One of the first questions to ask a Chief Information Officer or an IT security manager today goes something like this: what is the final goal of all the cybersecurity solutions installed in the company? The obvious answer should focus on the protection of critical data, networks, applications, end points and everything that makes up the nervous system that makes the organization work. A more in-depth interpretation of the issue, promoted by Gartner experts and endorsed by Deryck Mitchelson Head of Global Ciso at Check Point (as well as C-Suite Advisor for the EMEA area of the Israeli company and a leading figure in the European digital security panorama ), instead leads to this conclusion: the ultimate goal of all security platforms is to provide Chief Information Security Officers, and other business leaders, with complete visibility and actionable intelligence across all IT assets. What this means in concrete terms? That artificial intelligence is the basis of this concept, because it constitutes a fundamental element of a collaborative security platform, based on the cloud and on the capabilities of algorithms and large format language models. To fully exploit the benefits of conversational AI agents, in other words, the various components of the cybersecurity architecture must jointly feed the learning model with relevant data, through a unified approach.
Gen AI changes the way we defend…
The scope and complexity of the systems they are called upon to protect makes the role of CISOs increasingly challenging: from attacks by cybercriminals not only a (small) perimeter infrastructure must be defended but every application that resides in the cloud, every device, every server, every link of the corporate connectivity system. And then, as Mitchelson explained to Sole24ore.com, there is artificial intelligence, “which has suddenly brought the risks linked to the loss, confidentiality and ownership of data to a new level. Gen AI will be used everywhere and companies have understood that they must manage it, finding a balance between the advantages that this technology can provide and the greater dangers it brings with it.” And it is therefore no coincidence that Check Point has recently pushed the accelerator by launching its flagship product for generative AI (Infinity AI Copilot) precisely in the name of the collaborative security paradigm
… and to attack.
The new generation artificial intelligence, this is the clear message coming from the CISO of the Israeli company, is able to understand and understand very quickly and for attackers this means being able to identify potential vulnerabilities of an organization more quickly, consequently increasing the chances of success of the attack, and making it easier to write and compile new malware. And if, as mentioned, there is no shortage of advantages that companies can derive from the use of Gen AI tools in the cybersecurity field, the focal point of the issue remains the quality of the data used to train the LLM models. “The use of this technology for the development of applications or websites – underlines Mitchelson in this regard – is something fantastic but leaves open the door to the risk of importing vulnerabilities or malware if the quality and relevance of the data used to train the algorithms it is not adequate. It is therefore vital to make sure that the piece in the middle is protected, this is my main concern. The level of AI-driven and enhanced cyber threats is increasing because threats are changing thanks to AI, and our job is to solve these threats before they reach their destination.” The use of generative technologies (such as AI Copilot, in the case of Check Point) promises a better understanding of the threat landscape and risks (including behavioral ones) to take into account when configuring systems but, as Mitchelson reiterates, we are only at the beginning of this process. And if artificial intelligence is already able to block “zero-days” attacks today and will gradually improve and continue to improve, it cannot be forgotten that attackers will use the same technology, and will consequently improve their attack techniques .
The priorities of Cio and Ciso
As regards the two key roles called upon to manage the new frontier of cybersecurity, the characteristics required of Cio and Ciso to play this game are, according to the Check Point manager, significantly different. For the former, the priorities related to safety have in fact not changed (even if safety is changing). We start with constant and constant support to the business to achieve company objectives: compared to the recent past, there is a growing demand from companies to adopt a greater number of new emerging technologies to improve performance and if up to two/three years ago the focus was on the cloud today we talk about AI, Gen AI and machine learning. Equally important, for Chief Information Officers, is the contribution to be guaranteed to create a more effective organization from an operational point of view through the complete digitalisation of models and processes, to have the tools and information needed when needed. Finally, and if we want it is the absolute priority, the CIOs are asked to guarantee the highest level of security and resilience possible. More specific, however, is the list of activities that according to Mitchelson calls the CISOs into question, starting with reducing IT risks on data and systems and to do so in the most effective way possible from an operational point of view, in relation to the fact that security teams are leaner than in the past and only in the presence of architectures designed to prevent and remediate intelligently to threats, the problem of the lack of skills and talents in the cybersecurity field can be overcome. The third priority on the CISO table finally leaves the technical sphere and embraces the regulatory one: the risk of incurring legal disputes in the event of litigation due to a cyberattack and the need to ensure the board carries out correct “due diligence” to prevent and manage a accident is one of the main concerns for these figures, who are no longer called to wear just a technological role but that of an all-round safety enabler, including the regulatory field.
#friend #enemy #security #find #balance
2024-03-18 04:09:04