AI security for leaders: Tips to protect your organization

At this point, we know AI is changing the cybersecurity game. But what really makes the technology a threat? And how can you keep your organization safe? 

Pluralsight cybersecurity experts Bri Frost and Justin Korkiner explain what leaders need to know about AI security and how to help teams develop skills to mitigate evolving threats.

Fear permeates cybersecurity, and AI introduces yet another layer of uncertainty. 

You can’t eliminate fear. But you can reduce panic by understanding the difference between real threats and false ones. When you do, you help your teams reduce stress and learn the techniques they need to protect against real vulnerabilities.  

“AI isn't inherently malicious,” says Justin. “Its impact depends on the intent of the user. By understanding that misconception, organizations can focus on meaningful mitigations and not let fear drive the decisions.”

Threat actors can use AI to automate and scale attacks or spread misinformation rapidly. In other words, it improves attackers’ speed and efficiency.

What it doesn’t do is create a new category of threats on its own. At the end of the day, AI still requires human intelligence. 

“Some people believe AI can autonomously create and spread malware, but that's really not the case. It still requires human input and orchestration,” says Justin.

Right now, AI is benefitting attackers more than defenders. But you can still use it to improve your organization’s cybersecurity stance if you treat it as an additional layer of defense on top of existing practices. 

“AI can help cyber defenders find alerts and find rules and detections quickly,” says Bri. “Utilizing AI to make that defense mechanism stronger is in its infancy. So we need to focus a lot of our research on pulling that into our defenses and making sure our security controls are in place, not relying on AI to do that.”

Yes, AI can pose a threat to your organization. But it isn’t the only threat you should care about right now.

“I want to make sure that we're really focusing on the types of attacks, techniques, and tactics that are really hitting organizations right now, like supply chain, particular types of threat actors, and living off the land binaries,” says Bri.

Rather than focus on buzzwords like “AI-powered attacks,” organizations should make sure their defenses are tested, relevant, and hitting the right measures to protect against these threats.

Learn how to separate true cybersecurity risks from hype.

So, what does it actually take to mitigate AI-related threats in your organization?

When confronted with new technologies and vulnerabilities, it can be tempting to wait for government regulations, policies, and laws before taking action. 

“I don't know about you, but I don't know a lot of attackers that really like to abide by the law. I think ransomware is still illegal, and yet we see that happening day in and day out in the industry, right?” says Bri. “It's in our hands right now to make sure our critical security controls are tested, in place, and have multiple layers of defense.”

Network microsegmentation involves splitting networks into multiple segments that are separate from each other. Work with your security teams to implement microsegmentation and protect your data.

“If you have multiple areas where there's really sensitive information stored, [microsegmentation] makes sure that if that aspect of the network is targeted, hit, or breached, they can't pivot and laterally move across your network to other additional sources and assets,” says Bri.

Pull cybersecurity teams into AI adoption conversations before making purchases. 

“Leaders need to ensure that innovation doesn't outpace security oversight, so collaboration is as important as ever,” advises Justin. “Security teams need to be involved early in those conversations and just be in the room while you're making these AI decisions. It's going to allow them to help identify and mitigate risk proactively.

It’s also important to assess AI vendors against your existing security tools and policies. How will they help your security and operations teams? How do they stack up against your risk management policies?

“You want the vendor that's kind of cutting edge and is selling all these new types of capabilities, but at its core, where does that balance in your risk management policy and your risk management strategy?” asks Bri.

“An informed staff is really your best offense against mitigating any risk in the future,” says Justin. “Put the effort in to learn about the tactics and techniques that are being utilized. Find a way to emulate them in your environment so your staff can train on those. Nothing's worse than having an incident and having no planned response, or believing you have a planned response and it just goes by the wayside because no one's ever put it into practice.”

The skills teams need to respond to today’s threats will vary based on their role. For security operations and security practitioners, consider:

• Threat intelligence: What techniques are attackers using? What tech tools are they using? Knowing this information will make defenders better. Open source tools and other cybersecurity resources share useful information on how cyber attackers are getting around organizations’ defenses.
• Emulation, pen testing, or internal red teaming: Act like an attacker to test each of your controls and defenses and ensure teams are prepared. Crisis simulations and exercises where you push your security controls to the limit can help teams stop attacks or understand where in your network to find them at the earliest point of breach. 
• Fundamental knowledge: Make sure security and IT professionals have underlying fundamental knowledge of how IT and networking systems work.

Explore threat intelligence, pen testing, and cybersecurity foundations learning paths for your security professionals. 

For non-technical employees, build their awareness of basic security concepts and practices like phishing. You can use tools to mimic phishing emails, test employees on social engineering tactics, and teach them email safety. 

Pluralsight’s Five Cybersecurity Essentials for Everyone course shares key security practices in less than 10 minutes. For a more comprehensive overview, something like Cyber Security Essentials: Your Role in Protecting the Company can be a good starting point for your employees. 

“Foster a culture of continuous learning around cyber security. It's vital to your organization's future and health,” says Justin. “Cyber threats are constantly evolving. They're rapidly changing every day, and it can impact both technical and even non-technical employees, so everybody needs to stay informed to help protect the organization.”

Learn how to solve the cybersecurity skills gap in your organization.