Last week I had the privilege of attending the 2023 Texas Cyber Summit. Dozens of speakers delivered over 180 hours of sessions on emerging cyber threats, tools, hunting, techniques and methodologies. I was honored to speak on the topic of Defending Analytical Models from Bias.
Texas Cyber Summit brings together industry, government, academia - all critical components to the advancement of cyber capabilities to address emerging threats and growing sophistication from adversaries. What was really exciting to see this year was day 3, where the sponsors provided free passes to students from highschool to college that are pursuing education in the cyber domain. Meeting them, hearing about their excitement and getting to listen to them ask questions in every session made the third day something special.
As with every year in cyber, our tools, threats and techniques advance in capability. This year saw an acceleration in both the threat and response landscapes. Both moved quickly to balance out advancements, often leveraging the same capabilities in different ways with diverging motives.
- Artificial Intelligence (AI) - AI is an exciting and terrifying advancement to the cyber community. AI brings new capabilities to understand diverse datasets, find threats and investigate incidents. AI simultaneously lowers the bar for an adversary to build new tools, craft compelling phishing emails and impersonate targets with impunity. The community is moving quickly to address the new threats being introduced by this two pronged dynamic.
- I have long worked at this overlap of cyber and analytics. It has often been a small sliver in an otherwise giant venn diagram. But with the excitement and rapid adoption of AI, we are seeing that sliver grow rapidly, with cyber practitioners looking very favorably on how these tools augment their roles and multiply their impact.
- Software Engineering as a Must-Have Skill - Many cyber practitioners have software engineering skills. However, they are far from the required skill to be hired today into many cyber and infosec organizations. This is rapidly changing. As our applications become more complex, organizations are undergoing their own digital transformation. As a result, technology teams continue to expand in scope. This demands that cyber teams meet or exceed the knowledge and skills of the teams they support. Cyber practitioners need to develop strong software engineering skills and apply them in their role, both to build defensive capabilities and advise application teams on proper security hygiene during development, deployment and operations.
- Underground Market Sophistication - The underground (often referred to as the dark web) market for tools, methods, credentials and money laundering is significantly lowering the barrier to entry for new adversaries and accelerating the time from data loss to full compromise of enterprise environments. The availability of tools coupled with the ability to apply Generative AI (GenAI) to tool evolution has significantly increased the risk for all organizations. This will continue to be a challenge for even the most sophisticated organizations as they see an increase in threats and decrease in dwell times.
- Removal of the Language Barrier - The language barrier is gone. The simple ability to read an email and determine if it is a phishing attack is no more. The large uptick of ChatGPT and derivatives has made crafting compelling and impactful emails possible for all attackers, regardless of location or primary language. Education of users will be that much more important to ensure they understand the risk of actions, and no longer rely on bad grammar as a primary indicator.
- User Training and Education - Following from the above, the need to educate users is increasing as threats from AI increase. Users continue to create the largest threat to the organization and our investment in training them on threats, actions and behaviors pay off through decreased risk to the organization. Inject creativity into this process, have users lead the training, gamify the activities and think about how security training can weave in with other corporate events to reinforce the importance next to adjacent corporate initiatives.
- Model Supply Chain - I have spoken before about the risk posed in our supply chain for analytical models and tools. With the rapid adoption of AI and machine learning (ML) we are seeing rapid adoption of open source tooling without fully assessing the risks and building mitigating controls. Many organizations are finding that the default installation of many open source tools for model testing, training and management fall below their organizational standards. Organizations must invest ahead of the curve to build awareness and knowledge of the risk posed by AI tools in their environment.
See you all in 2024 at the Texas Cyber Summit!