Microsoft announced last week that, as it did with .NET years ago, it will be putting generative AI into everything, including security.
Back in the .NET days, I joked that Microsoft was so over the top with .Net that the bathrooms were renamed Men.net and Women.net. Many of those efforts didn’t make sense. However, given that generative AI affects most functions at Microsoft (except the bathroom), it makes more sense for the company to do so now.
Let’s take a look at how generative AI will impact security. Then we’ll end with our product of the week: the BAC Mono custom-built, street-legal track car.
Biggest Security Exposure… You Are
We often get overly excited about all the technology we have at our disposal to reduce breaches. But after layer upon layer of security software to identify and fix breaches, one constant is that the most common cause of a breach is a person. Ransomware attacks, identity theft, data theft, and many additional problems mostly track back to someone who was tricked into providing information that could be used to cause harm.
The industry talks about regular employee training, safety drills and audits, and excessive penalties, all of which have had minimal impact on the problem because companies do not practice any of these consistently and effectively. I include security companies, especially their executives, in that group who often think the rules they helped create don’t apply to them.
Back when I was doing a security audit (at a company not known for security) on a CEO who often bragged that he knew more about security than anyone else in my division, I would go over his most sensitive information. which was in a locked vault in 10 minutes. Not by using some super-secret James Bond hacking technique, but by looking in his secretary’s drawer where all the keys were stored, which were unlocked.
Human error is the most important and prevalent cause of some of our most painful security problems, and it’s been that way for decades.
HP PC Security Solutions
I’m writing this at HP’s Amplify partner event, where HP just kicked off its security solution. HP’s Wolf Security is arguably the best PC security solution on the market.
HP highlighted that the security business generates $8 trillion in revenue, which is a fraction of the money it protects. Yet all this technology is useless if you can’t stop an employee from doing something stupid.
The HP tech includes VMs, BIOs, security and some of the most impressive security solutions I’ve seen, but it only addresses someone who accidentally drops or loses a PC. It does not deal with an employee who voluntarily or accidentally breaches his safety.
One exception is HP Sure Click which helps prevent the user from clicking on a link they shouldn’t. Sure Click isolates risky tasks in a virtualized environment so that damage does not escape from harming a separate VM. This effort goes a long way. However, while HP does the most, it’s still not enough.
Examples of Why We Need AI Security
One of the biggest problems I’ve ever covered was a CIO who got fired via email. He was so enraged that he used his credentials to effectively put all of his ex-company hard drives out of business. Yes, he was prosecuted for poverty and went to jail, but that didn’t help the company he shut down.
In another large-scale breach, an attacker with uncontested access to a company’s HR system used alleged credentials and crafted a global email that went out to every non-management employee telling them that the firm had been sold and that they were about to be fired. To receive the check, employees were required to provide their banking information.
Almost every employee gave their information before anyone even thought to ask the manager about it. By the time the attempt was called off, the attacker’s servers were offline, and the thieves had moved away.
These examples show successful exploits that would have bypassed HP’s Wolf Security. One because it was a physical breach with no laptop involved and the other was caused by a phishing attack that resulted in access and compromise of an HR system that Wolfe Security would not protect.
I’m not picking on HP here because neither HP nor any other tech company can effectively solve an employee-sourcing problem. But that “yet” is where AI potentially comes in.
AI to the Rescue: Blackberry to Microsoft
Microsoft’s Security Co-Pilot is initially focused on providing security professionals with information on current and potential breaches in real time so that they can be rapidly mitigated. This should help address the ongoing problem of understaffed and under-resourced security. This is the initial focus of most of these generative AI efforts: to increase productivity and reduce workforce burden.
However, the real promise for generative AI is that it can learn from employee behavior, and reduce it by learning from that behavior. Largely, one company that has moved aggressively against this employee risk with older AI technology is BlackBerry’s Silence unit.
BlackBerry’s technology monitors employees and will move to block anyone behaving abnormally, such as a service professional who suddenly starts downloading the firm’s employee or product development files—a sign that a The attacker was using his own credentials.
Generative AI can go much further and potentially more quickly. Using massive models, generative AI can predict future behavior, identifying employees who routinely violate company policies (indicating that they are more likely to act inappropriately). likely), and can recommend remedies ranging from recurring automated training to dismissal for those employees most likely to be the cause. of violations, eliminating potential problems before an incident occurs.
Now, before you fret about the “termination” part, realize that if these employees cause a breach, the remedies may include not only termination but also financial costs to the employee or even depending on the nature of the breach and Jail time is also included, depending on the size. Therefore, even for the dismissed employee, this remedy is better than what would otherwise have been the case.
Wrapping Up: Generative AI and the Future of Security
AI is being brought to security, starting with BlackBerry and ending with Microsoft’s most recent effort. The result is the potentially ultimate elimination of our most important security risk: people. As generative AI and other future forms of AI advance in security, we will finally have the opportunity to mitigate the one security problem that keeps biting us in the butt: ourselves.
As with other technologies, I expect IT to be slow to adopt these tools and that avoidable breaches will forever change our career paths and financial security.
AI will not only help keep our companies safe, but those we love, including ourselves. Note that the individuals who most need this protection are our aging population, who bad actors often trick into giving up their retirement funds because of such breaches.
The only question is whether AI defenses will be deployed before this same technology can be used against us. AI is neither good nor bad; It is a tool. Sadly, in cyber security, new technologies are increasingly used against us than for us.
BAC Mono custom-built, street-legal track car
Since we’re talking about AI this week, two weeks ago, Nvidia held its GTC conference, where I looked at Nvidia’s idea of a car that would be built first virtually and then customized to your specific needs and tastes. Custom-made for.
The BAC Mono car is an early example of how the rest of the car market would develop. Using advanced workstation tools from HP, Bac has created a process that Nvidia talks about.
I sold my track car a few years back, and I miss it. But generally, a track car is some old sports car or hot hatch that you drive on a track. These cars are designed for day-to-day driving and are not ideal for the track – and dedicated track cars require you to trailer them.
Dedicated track cars that are also road-legal are rare and very expensive, and customization is limited. Using the Metaverse and VR technologies, this last one can be changed. Not only can the car be more customized, but it can be built more quickly, tested virtually, and better able to pass the changing rules of driving on public roads.
With a price tag of $151,000, the BAC Mono is not for the faint of heart, but it will outperform supercars on the track that cost a lot more. It’s designed to help you hit your corners efficiently and a supercar can draw similar crowds for a fraction of the price.
Bac Mono | Image credit: Briggs Automotive Company
This might not impress your date, since it has a seat, but in most supercars, once she tries to get into the car, she’ll inadvertently stop being impressed without providing a photo opportunity.
Plus, since it’s a track car, you’ll be less motivated to do the stupid things that often define supercar drivers (there are thousands of videos of supercar drivers doing expensive, stupid things on YouTube).
The BAC Mono is not only the harbinger of how we’ll buy cars in the future, but I also lust for one, so it’s my product of the week.
The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.