Adversarial artificial intelligence (AI) will likely drive a shift in attack patterns away from your current defenses. Are you ready, or are you reinforcing your organization’s Maginot Line?
Identifying AI-Enhanced Attacks
Recently, Datos Insights held two insightful Cybersecurity Executive Council meetings, one for insurers and a second for financial institutions. A question to the council members stood out: “Have you experienced an adversarial AI attack?” The question behind the question is, would you recognize an adversarial AI, whether it was driven by generative AI or other means?
Opinions on the importance of identifying AI-enhanced attacks vary. Some participants believe recognizing and responding to an attack is more important than understanding if it was AI-driven or enhanced. Defense in depth was considered critical.
This analyst believes it is critical to recognize if AI and generative AI are being used and have an appropriate metric. Earlier in my career, I spent countless nights on security incident bridges, seeing attacks evolve and probe our defenses for weaknesses. I believe in the effectiveness of a defense-in-depth strategy. My concern relates to complacency that can take hold as we are effective against the current attack modes.
As Daniel Goleman aptly put it, “Our minds are wired to magnify the immediate threat and minimize distant risks,” a lesson exemplified by the historical Maginot Line. For those unfamiliar, I received a history lesson from Jerry Sentell, perhaps influenced by his training at West Point, on the Maginot Line. That lesson is relevant today as we look at adversarial AI and attacks against the financial services institution.
Those Who Don’t Know History…
Construction of the Maginot Line defense network began 10 years before France entered WWII. Belgium, Germany, Luxembourg, and Switzerland constructed a line of defenses designed to withstand aerial bombardment. Complete with airflow and rail lines for re-supply, the Maginot Line was not merely a thin line but a complex system of defense spanning 12 to 16 miles in depth. Physical defense in depth!
As it turned out, the German army exploited a weak point in the Maginot Line and even employed a decoy force. At the same time, another group maneuvered through the Ardennes Forest north of the main defenses.
Attacks along the Maginot Line have been employed throughout history, from ancient Rome’s defense against Gaul to conflicts involving Julius Caesar, Attila the Hun, Napoleon, and as recently as World War I.
…Are Doomed to Exhaustion
Adversarial AI poses a new challenge, capable of conducting extensive cyber tests to uncover enterprise vulnerabilities. We are accustomed to attacks evolving in speed, location, and tactics; generative AI takes this to another level, conducting exhaustive adversarial testing from A to Z. This is tantamount to the German invasion of France through the lower defenses of the Ardennes Forest. Cybercriminals will leverage generative AI capabilities to find the point of least resistance in the enterprise and with an attack vector you are not prepared for.
Can you discern if a cyberattack used AI or generative AI? Do you have robust metrics and reporting mechanisms in place? As Peter Drucker famously said, “You can’t manage what you can’t measure.” If you are safeguarding valuable assets, your defenses will be tested. Are you prepared for an assault against your organization’s Maginot Line, where you will be caught off guard? Are you looking at where attacks have come before or where they will come next? Will you even see the attack when it happens or only after your defenses have been circumvented?
If this topic and Cybersecurity interests you, register to join us at the Datos Insights Cybersecurity Forum here. Connect with Datos Insights and all the way we help the clients of our Cybersecurity practice here.
