COMMENT
Can Adaptive Zero Trust truly prevent AI-generated cyber attacks?
Implementing a Zero Trust framework to secure data and infrastructure has become increasingly prevalent in digital transformation.
The digital transformation era has yielded innovation beyond what would have been society's wildest dreams a few decades ago.
If you told someone in 1993 that we'd download media in seconds in 2023, they'd have scoffed. Yet, here we are, no longer at the whim of television network schedules or radio playlists. Worldwide, people download and consume content at the drop of a hat.
Moreover, people can now pay for their transactions with their phones, using tools like Venmo. Who needs credit and debit cards anymore? On a similar note, iPads virtually eliminated the overreliance on cash registers in the restaurant industry–they’ve also proved crucial in inventory tracking.
In the same vein as iPads, let’s not forget how iPhones have changed how we engage with telecommunication devices.
Think about what the iPhone did for us: Our phones went from machines we spoke into to devices we rely on for almost all aspects of our lives.
Among these many disruptive, game-changing innovations is the introduction of artificial intelligence into our day-to-day living. The watershed moment for AI’s mainstream disruption is likely Google Assistant, going above and beyond its predecessors, Siri and Alexa, regarding capabilities.
Recently, AI has taken another step forward with the launch of ChatGPT in November 2022. Much like the iPhone, it appears like generative AI will be a ubiquitous driving force in society moving forward–for better and for worse.
Our phones went from machines we spoke into to devices we rely on for almost all aspects of our lives.
What threats does Generative AI pose?
Generative AI is a complex topic with many facets to weigh. The positives are vast–the productivity prospects are downright mouthwatering for people and businesses alike.
At the press of a few buttons, generative AI accomplishes what would’ve taken hours or weeks manually. For instance, it takes ChatGPT about ten minutes to churn out two well-written college admissions essays based on two students’ specific backgrounds. Similarly, the Writer’s Guild recently proposed that ChatGPT should be able to write scripts in the future if the person who entered the prompts receives credit.
With all this said, the ability to perform complex tasks in mere moments can embolden the wrong people. For instance, experts believe that a tool like ChatGPT has vastly lowered the bar for bad actors to write harmful malware.
Furthermore, generative AI makes creating seemingly authentic business email compromise (BEC) messages easier. The malicious usage of deep fake audio and video will also increase–a growing concern since many devices rely on face and voice recognition.
Due to these cyber threats' all-encompassing, high-risk nature, many experts believe an adaptive zero-trust stance is the only solution.
What is Adaptive Zero Trust?
Traditional Zero Trust cybersecurity frameworks are as untrusting (and practical) as they sound. Regardless of their involvement in an organisational network, all users must always be authorised, authenticated, and constantly validated for security posture and configuration to receive and maintain access to data and apps.
Zero Trust assumes there’s no traditional network edge, whether localised, cloud-based, or hybrid.
Implementing a Zero Trust framework to secure data and infrastructure has become increasingly prevalent in digital transformation. The approach addresses remote work security, ransomware threats, hybrid cloud environments, and other modern business challenges.
With Adaptive Zero Trust, the idea is for businesses to evolve with internal changes (e.g., new employees and promoted staff with added permissions) and external environments (e.g., risk landscape changes and IT-based realities).
Adaptive authentication detects a user’s location, network, and device–as well as the device’s configuration.
An example of Adaptive Zero Trust is risk-based authentication. This method matches user credentials to the risk of a given data access authorisation request. Adaptive authentication ensures security measures remain robust without inconveniencing users.
Many challenges exist within Zero Trust implementation practices. Landmines existthat heighten risks. In response, adaptive authentication detects a user’s location, network, and device–as well as the device’s configuration. Furthermore, the user can also be verified by policy checks from the established content.
Crucial elements of Adaptive Zero Trust
Knowing you need to take an Adaptive Zero Trust approach to stave off generative AI cyber threats is one thing. Knowing the appropriate steps to implement these protocols is a different story and is easier said than done.
Keeping the previous sentiments in mind, here are a few pivotal points to keep in mind as you begin your evolution toward Adaptive Zero Trust:
As companies shift to a multigenerational edge and hybrid IT infrastructure, narrow nets leave the side door open to malicious actors.
- A continuum of rights must exist throughout organisations to verify everything before granting access to sensitive and valuable assets. Added insights and visibility will help security professionals seamlessly remove, add, and adjust privileges as needed.
- Adaptive Zero Trust calls for a wide net to be cast to offer 360-degree visibility. Machine identities and continually-expanding accounts require as much (if not more) focus than individuals. As companies shift to a multigenerational edge and hybrid IT infrastructure, narrow nets leave the side door open to malicious actors.
- Privilege/access requirements, policy changes, and new threats continue evolving and emerging while risk scores remain in flux. Behavioural analytics and contextual awareness can be leveraged by companies to help them better detect, anticipate, and take corrective actions. For example, cybersecurity pros require the appropriate tools to modify authorisation when one employee logs in from two continents simultaneously.
- Businesses must continue to protect themselves as the threat landscape evolves. Thus, new functionality must be added as needed without disrupting business functions. Exposing and adapting newer processes requires businesses to incorporate converged platforms as an identity security practice. From there, these companies can immediately address access management obligations while, in the long term, capitalising on additional capabilities (e.g., privileged access management).
AI cybersecurity versus AI cyber threats: an ongoing battle
AI-based Adaptive Zero Trust tools use machine learning to respond, flag, and adapt to threats and vulnerabilities proactively and in real time.
Moreover, AI-based defence tools like Microsoft's Security Copilot are entering the consumer market, which helps teams by actively monitoring internal networks. It compares these networks to Microsoft's current security knowledge base.
Note how humans must be at the helm of related systems, processes, and infrastructures for these tools to work at their best.
As humans embrace approaches like Adaptive Zero Trust, our AI-powered tools will become more effective in staving off the cyber threats presented by generative AI.