Eliminate staff burnout, GPT-4 exploit, NIST rebalancing

Welcome to CISO Corner, the weekly collection of Dark Reading articles designed specifically for readers and security leaders involved in security operations. Each week we will offer articles collected from our news operations, The Edge, DR Technology, DR Global and our Comments section. We are committed to bringing you a diverse set of perspectives to support the work of operationalizing cybersecurity strategies, for leaders of organizations of all shapes and sizes.

In this issue of CISO Corner:

GPT-4 can exploit most vulnerabilities simply by reading threat alerts

By Nate Nelson, Contributing Writer, Dark Reading

So far, threat actors have managed to leverage artificial intelligence (AI) and large language model (LLM) tools with a more cunning phishing lure and some basic malware, but according to a team of academics, things they are about to change.

Researchers at the University of Illinois Urbana-Champaign have shown that by using GPT-4 they can automate the process of collecting threat alerts and exploiting vulnerabilities as soon as they are made public. In fact, according to the research, GPT-4 was able to exploit 87% of the vulnerabilities it was tested on. Other models were not as effective.

although the AI technology is new, the report suggests that, in response, organizations should strengthen proven security best practices, particularly patching, to defend against automated exploits enabled by AI. In the future, as adversaries adopt more sophisticated AI and LLM tools, security teams may consider using the same technologies to defend their systems, the researchers added. The report pointed to automating malware analysis as a promising use case example.

To know more: GPT-4 can exploit most vulnerabilities simply by reading threat alerts

Related: The first step to protecting AI/ML tools is to locate them

Interrupting safety burnout: Combining leadership and neuroscience

By Elizabeth Montalbano, Contributing Writer, Dark Reading

Widely reported burnout among cybersecurity professionals is only getting worse. It starts at the top with increasing pressure on CISOs from all sides – regulators, boards, shareholders and customers – to take full responsibility for the security of the entire organization, without much control over budget or priorities. Even larger enterprise cybersecurity teams are becoming exhausted under the weight of long, stressful hours to prevent seemingly inevitable cyberattacks.

Certainly awareness of the stress and strain driving talent away from the cybersecurity profession is widely recognized, but workable solutions have been elusive.

Now two professionals trying to break what they call the “cycle of safety fatigue” say leaning on neuroscience can help. Peter Coroneros, founder of Cybermindz and Kayla Williams, CISO at Devo, have come together to advocate for more empathetic leadership informed by a better understanding of mental health and will present their ideas in more detail at this year’s RSA conference.

For example, they discovered tools such as the iRest (Integrative Restoration) attention training techniques, used for 40 years by the US and Australian militaries, to help people under chronic stress get out of the “flight or flight” state and relax. iRest could also be a useful tool for exhausted cybersecurity teams, they said.

To know more: Interrupting safety burnout: Combining leadership and neuroscience

Global: Cyber ​​operations intensify in the Middle East, with Israel as the primary target

By Robert Lemos, Contributing Writer, Dark Reading

The ongoing crisis in the Middle East continues to produce historic volumes of cyber attacks in support of military operations.

According to experts, there are two categories of adversary groups in action: domestic threat actors who work as an arm of a military operation and hacktivist groups who attack willy-nilly based on opportunities and the perceived proximity of the victim to the group’s enemies.

The head of Israel’s National Cyber ​​Directorate said groups affiliated with Iran and Hezbollah had been trying to take down the country’s networks “around the clock.”

Cybersecurity experts warn that Israel should prepare for destructive cyberattacks to continue Iran-Israel cyber conflict intensifies.

To know more: Cyber ​​operations intensify in the Middle East, with Israel as the main target

Related: Iran-backed hackers send threatening messages to Israelis

Cisco’s complex journey to deliver on the Hypershield promise

By Robert Lemos, Contributing Writer

Cisco’s big reveal of its AI-powered Hypershield cloud security platform has generated a lot of buzz and left industry watchers wondering how the tool will perform effectively.

Automated patches, detection and blocking of anomalous behavior, AI agents that maintain real-time security checks on every workload, and a new “digital twin” approach are all touted as Hypershield features.

The modern approach would be a major breakthrough “If they can do it,” said David Holmes, a principal analyst at Forrester Research.

Jon Oltisk, analyst emeritus at Enterprise Strategy Group, compared Hypershield’s ambitions to developing driver-assist features in cars: “The trick is how they come together.”

Cisco Hypershield is scheduled to be released in August.

To know more: Cisco’s complex journey to deliver on the Hypershield promise

Related: The first wave of AI vulnerability fixing available to developers

Rebalancing NIST: Why the “recovery” can’t stand alone

Comment by Alex Janas, Field Chief Technology Officer, Commvault

While NIST’s new guidance on data security is an important baseline overview, it falls short of offering best practices on how to recover from a cyber attack once it has already occurred.

Today, organizations must assume that there have been, or will be, breaches and plan accordingly. That advice is perhaps even more important than the other elements of the new one NIST frameworksupports this comment.

Companies should work immediately to close any gaps in their cybersecurity preparedness and response programs.

To know more: Rebalancing NIST: Why the “recovery” can’t hold Alone

Related: NIST Cybersecurity Framework 2.0: 4 steps to get started

3 Steps Executives and Boards Should Take to Ensure Cyber ​​Readiness

Commentary by Chris Crummey, Director, Executive and Board of Information Services, Sygnia

Working to develop an effective and tested incident response plan is the best thing executives can do to prepare their organization for a cyber incident. Most major errors occur in the first “golden hour” of responding to a cyber incident, the commentary explains. This means ensuring that each team member has a clearly defined role and can get to work quickly to find the best path forward and, above all, not making repair errors that can alter recovery timelines.

To know more: 3 Steps Executives and Boards Should Take to Ensure Cyber ​​Readiness

Related: 7 things your ransomware response manual is probably missing

Rethink how you work with detection and response metrics

By Jeffrey Schwartz, Contributing Writer, Dark Reading

At the recent Black Hat Asia conference, Allyn Stott, senior engineer at Airbnb, challenged every security professional to rethink the role metrics play in their organization’s threat detection and response.

The metrics drive better performance and help cybersecurity leaders demonstrate how investments in detection and response programs result in lower business risks for leadership.

The single most important parameter of the security operations center: alert volume, Stott explained. He added, looking back on his past work, he regrets how much he leaned on that MITER ATT&CK framework. He recommends incorporating others, including the SANS SABER framework and the Hunting Maturity Model.

To know more: Rethink how you work with detection and response metrics

Related: Research from the SANS Institute shows which frameworks, benchmarks and techniques organizations are using on their journey to security maturity