them something sweet’ to incentivize them to do the right thing. The insurance companies are underwriting the risk to the organization. If they recognize the mitigation, that offsets the assignment risk for them.”
Cyber insurance incentives make AI security investments more attractive. @Cyberfame's risk-based approach already reduces premiums by intelligently automating processes. Our assistants continuously improve security posture. Contact us today to transform cybersecurity from a cost center into a revenue driver.
Stay ahead with insights that empower. Subscribe to our newsletter for the latest trends and innovations in AI cybersecurity.
Key Takeaways from Marc Johnson's AI Cybersecurity Insights
Marc Johnson provided invaluable perspective into overcoming today's security challenges with ethical AI:
At CyberFame.io , we're committed to building trust through AI designed exclusively for good. Our dynamic Graph is an interactive and AI-driven Software-Bill-of-Materials (SBOM) that enables you to make security decisions easier and protect faster - taking your security to the next level. We go beyond detection to prevent attacks before they occur via:
Let our AI assistants become your first line of defense. Check out our prototype and get in touch with us to learn more.
It's a great pleasure to have you featured in our CISO Interview,?Marc Johnson. Thank you for sharing your insightful ideas.