Microsoft Copilot for Security , Next-Generation Technologies & Secure Development
Transforming Cyber With AI: Insights From Microsoft Experts
Microsoft's Vasu Jakkal, Others Dive Into AI's Dual Role in Cyber Defense, OffenseThe dawn of generative AI offers both groundbreaking ways to strengthen defenses and new challenges tied to the speed, scale and sophistication of attacks.
See Also: GDPR & Generative AI: A Guide for Customers
Organizations must grapple with a tenfold increase in identity-related attacks while also dealing with a massive volume of password attacks happening every second, warned Vasu Jakkal, corporate vice president for Microsoft's security business. It now takes just two minutes from when a user clicks on a phishing link to when an attacker gets access to their inbox and less than an hour for a hacker to escalate privileges.
"The barriers to entry for being an attacker have dramatically reduced," Jakkal said during a press event. "Anybody can be an attacker today. It's super easy to launch these attacks. And there's a community of attackers working together with each other."
How Adversaries Have Raised the Bar With Generative AI
Jakkal told Information Security Media Group that attackers use AI to become more efficient, particularly with reconnaissance, coding and finding vulnerabilities, as well as to increase the number of techniques they're able to use. As a burgeoning gig economy for cybercriminals facilitates easier attack launches, Jakkal said, organizations must transform their security strategies to fight these evolving threats.
Attackers are using AI to become more proficient by writing better malware, exploiting the defense's weaknesses and more effectively bypassing the controls defenders have put in place, BP Vice President of Cyber Defense Chip Calhoun told ISMG. The shift by threat actors to more sophisticated techniques underscores the need for equally advanced defense mechanisms, he said.
Microsoft collaborated with OpenAI to publish intelligence on how threat actors are using AI to help organizations understand and more effectively mitigate AI-driven threats, Microsoft Chief Cybersecurity Advisor Bret Arsenault wrote in a report last month. In addition, nation-state actors exploit AI for their own attacks and focus on intelligence gathering and enhancing cyber operations, Microsoft said.
"State-affiliated adversaries - tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon - [are] using LLMs to augment cyberoperations," Microsoft said in its Cyber Signals report last month.
From a fraud perspective, Microsoft found that voice synthesis and identity proofing are two of the most significant emerging threats and will require vigilant security measures to counteract. Something as innocuous as a three-second voicemail greeting is sufficient for training a generative AI model to sound like that person, according to Microsoft.
Microsoft Copilot for Security Means the Good Guys Have a Chance
Like attackers, defenders can also use artificial intelligence to enhance their efficiency through offerings such as Copilot for Security, which Jakkal said combines ChatGPT-like technology with Microsoft's security capabilities to address the evolving threat landscape. Copilot for Security combats the escalating threat landscape by speeding up and redefining threat detection and response, according to Jakkal.
While AI is used by both defenders and attackers, tools such as Copilot for Security give defenders an edge by leveraging Microsoft's vast data and resources, said Mona Ghadiri, BlueVoyant's senior director of product management. Tools such as Copilot for Security allow defenders to maintain a strategic and competitive edge in the face of increasingly sophisticated attacks, she said.
"Bad guys are using AI just like the good guys are, and from our perspective, having things like Copilot for Security means that the good guys have a chance," Ghadiri said.
Artificial intelligence can help organizations defeat cyberattacks at machine speed by making threat detection, hunting and incident response more efficient, Arsenault said. Thwarting AI-enabled attacks will require employee education, keeping abreast of social engineering tactics, further enablement of multifactor authentication and leveraging generative AI security tools for defensive purposes, Microsoft said.
"With AI, we have the power to adapt alongside evolving threats, detect anomalies instantly, respond swiftly to neutralize risks, and tailor defenses for an organization’s needs," Arsenault said.
One significant use of generative AI for BP's security team has been to reverse-engineer malware, which Calhoun said has made the malware analysis process much faster. Meanwhile, Sealed Air has leveraged AI to use the company's existing data more effectively and integrated AI strategies as a core part of the firm's security programs, said Torrell Funderburk, executive director of cybersecurity architecture.
Generative AI can help with both understanding trust boundaries and extending them securely to third-party platforms, Funderburk said. Integrating generative AI into security strategies enhances capabilities around security operations, he told ISMG.
"With products like Copilot for Security, you can leverage that as a linchpin to build out your AI strategy as a core function of that and then build out your program," Funderburk said.