CS Nov-Dec 2023

More documents

Recommendations

Info

artificial intelligence FAKING IT WITH AI STANDING ON THE CUSP OF A NEW FRONTIER IS EXHILARATING, BUT IT'S ALSO A PRECIPICE WE RISK TUMBLING OVER, WARNS ONE AI EXPERT Findings from independent research into AI's impact on cyber security, the risks and advantages, have highlighted the mounting concerns tht are spreading over the use of AI, and deepfakes in particular, as 68% of respondents noted concerns about cybercriminals using deepfakes to target their organisations. Brian Martin, head of product development, Innovation and Strategy at Integrity360 - Integrity360, which has released the findings - comments: "The use of AI for cyber-attacks is already a threat to businesses, but recognising the future potential and the impact this can have is just the start. We've already seen the potential for deepfake technology with the video of Volodymyr Zelensky telling Ukrainians to put down their weapons and spreading disinformation. This is just one example of the nefarious means in which it can be used, and businesses need to be prepared for how to defend against this and discern what is and isn't real, to avoid falling victim to an attack." A significant majority (59%) of respondents also agree that AI is increasing the number of cyber security attacks, which aligns with the change in attacks that have been noticeable over the past year as 'offensive AI' is being used in instances such as malware creation. It's also being used to create more phishing messages, with content that accurately mimics the language, tone and design of legitimate emails. In line with this, the survey also indicates that businesses recognise the impact that AI will have on cyber security, as 46% of respondents disagreed with the statement that they do not understand the impact of AI on cyber security. However, when breaking down the findings by specific job roles, the survey suggests that CIOs appear to have the least understanding of AI's impact on cyber security, with 42% indicating disagreement with the statement. "AI's role in cyber security is not only a matter of perception, but a tangible reality," adds Martin "Conventional cyberattacks will ultimately become obsolete as AI technologies become increasingly available and more appealing. and accessible as attackers look to expand their use for AI-enabled cyberattacks. As an MSSP. it's essential to ensure businesses are considering how this can be used against them and putting processes in place to protect against these growing threats." AI SAFETY SUMMIT As concerns over AI continue to circulate, an AI Safety Summit at Bletchley Park in Buckinghamshire had five key objectives that were up for discussion by global experts, academics, politicians and scientists. These were: A shared understanding of the risks posed by frontier AI and the need for action A forward process for international collaboration on frontier AI safety, including how best to support national and international frameworks Appropriate measures that individual organisations should take to increase frontier AI safety Areas for potential collaboration on AI safety research, including evaluating model capabilities and the development of new standards to support governance To showcase how ensuring the safe development of AI will enable AI to be used for good globally. Thomas R Weaver, tech entrepreneur, computer scientist and author of the book, 'Artificial Wisdom' , has been sharing some of his predictions around those summit objectives and had this to say about AI: "While it's exhilarating to stand on the cusp of a new frontier in AI, that very edge is a precipice we risk tumbling over, if we don't approach it with caution. As someone who has delved 30 computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk
artificial intelligence deep into the ethical murk of future technologies through both fiction and entrepreneurship, I can't stress enough how vital it is that we develop a collective understanding of the risks involved - especially when it comes to employing AI in tackling monumental challenges like climate change. It's not merely about drafting safety protocols; it's about questioning the very mandate we give to these technologies." The latest NCSC guidance is quite rightfully suggesting the pressing need to 'exercise caution' when building Large Language Models (LLM), with the explanation that our understanding of LLMs is still 'in beta' mode. Cautions Kev Breen, director of cyber threat research at Immersive Labs: "As an industry, we are becoming more accomplished at using and making the most of the benefits of LLM, but there is more to learn about them, their full capabilities, and where their usage could leave individuals and indeed large organisations vulnerable to attack." As organisations rush to embed AI into their applications, and startups begin to pop up with new and interesting ways to use this new form of AI; Language Models, such as OpenAI's ChatGPT, it is important that developers understand how these models and their APIs work before building them, he points out. "Prompt Injection is currently the most common form of attack observed against LLMs, by focusing on defeating the protections they offer against sharing or creating information that could be damaging - for example, instructions on how to create malicious code. This is not the only danger, he says, "OpenAI has introduced ‘function calling’, a method for the AI to return data in a structured format that can be used by the application, making it easier for developers to expand on the AI's capability or enrich its data with other sources." The danger here is that those function signatures are sent to the AI in the same context, says Breen, "meaning that, through prompt injection, attackers can learn the underlying mechanisms of your application and in some examples, attackers can manipulate the AI's response to perform command injection or SQL injection attacks against the infrastructure". To help raise awareness of this issue, Immersive Labs launched a 'Beat the Bot' AI prompt injection challenge (available at 'Immersive GPT'). In this challenge, users are tasked with building the right prompts to con the AI to give them the password. Of the 20,000 people that have attempted the challenge, around 3,000 made it through to level one, while only 527 made it to level 10, showing that there is still a lot for people to learn - "but even with varying levels of control, it's still easy to find a way to bypass a prompt", he adds. By learning prompt injection, even your average person can trick and manipulate an AI chatbot. "Real-time, gamified training becomes essential for not only attempting to keep up with the efforts of hackers, but also better understanding the 'practice' they are putting in themselves around AI prompt injection." Author Brian Martin: vital we develop a collective understanding of the risks involved with AI. Thomas R Weaver: tech entrepreneur, computer scientist and author of the book, 'Artificial Wisdom'. www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security 31
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Daniel Hofmann, Hornetsecurity
Page 8 and 9: ook review INSIDE THE REVOLUTION A
Page 10 and 11: product review HORNETSECURITY 365 P
Page 12 and 13: 2023 CS Awards Magician Nick Einhor
Page 14 and 15: ansomware ENEMY NO 1 - IS THE CROWN
Page 16 and 17: ansomware Michael Smith, Vercara: r
Page 18 and 19: inside view RANSOMWARE THREATENS BA
Page 20 and 21: cybersecurity training DRIVING EMPL
Page 22 and 23: cyber awareness THE CRIME-BUSTING C
Page 24 and 25: cyber awareness Don Boxley, DH2i: t
Page 26 and 27: attacks offensive PHISHING ENTERS D
Page 28 and 29: attacks offensive Kennet Harpsoe, L
Page 32 and 33: data privacy WHAT DATA PRIVACY MEAN
Page 34 and 35: data privacy Edward Machin, Ropes &
Page 36: Computing Security Secure systems,

CS Nov-Dec 2023

Create successful ePaper yourself

Delete template?

Save as template?