WithSecure’s Mikko Hypponen on Ethical Challenges for AI in Cybersecurity

Welcome to Team Cymru 's newsletter, The Future of Threat Intelligence.

Twice a month, we take deep dives from our podcast interviews with leading cybersecurity professionals and distill their insights right here for you.?

In our latest edition, we speak with Mikko Hypponen, Chief Research Officer at WithSecure, who shares his expert insights on how automation is revolutionizing detection and response strategies, such as being able to detect, craft a response, test it, implement, and share the response across the globe in mere minutes.?

He also discusses the ethical considerations surrounding AI, such as the groundbreaking potential of machine-generated content that can be used both to attack and to defend.?

Here are the top takeaways from the interview.?

#1: Prepare with Tabletop Exercises?

“Number one, tabletop exercises. Rehearse with your leadership team. What would you do if you would lose that data center, if you would lose these tools, if you would be hidden by ransomware, if you would lose all connectivity, if all the phone numbers in every phone in your organization get swiped, how do you carry on working? This is the only way to be ready for the thing that's eventually going to hit you, whether you like it or not.”

Actionable Takeaway: Conduct regular tabletop exercises with your leadership team to rehearse responses to critical scenarios like data loss, ransomware attacks, or complete connectivity outages. This preparation ensures you're ready to handle real crises effectively when they inevitably occur.?

#2: Ensure Organizational Visibility?

“Number two, visibility. Make sure you really know what's happening inside your organization. How many workstations do you have today? How many mobile phones are in your organization? Where are they? How many servers do you have operating? Where is most of your traffic going? Where is it coming from? This is the kind of visibility you need if you want to be able to detect when something unusual happens in your network.”?

Actionable Takeaway: Maintain comprehensive visibility into your organization's IT assets and activities. Keep accurate counts and locations of workstations, mobile phones, servers, and traffic patterns. This visibility is crucial for detecting and responding to unusual network activities promptly and effectively.?

#3: Test Your Recovery Processes

“Number three, recovery. We all plan ahead. We want to be able to recover our operations. We all take backups and test your recovery. Many organizations, for example, have been surprised about how long it takes to recover backups of all of their data. They might have everything backed up, but then recovery might take, for example, 15 days. Is it useful to you anymore? If it takes 15 days to recover, maybe not. So don't just take precautions. Also test the recovery in practice.”?

Actionable Takeaway: Regularly test your data recovery processes to ensure they meet your operational needs. Simply having backups isn't enough; verify the speed and efficiency of your recovery methods to avoid prolonged downtime and ensure business continuity.?

Listen to our latest episodes:

Team Cymru Website

YouTube

Apple

Spotify