Negating AI cyberattacks with defense in depth
How to avoid AI cyberattacks with defense in depth
In recent years, cyberattacks continue to grow nearly exponentially year over year. This intensity will only increase with sophisticated technologies such as generative AI in the hands of threat actors.
In 2023, security experts reported a staggering 75% increase in cyberattacks - 85% of which were caused by Generative AI. Relentlessly fast and precise, GenAI cyberthreats automatically determine optimal attack strategies, self-modify code to avoid detection, and launch automated attacks around the clock in a completely automated way.
For businesses to defend against these enhanced attacks, they must find a way to leverage AI themselves. But it’s not as simple as fighting fire with fire - AI cybersecurity tools are also vulnerable to attacks, with even the slightest interference with datasets or inputs risking system failures. Businesses cannot rely on a single solution to meet the rising level of AI cyberthreats, especially when the full extent of their capabilities is yet to be determined. The only way through this growing security emergency is with proactive security planning that provides multiple contingencies for preventing, detecting and eliminating cyberthreats across overlapping security tools and protocols. This comprehensive approach is known as defense in depth.
The list of vulnerabilities that cyberattacks can exploit is a long one. LLMs are particularly good at quickly identifying these weak spots, like zero-day vulnerabilities. These particular vulnerabilities can quickly become single points of failure that can be used to bypass existing security measures, opening the floodgates for threat actors to send cascading failures through cybersecurity infrastructure and gain extensive access to business systems.
Cybersecurity teams should be operating on the assumption that all software and hardware in use contains bugs that can be exploited to access business systems, whether in their own IT infrastructure or third-party services. For this reason, businesses cannot rely solely on any one security defense but employ more in-depth and layered security defenses.
CIO and CISO at Vonage.
The defense in depth philosophy
Defense in depth focuses on three key levels of security: prevention, detection and response. It prioritizes the ‘layering’ of multiple defenses across these levels to extensively protect all security controls, including both tools and best-practice procedures across staff teams.
Technical controls such as firewalls and VPNs, administrative and access controls such as data handling procedures, continuous security posture testing and monitoring, and security documentation, and even physical controls like biometric access, must all be accounted for. If one tool or approach proves to be inadequate, another will be there to back it up - that is why the philosophy is also known as defense in depth. It ensures that there are no single points of failure in a business system, guarding against complete disruption if a component malfunctions.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The key principle is that these three levels work together: if prevention fails, detection can identify the threat. If detection fails, a strong response can limit the damage.
It is a dynamic solution, not a static one. The goal for cybersecurity teams is to create a live, responsive ecosystem that can be easily assessed and adapted. Reporting measures and regular testing protocols are a must for any cybersecurity strategy, but especially for defense in depth, which entails a wide variety of tools and processes that are easy to lose track of. What works today may not work tomorrow, especially with the rapid developments of AI cyberthreats.
For a defense in depth approach to be successful, cybersecurity teams must choose their tools carefully and strategically.
The need for diverse tools
Diverse tools are key to establishing defense in depth. While AI is now a must-have for every cybersecurity strategy, it would be unwise to stack your defenses with only AI software, as they will all be vulnerable to similar types of attacks (such as adversarial attacks, which entails feeding AIs incorrect data to encourage incorrect behavior).
Diverse cybersecurity strategies prevent attackers from exploiting a single system vulnerability, slowing down even AI-enabled attacks so that they can be identified and eliminated before systems are compromised. For example, data protection practices should include not only encryption, but additional fortifications such as data loss prevention tools, as well as processes for data backup and recovery.
Businesses should also utilize as much of their own data as possible when forming their cybersecurity defense in order to create tailored AI tools that can more effectively determine unusual user behavior or network activity than an external AI tool could.
Naturally, tools should be chosen in accordance with a business’s system and operations - for example, businesses with critical online services may employ more defenses against DDoS attacks.
Invest in staff training
Educating system users on the importance of data protection and authentication is equally important. A network monitoring tool can detect a threat, but user education and processes will strengthen diligence around credential data protection, for example by preventing shared passwords and encouraging the use of single sign-ons or two-factor authentication, leading to fewer attackers gaining unauthorized access in the first place.
Cybersecurity teams need to plan for all possible scenarios, including new or optimized attacks that have been enhanced by AI or other emerging technologies. It is crucial that teams are given the resources to research potential unknown threats and stay up to date with industry developments and emerging risks.
The most important takeaway is that, while no single security measure can be entirely foolproof, defense in depth provides a level of redundancy and resiliency that makes it much harder for an attacker to breach the system, so businesses don’t have to be helpless. The more organizations that adopt the defense in depth philosophy, the more difficult it becomes for threat actors to exploit the data of businesses and their customers.
We've rated the best identity management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://dhhongbanguniversity.site/news/submit-your-story-to-techradar-pro
CIO and CISO at Vonage.