One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8396640 |
| Date de publication | 2023-10-17 10:00:00 (vue: 2023-10-17 10:08:28) |
| Titre | Réévaluer les risques dans l'âge de l'intelligence artificielle Re-evaluating risk in the artificial intelligence age |
| Texte | Introduction It is common knowledge that when it comes to cybersecurity, there is no one-size-fits all definition of risk, nor is there a place for static plans. New technologies are created, new vulnerabilities discovered, and more attackers appear on the horizon. Most recently the appearance of advanced language models such as ChatGPT have taken this concept and turned the dial up to eleven. These AI tools are capable of creating targeted malware with no technical training required and can even walk you through how to use them. While official tools have safeguards in place (with more being added as users find new ways to circumvent them) that reduce or prevent them being abused, there are several dark web offerings that are happy to fill the void. Enterprising individuals have created tools that are specifically trained on malware data and are capable of supporting other attacks such as phishing or email-compromises. Re-evaluating risk While risk should always be regularly evaluated it is important to identify when significant technological shifts materially impact the risk landscape. Whether it is the proliferation of mobile devices in the workplace or easy access to internet-connected devices with minimal security (to name a few of the more recent developments) there are times when organizations need to completely reassess their risk profile. Vulnerabilities unlikely to be exploited yesterday may suddenly be the new best-in-breed attack vector today. There are numerous ways to evaluate, prioritize, and address risks as they are discovered which vary between organizations, industries, and personal preferences. At the most basic level, risks are evaluated by multiplying the likelihood and impact of any given event. These factors may be determined through numerous methods, and may be affected by countless elements including: Geography Industry Motivation of attackers Skill of attackers Cost of equipment Maturity of the target’s security program In this case, the advent of tools like ChatGPT greatly reduce the barrier to entry or the “skill” needed for a malicious actor to execute an attack. Sophisticated, targeted, attacks can be created in minutes with minimal effort from the attacker. Organizations that were previously safe due to their size, profile, or industry, now may be targeted simply because it is easy to do so. This means all previously established risk profiles are now out of date and do not accurately reflect the new environment businesses find themselves operating in. Even businesses that have a robust risk management process and mature program may find themselves struggling to adapt to this new reality. Recommendations While there is no one-size-fits-all solution, there are some actions businesses can take that will likely be effective. First, the business should conduct an immediate assessment and analysis of their currently identified risks. Next, the business should assess whether any of these risks could be reasonably combined (also known as aggregated) in a way that materially changes their likelihood or impact. Finally, the business must ensure their executive teams are aware of the changes to the businesses risk profile and consider amending the organization’s existing risk appetite and tolerances. Risk assessment & analysis It is important to begin by reassessing the current state of risk within the organization. As noted earlier, risks or attacks that were previously considered unlikely may now be only a few clicks from being deployed in mass. The organization should walk through their risk register, if one exists, and evaluate all identified risks. This may be time consuming, and the organization should of course prioritize critical and high risks first, but it is important to ensure the business has the information they need to effectively address risks. Risk aggregation Onc |
| Notes | ★★★★ |
| Envoyé | Oui |
| Condensat | ability able above abused access accordingly accurately actions actively actor adapt added addition additional address adhering advanced advancements advantage advantage—it advent affected afford against age aggregated aggregation all also always amending analysis any appear appearance appetite appropriate are artificial assess assessment assessments assistance attack attacker attackers attacks attention aware awareness barrier basic because been begin being best between blog both breed built business businesses businesses’ but can cannot capable case chain challenges change changes chatgpt circumvent clicks combined comes common competitive completed completely compromises concept conclusion conduct connected consider considered constant consuming controls cost could countless course created creating critical current currently cybersecurity dark data date definition deployed determined developments devices dial different digital discover discovered discussing doing doubly due earlier easy effective effectively effort elements eleven email emergent encompassing ensure ensuring enterprising entry environment equipment established evaluate evaluated evaluating even event evolving execute executive existing exists exploited factors fill finally find first fits formal foundation frameworks from frontier geography given goes governance greatly happy harness has have high horizon how however identified identify ignore immediate impact imperative important include included including: individuals industries industry information informed input integrate intelligence internet introduction just knowledge known landscape language learn level light like likelihood likely lunch made malicious malware management mass materially mature maturity may means method methods minimal minimum minutes mobile models more most motivation multiplying must name near necessity need needed new next nor not noted now numerous of: offering offerings official once one ongoing only operating options organization organization’s organizations other out outlined parallel personal phishing place plans please powerful practices preferences presentation prevent previously prioritize prioritized process profile profiles program proliferation properly protect publicly questions raises rapidly reality reasonably reassess reassessed reassessing recent recently recommendations reduce reflect register regularly related require required reshaping review reviewed risk risks robust rulings safe safeguards saying sec security see sessions several shifts should significant simply size skill solution some soon sophisticated specifically state static step struggling such suddenly sufficient support supported supporting take taken target’s targeted team teams technical technological technologies term them themselves therefore these threats through throughout time times today tolerances tools traded trained training treatment turned understanding unlikely use used users vary vector vital void vulnerabilities walk way ways web what when whether which will within workplace yesterday |
| Tags | Malware Tool Vulnerability |
| Stories | ChatGPT |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.