Recent congressional hearings have shed light on the growing concern of artificial intelligence (AI)-enhanced cyber threats, particularly for SMEs.
According to Cyberscoop, experts from the private sector, including Alex Stamos from SentinelOne and Ian Swanson from Protect AI, highlighted the increased efficiency and scale of cyberattacks facilitated by AI. Stamos emphasized the potential for AI-generated malware that could target critical infrastructures, even in air-gapped networks.
He pointed out the professionalization of criminal cybercrime groups and the technical sophistication they now possess, rivaling nation-backed hackers.
Additionally, Stamos advocated for small and medium businesses to shift to cloud-based solutions to enable collective defense and reduce individual organizational responsibility. He also urged the Cybersecurity Infrastructure and Security Agency (CISA) to implement an incident reporting regime for major cyber incidents, which is crucial for understanding the current threat landscape.
Ian Swanson stressed the importance of having a comprehensive inventory for AI to ensure visibility, auditability, and security. He proposed that the Department of Homeland Security create a machine learning bill of materials and support the open-source software ecosystem that AI depends on.
Debbie Taylor Moore from IBM Consulting highlighted the necessity for AI education and workforce development, particularly in critical infrastructure sectors. She advocated for sharing information about vulnerabilities and best practices to counter the risks posed by adversaries using AI.
“AI-generated malware won’t need substantial resources,” SentinelOne Chief Trust Officer Alex Stamos said. “That if you drop it inside of an air gap network in a critical infrastructure network, it will be able to intelligently figure out, ‘Oh, this bug here, this bug here and take down the power grid even if you have an air gap.’”
IBM Consulting Senior Partner and Vice President Debbie Taylor Moore stated, “Using AI to improve security operations is also not new. But both will require focus and what we need today is urgency, accountability and precision in our execution.”
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst
