Integrating artificial intelligence into enterprise systems has brought immense opportunities and challenges, making cybersecurity resiliency crucial as organizations harness AI for efficiency and innovation while addressing the rapidly evolving threat environment.
This duality requires a proactive approach, blending advanced security strategies with operational resilience to ensure protection across dynamic, diverse infrastructures.
John Furrier and Savannah Peterson of theCUBE Research discuss the future of cybersecurity with AI.
“Cyber resilience is now broad, from data backup and recovery to recovering from a breach like ransomware or maintaining the resilience of a stock,” said John Furrier, executive analyst at theCUBE Research. “These are the issues: How do I operate with my critical systems? How do I stress-test them? What can red teams do more of? All this is now completely at full scale, and it’s super important. And they’re hard problems to solve.”
During the mWISE 2024 event, Furrier and Savannah Peterson, co-host of theCUBE, SiliconANGLE Media’s livestreaming studio, spoke with a variety of cybercrime and security experts. Discussions focused on the latest cyber threats, how AI can be used as both a weapon and a defender against them and actionable industry insights to help organizations detect and defend against them. (* Disclosure below.)
Here are three key insights you may have missed from theCUBE’s coverage of mWISE 2024:
1. As AI evolves, companies must enhance cybersecurity resiliency to combat new vulnerabilities, with CISOs leading efforts to manage emerging risks.
As AI technology advances rapidly and organizations rely on data more than ever, the potential for cyber threats has increased, exposing companies to greater risks and making the need for stronger cybersecurity resiliency critical, according to Furrier. Balancing operational efficiency with robust security measures requires integrating people, policies and technology.
“Security is one of those data problem areas, and it’s got a lot of risk management,” he said. “You’ve got a lot of forces coming together. There’s also reducing the steps it takes to make the user experience better, workflow management and, ultimately, at the end of the day, balance the asymmetry between the good guys and the bad guys.”
The growing use of autonomous AI systems — known as agentic systems — has introduced new vulnerabilities in supply chains, Furrier pointed out. These systems need end-to-end protections to maintain cybersecurity resiliency across supply chains.
“Generative AI is increasing the surface area and is increasing the opportunities for cybercriminals to attack,” Furrier said. “Sensitive information disclosures and breaches are huge. Whether that’s infected [large language models] or hallucinations or drift, data is coming out.”
As generative AI technologies evolve, they offer significant operational benefits and introduce new risks, such as vulnerabilities in data security and an expanded surface area for cyberattacks. These emerging challenges, particularly around sensitive data disclosures and malicious exploitation of AI models, demand robust, proactive defenses. Organizations must balance leveraging AI’s capabilities and protecting themselves from the increased threat landscape.
Google Cloud’s Kevin Mandia talks with theCUBE about the expanding role of the CISO in managing AI risks.
In response to these growing risks, cybersecurity resiliency strategies are shifting, Kevin Mandia, founder, former chief executive officer and strategic advisor at Google Cloud, told theCUBE during the event. The role of the CISO is expanding beyond traditional security practices to include managing supply chain integrity and data security. As organizations integrate AI more deeply into their operations, they must also adopt resilience-focused approaches, emphasizing disaster recovery and securing critical assets.
“There’s a lot of companies that have said, ‘We need to make backups of our critical assets. We need to make sure our backups are secure,’” Mandia said. “Almost none of them practiced a red-lever event of ‘let’s go through the drill of shutting down and redoing it’ … because it impacts business and or they may not have the time or resources to do it.”
With these expanded responsibilities, CISOs are also tasked with defining policies around generative AI tools and ensuring their organizations are well-prepared for technological disruptions and potential cyberattacks, according to Mandia. As generative AI evolves, CISOs must proactively address vulnerabilities and create strategies that balance innovation with robust security measures.
“I believe the CISO role’s up for a change,” Mandia added. “It’s more and more responsibilities … jump balls are existing in security, like who’s going to do AI security? Who’s going to do the data security to see what’s going into the model? What’s coming out of the model? Who’s doing supply chain security? The CISO’s the new person on the block.”
Here’s theCUBE’s complete video interview with Kevin Mandia:
2. AI and law enforcement disrupt ransomware, while nation-state and healthcare threats demand more robust cybersecurity resiliency.
Ransomware attacks remain a formidable challenge, but organizations and law enforcement are ramping up efforts to counteract them, according to Kimberly Goody, head of cyber crime analysis at Google LLC, during an interview with theCUBE. A blend of strategic interventions, cutting-edge technologies and coordinated operations has yielded significant progress. In 2024 alone, 14 major ransomware operations were disrupted, reducing their impact on targeted organizations.
Google’s Kimberly Goody talks with theCUBE about preparing for ransom threats.
“LockBit is a great example of activity that occurred this year where they didn’t just target the infrastructure or the payments, they also did some initiatives to sow distrust between the threat actors that were running that service and the affiliates,” Goody said. “I think taking that big, multifaceted approach to disruption is really important, and we’re seeing some wins there.”
However, even as ransomware operations are being disrupted, nation-state cyber threats are growing more aggressive, targeting critical infrastructure sectors such as water, power, and rail, according to John Hultquist, chief analyst at Mandiant (part of Google Cloud), during an interview with theCUBE. Threats such as the Volt Typhoon, a Chinese cyber espionage campaign targeting critical infrastructure sectors such as water and power, emphasize the need for proactive cybersecurity resiliency measures.
“Most people would agree that the Volt Typhoon activity is probably the biggest threat right now,” Hultquist said. “That is Chinese espionage or cyber espionage that’s coming out of China where they’re digging into our critical infrastructure. They’re essentially gaining access … so that if they get the order, they can disrupt.”
These attacks have evolved from targeting military infrastructure to hitting more unpredictable industries, with the goal being widespread disruption rather than direct violence, Hultquist explained. Russian actors are following suit, exploiting technology resellers to infiltrate downstream customers and disrupt critical systems.
Mandiant’s John Hultquist talks with theCUBE about evolving cyber threats and resilient defenses.
“[It’s about] getting into your industrial control systems or OT systems and breaking things,” Hultquist said. “It’s about chaos … it’s more of a disruption thing. The whole game is basically moving upstream. The really good players, that’s what their game is.”
As these threats evolve, AI is increasingly important in protecting vulnerable sectors such as healthcare systems. These systems, which depend on massive datasets and life-saving operations, have become a prime target, Charles Carmakal, chief technology officer of Mandiant (part of Google Cloud), told theCUBE in an interview.
“We’ve seen a lot of targeting of healthcare organizations over the past several months,” he said. “Threat actors realize that if you disrupt their ability to give care to patients, those organizations will feel pretty compelled to pay.”
In response, law enforcement agencies have stepped up, dismantling infrastructures and thwarting ransomware operations, according to Carmakal. These actions have struck fear into cybercriminals and disrupted their networks.
“When threat actors lose money, when they lose infrastructure, when they get arrested [and] when they get indicted — these are all great actions,” he said. “They help to create more fear and consequences for threat actors.”
While the misuse of generative AI by cybercriminals remains on the horizon, “for the most part, we’re not seeing a whole lot of malicious use of generative AI to attack organizations,” Carmakal added.
Here’s theCUBE’s complete video interview with Charles Carmakal:
3. Serverless architecture boosts efficiency but demands strict security practices, while AI automates defenses and enhances team collaboration for stronger cybersecurity resiliency.
Serverless architecture opens new avenues for improving operational efficiency by reducing the need to manage traditional infrastructure. However, this flexibility introduces unique security challenges, according to Charles DeBeck, threat intelligence strategy lead at Google Cloud, during an interview with theCUBE. As serverless systems scale dynamically, organizations must ensure visibility and control to prevent minor vulnerabilities from escalating into major security incidents. The shift toward serverless demands a careful balance between efficiency and rigorous security protocols.
Google’s Peter Bailey and Steph Hay talk with theCUBE about how AI is improving cyber threat detection.
“It’s interesting because, from a threat actor perspective, we’re not seeing a ton of activity here just yet, but we have started to see them looking at this space as a potential avenue for exploitation,” DeBeck explained. “It’s tougher to get into serverless environments … but we have historically seen examples of threat actors wrapping traditional malware in a way so it could be taken advantage of in a serverless environment.”
While the rapid scalability of serverless systems enhances performance, it also allows attackers to exploit minor breaches that can quickly spiral out of control. This makes identity access management and proper configurations critical for mitigating threats.
“The key concepts of identity access management and making sure that you have permission and configuration in place is the same as what we see in other parts of cloud environments,” DeBeck added. “But from serverless, a key component here is that scalability from compute resources can be very sudden and dramatic.”
Organizations adopting serverless systems must ensure rigorous identity access management and configuration practices to mitigate the heightened security risks of dynamic scalability.
AI is enhancing security operations by streamlining workflows and automating tasks, according to Peter Bailey, vice president and general manager of SecOps, Google Cloud Security, at Google, during an interview with theCUBE. As cyber threats evolve, AI improves detection, reduces human intervention and scales operations. Automating tasks like onboarding data sources and creating detection rules has significantly sped up response times.
“We will always look to simplify those experiences through the [user interface],” Bailey said. “Those are steps in the old day days that maybe took hours in days, maybe in today they can be right at your fingertips and go very, very quickly so you can respond faster.”
AI’s role as a force multiplier extends beyond automation, fostering collaboration between security teams and enhancing overall defense strategies that strengthen overall cybersecurity resiliency, according to Steph Hay, head of UX, Google Cloud Security, at Google. By bringing together threat analysts, security operations centers and AI tools, organizations can respond more effectively to the increasing volume of attacks. The convergence of expertise and technology creates a more robust defense ecosystem.
“This is a team sport,” Hay said. “I think that convergence, too, of the different roles, making sure that you’re bringing in the expertise of a threat analyst and a tier-two SOC analyst and maybe a cloud security practitioner … is going to transform the SOC.”
Here’s theCUBE’s complete video interview with Charles DeBeck:
To watch more of theCUBE’s coverage of the mWISE 2024 event, here’s our complete event video playlist:
(* Disclosure: TheCUBE is a paid media partner for the mWISE 2024. Neither Google, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)