19th October 2023 • Park Plaza Victoria, London
Light at the end of the cyber tunnel?
Generative AI is grabbing the headlines but a quieter revolution may transform cyber more fundamentally
Technology without transparency is a losing game
All the recent talk in cybersecurity has revolved around technology – and in particular the threats and challenges posed by artificial intelligence (AI), both generative (like ChatGPT) and other varieties.
The UK’s NCSC is worried enough to have written extensively about AI as an offensive tool in the arsenal of cybercriminals, but of course both true AI and machine learning (ML) are also employed extensively by the security solutions community to better identify and detect threats and attacks, to automate tasks too large or dull for human reviewers to do well, and to deal with the kinds of behavioural and network analysis required to reveal sophisticated attacks, living off the land and lateral movement.
However, in all this focus on the latest technology developments, are we missing more important developments?
For a start, it is finally happening: governments and business are publicly acknowledging that cybercrime is a truly material threat to national security, to critical national infrastructure, to core national economic interests, to foundational elements of society such as healthcare systems and education, and to the small and medium-sized businesses that form the backbone of most economic activity.
Sure, political and business leaders have previously paid lip service to some of these ideas, but it’s clear that the relentless volume and sophistication of attacks from criminals and nation states has finally changed the calculus.
And this has finally put transparency and collaboration at the top of the agenda. As the NCSC says in a recent blog: “We are increasingly concerned about what happens behind the scenes of the attacks we don’t hear about… if attacks are covered up, the criminals enjoy greater success, and more attacks take place. We know how damaging this is.”
So yes, AI is a big deal. But to defeat this attack on our financial and social well-being, we all need to get away from the traditional secrecy and blame-games played around cybersecurity incidents. Transparency does not ‘paint a target on my back’. We are all targets already.
Unless organisations are prepared to share their experiences, and to be honest with the public and their stakeholders about the realities of operating in a digital world, then we will continue to lose. Insurers will continue to lack the data they need to provide cover. Law enforcement agencies will be operating blind. And the providers of security solutions will be unable to create products that match the material threats.