A Bigger, Badder Villain: How to Face the Advanced Threats of AI
by Tori Thurmond / March 14th, 2024
Every year in January, the KirkpatrickPrice team gathers in Tampa, FL for one of our biannual team meetings. This week is always a fun one where we get to reunite with our long-distance coworkers and discuss our goals for the new year. This January was no different. We had a great first week of 2024, but by Friday, some of us didn’t want the fun to end. We drove a couple of short hours to Orlando to spend the weekend in, you guessed it, the most magical place on earth. Disney World. Â
We rode some exciting rides, ate some delicious food, and loved getting to spend a little extra time with our team. I’m not ashamed to say that I finally understand the hype behind being a “Disney adult,” and when I returned home after our action-packed week, I watched a few old Disney movies to keep the magic going. One of these movies was Hercules, and before I knew it, I was thinking about AI.
Let me explain.
I don’t know when the last time you saw this masterpiece of a film was, but there’s an integral scene where Hercules faces a giant snake-like monster. When he slays the beast and thinks he’s won, the creature sprouts another head, and then another, and then another. Every time our hero cuts off the monster’s head, two more appear. I realized our current threat landscape is the monster, which, luckily, makes us Hercules. No matter how many threats we discover or how much mitigation and preparation we undergo, there are always new, bigger, badder threats.
And this problem has only gotten worse with the increase of AI technology. I think we all know by now that AI isn’t all bad or all good, but it definitely demands us to stay innovative and on top of new threats. However, one major problem with this increase of AI technology is the ability to create harder-to-detect threats.
Not only has AI allowed for craftier hacking strategies but it also allows for faster attacks at a larger scale covering a bigger scope. It used to be a little easier to spot a phishing email in your inbox, but with generative AI, messaging is getting better and more savvy. The already-scary threats are growing more and more heads, making it harder to keep our organizations safe.
From Zero to Hero: How Your Organization Can Stay One Step Ahead Â
I know what you’re thinking, “Great, not only do I have to keep battling with the monster hackers, but they are growing heads and becoming more challenging to defeat? How could I possibly defeat that?” It can feel really overwhelming to try to stay ahead of today’s ever-evolving threats when we don’t know what we’ll have to fight next.
To help, here are a few ways to combat AI-enabled threats:
1. Go back to what you know
Just because the threats are new, doesn’t mean everything you know about security goes out the window! Keep doing risk assessments, keep working towards compliance, keep performing regular software and policy updates.
Many compliance frameworks that you’re already adhering to require organizations to participate in security practices such as continuous vulnerability management, network monitoring and defense, email and web browser protections and more familiar practices that help keep your organization safe and secure.
New technology is scary, but stay vigilant and prioritize the basics. There will always be some new threat or technology on the horizon, so reminding yourself of the cybersecurity basics is essential. Check out this webinar recap if you’re interested in learning more about GenAI and security.
2. Create a cyber-aware culture
The less your people know about your organization’s cybersecurity, the more at risk your organization is. In today’s cyber landscape, security events are inevitable. However, a well-educated staff can help reduce and prevent damage to your business.
Take the time to train employees on how to spot and report suspicious activity. Let them know how important their vigilance is to the security of the organization. Create an environment where feedback and concerns can be voiced and properly addressed.
When creating a cyber-resilient organization, it’s important that upper-management also adopts a security-focused mindset. Investing in security awareness training is a great place to start when you’re working towards creating a culture of security and compliance. Other ways to keep members of your organization up to date on the latest threats and vulnerabilities that could affect your business is by sending out messaging regarding these new threats. What do GenAI phishing emails look like? What are some of the recent AI-enabled breaches that have occurred? By reminding your people what new threats are constantly entering the scene, you’ll reinforce an atmosphere of vigilance and awareness.
3. Create AI usage guidelines
In a similar vein to creating a cyber-aware culture, it’s important that employees know how or if they are allowed to use AI technology.
Are certain departments allowed to use GenAI technology for editing or brainstorming? If so, what information are they allowed to input into these tools? Are employees allowed to use free tools like ChatGPT, or are they only allowed to use more secure tools? If you’ve created your own GenAI technology, are you sure it’s as secure as it needs to be to keep your data secure?
There’s so much to think about when it comes to inputting company information into tools that are known for holding on and sharing data. And just think, if it’s that much to think about for upper management, your employees need guidance on the topic as well.
Some of your policies and procedures may already cover some guidelines that apply to AI technology, but it’s worth reviewing your documentation to make sure it covers everything it needs to as new threats and vulnerabilities continue to arise. If you do end up adding to existing policies or creating new ones, it’s important to inform your employees and make sure they understand any new or modified information.
Go the Distance with KirkpatrickPrice
“Go the Distance” isn’t only the title of the best track in Hercules, it’s also KirkpatrickPrice’s goal for you! “The Gospel Truth” is you’re not in this alone. Just like Phil, we’re ready to get you into threat-fighting shape. Even though threats continue to evolve and become more difficult to detect and defeat, with the right partner, you can achieve hero status.
We hope our tips on how to defend against AI-enabled threats were helpful, but if you still need help defending your org against the monster that is today’s threat landscape, connect with one of our experts.
