The boom in generative AI has exposed small and medium-sized enterprises (SMEs) to the unique challenge of AI-powered cyberattacks, overwhelming up-and-coming companies.
At a recent US Congressional hearing, a group of cybersecurity experts from leading organizations including IBM, Hitachi, Protect AI, and SentinelOne highlighted the increasing scale and effectiveness of cyberattacks facilitated by generative AI. did.
Experts have expressed concern about the impact on small and medium-sized enterprises (SMEs), speculating that the growing use of AI applications by both private companies and cybercrime organizations may be driving the rise in threats. ing.
Also read: Nintendo cancels esports events in Japan amid growing safety concerns
According to the article, tech monitor, SentinelOne Chief Trust Officer Alex Stamos highlighted the vulnerability of small and medium-sized businesses to cyberattacks. Small businesses have a hard time protecting themselves from hackers, he said.
Stamos feels that in the fight against cyber threats, “we're kind of losing.”
He pointed to hacker groups such as BlackCat and LockBit, which he believed had special capabilities previously associated with state-backed groups such as Russian intelligence services.
a Sage's Questionnaire A report released in October found that almost half (48%) of small and medium-sized businesses have experienced at least one cyber incident in the past year.
Stamos also highlighted concerns about the ability of future malware software to detect vulnerabilities in systems, even air-gapped ones, and bring down the grid.
The expert also criticized recent incident reporting requirements imposed by the Securities and Exchange Commission (SEC), arguing that the mandated 48-hour reporting period complicates effective cyber defense.
“Typically, 48 hours later, you're still in a knife fight with them,” Stamos said.
Stamos pointed to recent incidents in which the Black Cat cybercriminal organization abused reporting processes, announcing that hacked companies were reported to the SEC for failing to promptly disclose breaches.
'SolarWinds moment' could be repeated
ProtectAI CEO Ian Swanson called on industry leaders to take concerted steps to resolve systemic security issues related to AI and machine learning (ML) services. To uncover security vulnerabilities specific to machine learning (ML) products and services, Swanson proposed developing a “machine learning bill of materials” standard.
“Manufacturers and consumers of AI systems need to deploy systems that provide the visibility they need to quickly and easily see threats deep within their ML systems and AI applications,” Swanson said. Masu.
He cited software supply chain attacks in 2020 and warned about future attacks. “Solar Winds Moment” Called for increased federal investment in best practices for ML applications and standardized security standards for open source AI/ML software.
Focus on strengthening cybersecurity education
“Bad things are going to happen. If you look at the solutions that are generally on the market, the majority of them are on the front end of that loop,” said Debie Taylor Moore, vice president of global cybersecurity at IBM Consulting. I am.
“The backend is where we really need to focus on how we prepare for the onslaught of how adversaries use AI creatively.”
She also emphasized the need to focus on cybersecurity education and the resilience of companies targeted by hackers. According to her, politicians have an important role to play in implementing this.
Moore emphasized that while cyber threats are inevitable, the key lies in how companies rebuild after a data breach.