A CISO Perspective on AI

By Harold Rivas · January 10, 2024

Many of the leaders I talk to in cybersecurity express a mixture of uncertainty and excitement about new generative AI (GenAI) capabilities. We’re thinking about how AI affects our ability to protect our organizations and how we can get ahead of the risks it poses. At the same time, we’re looking forward to using it to become more adaptive and faster at detecting and remediating threats. As we start 2024, here is my take on where CISOs will see both increased threats—as well as opportunities—from AI.

AI enables new cyber threats

Shielding an organization from a diverse array of threats has never been more challenging. Cybercriminals can use AI to hide malicious code, create malware capable of mimicking trusted systems, and draft convincing spear-phishing emails.

And we've already seen attackers use AI penetration testing. All that cybercriminals have to do is craft the right prompt, using their tool of choice, to penetrate a system.

In essence, cybersecurity has become an arms race where the attackers are leveraging AI to outpace traditional defense mechanisms. The sheer volume of potential threats and the speed at which they evolve make it impossible for human operators alone to keep up.

GenAI can also increase the risk of internal threats. Employees who use ChatGPT may inadvertently leak sensitive information outside the organization. Even if these actions are not malicious, they can still create significant damage.

How CISOs can integrate GenAI into their cybersecurity posture

As CISOs, we need to inform our stakeholders about the risks of AI-assisted attacks and help them understand just how challenging this has become.

One important point we can stress is that the pace of attacks is speeding up. As attackers operate faster, defenders have to operate even faster, which means using AI for defensive activities. GenAI can be a powerful ally in gathering critical information quickly. For example, I enjoy using X’s Grok to learn in real time what the world posts about the latest zero-day vulnerabilities or newly discovered threats.

As CISOs, we can use AI to help our organizations move from a reactive to a more adaptive, risk-based approach. AI can help connect the dots so that you’re able to go from a sea of data about indicators of compromise (IOC) to applying contextual intelligence. With some customization, you can better understand who is targeting your organization, their techniques, and the indicators that help you prove it. This intelligence gives CISOs valuable insights that can help you further strengthen your organization’s defenses and guide your discussions with other executives.

Using AI to go from reactive to adaptive

Leading Customer Zero for Trellix technology, I get to kick the tires on our latest innovations. And we have some exciting new developments coming with AI. For instance, our recent announcement of Trellix GenAI built on Amazon Bedrock will help SecOps teams to more quickly accelerate from detection to investigation through response and help constrained security analysts be more efficient.

CISOs might not usually be involved in the day-to-day cyber firefight, but we can use AI to understand the biggest threats to our organizations and address the top challenges facing our teams.

Here are examples how:

Accelerating Insights: AI reduces data analysis time by helping to form more focused, relevant queries. CISOs can make faster, accurate data-driven decisions, which is crucial in a rapidly evolving threat landscape.

Information Correlation: AI can correlate data from multiple data sources with an organization's internal information, highlighting potential vulnerabilities and weaknesses. For example, if a similar organization experiences a breach due to a particular vulnerability, AI can flag it for immediate attention, allowing for more strategic mitigation.

Augmenting Human Efforts: AI acts as a vigilant 24/7 security analyst, continuously monitoring an organization for signs of malicious activity and taking proactive measures. We can use AI-guided investigations to speed responses, reduce analyst workload, and essentially help a junior SOC analyst become 10 times more effective by supporting them and giving them context and color that’s critical to their ability to respond. AI can also rapidly develop playbooks for responses, leading to an overall decrease in mitigation actions and orchestration while simultaneously increasing security maturity.

AI in cybersecurity is a double-edged sword. It holds immense potential for strengthening our security postures, but it can also be operationalized against us by threat actors. CISOs should proactively plan for AI's role in their organization's security strategy sooner rather than later.

Learn more in the webinar “Connecting the Dots and Harnessing AI: How to Go from Reactive to Adaptive Security Operations" available January 31 in the Americas, EMEA, and APJ.