A. Pabrai
ecfirst, Inc.,
United States
Keywords: AI, NIST, cybersecurity, governance, risk management
Summary:
Mirai, Japanese for “the future,” is already underway with cyber-attacks inclusive of generative Artificial Intelligence (AI) and Large Language Model (LLM). Are healthcare organizations and businesses prepared with an AI-fueled cyber defense? With the application of AI, threat actors can now generate targeted phishing campaigns or novel malicious code in seconds. Gen AI has changed the threat landscape and now makes it possible for attackers to deploy unique attacks at machine speed. Gen AI and other AI toolkits augment malicious actors at every stage of the cyber-attack kill chain. Enterprise cyber defense starts with an assessment of risk to assets and data in this new era of AI-powered cyber-attacks. NIST has published an AI Risk Management Framework (RMF) that enables businesses to frame the risks related to AI and identify a path to trustworthy AI systems. With the significant rise in AI cyber risk, organizations must, • Examine NIST AI RMF to offers a structured approach for organizations to manage and mitigate AI risks. • Understand ISO 23894, which provides guidelines for designing and deploying trustworthy AI systems among users and stakeholders. • Ensure ISO 42001 standard offers a framework for managing AI systems with governance, policies, risk management, compliance, performance monitoring, and continuous improvement. • Review the European Union AI Act, its requirements and risk classification areas. State of AI Risk We are at the early stages of attacks that are novel, sophisticated, and targeted – all created by generative AI, with speed and scale as the new normal. AI Cyber Future Starts Now Organizations need to implement AI cyber defense capabilities across the suite of enterprise security controls. Failure to adapt to the fast-changing dynamics of AI-based attacks will increase the risk of vulnerabilities identified and exploited by threat actors. Evaluate + Integrate AI into Cyber Defense Strategy All AI are not the same; each has its strengths and challenges when applied to cyber defense. The key is to ensure that the AI is not just trained on known data, but is learning continuously based on users, devices, and communications on the business infrastructure. The NIST RMF and ISO AI standards provides an excellent opportunity to organize enterprise initiatives for an AI-centered cyber defense program. So how can an organization get started, get organized with AI cyber defense? Businesses can get started by performing an AI-based risk assessment, creating an AI RMF plan, and development of a suite of AI cyber risk management policies. An AI defense methodology provides a lifecycle approach for cyber resilience. Yesterday’s security controls and capabilities will be challenged with AI augmented attacks. The attacks of tomorrow are not “one of many,” but highly targeted, specialized, “one of one” attack. Forward leaning, forward thinking organizations will mesh AI in its cyber defense fabric. The future or mirai is now and will require a kaizen cyber defense program that is re-imagined and based on AI capabilities.