Title: Building resilience in the Age of AI: A guide for channel partners

By Scott Walker, Senior Director, Channel Sales EMEA, Illumio.

  • Saturday, 30th September 2023 Posted 1 year ago in by Phil Alsop

The promise of Artificial Intelligence (AI) as a groundbreaking innovation is undeniable. From healthcare to retail, the transformative power of AI has captivated industries, and the cybersecurity sector is no different. However, for all its good, AI is a tool that can be utilised as a weapon too. As the technology gets stronger, we are increasingly seeing cybercriminals leverage more AI-driven cyber threat techniques.

The current wave of generative AI has seemingly lowered the entrance barrier to threat actors. Unskilled cybercriminals, labelled as ‘script kiddies’, can use AI to access new attack options, such as using prompt injection to create malware. While mainstream tools like ChatGPT employ measures to block harmful requests, more malicious versions and alternatives like WormGPT and FraudGPT have emerged.

As AI threats escalate, organisations are increasingly seeking expert guidance to bolster their cyber defences. This shift presents a unique opportunity for channel partners to move away from being seen as tactical solution providers, to trusted advisors, advising businesses on adopting resilient security architectures like Zero Trust. This evolution not only meets immediate security needs but also positions channel partners as long-term strategic allies in the fight against future AI-driven threats.

The challenges of AI-drive defences One of the key security challenges around AI-driven threats is that traditional network-centric security solutions are no longer fit for purpose against modern threats. We've seen this in our own incident responses, where advanced threats download an attack or a piece of malware, along with all the components needed to execute it. Conventional firewalls and network security measures simply cannot keep pace with such dynamic threats.

To combat the threats posed by AI, many vendors are pushing a “fight fire with fire” approach, encouraging organisations to implement the latest AI-based defensive solutions. But whilst AI should have a significant place in an organisation’s security stack, relying entirely on using the technology for defence is a major mistake.

Cyber adversaries today can poison and trick defensive AI tools into overlooking malicious activities by feeding them false data. If an organisation's defensive measures are entirely based on such tools, it could be highly vulnerable to techniques like this.

Deploying defences indiscriminately against evolving AI threats is akin to prescribing antibiotics for every illness—a practice that eventually leads to antibiotic-resistant pathogens. The overuse of antibiotics has taught us valuable lessons about resistance – showing restraint round AI may be the best way to counter its misuse.

Rather, the channel should be advising organisations that the best defence against AI-attacks is in fact doing the fundamentals even better. This means shifting the focus from network-centric security to asset-based security to provide a more granular level of protection. By focusing on securing assets, businesses can contain threats to specific servers or workloads, allowing the rest of the organisation to continue functioning even in face of an attack. Within this approach, different AI systems can be trained to adapt and respond dynamically to different asset labels.

This is a step beyond what traditional network security can offer, bringing agility and true resilience to organisational defences.

A balanced approach: Combining AI with core security principles

The channel has a responsibility to steer its customers away from a tunnel-vision approach that solely prioritises AI-based solutions. Partners should be advising businesses to adopt a balanced approach that marries AI to fundamental security principles. To facilitate this, there are several aspects that the channel must consider:

Reducing the attack and learning surface

One of the best ways to build resilience against cyber threats is to reduce the attack surface. The fewer the points of entry, the lower the risk. However, the advent of AI means businesses also need to consider the ‘learning surface’ as well as the attack surface.

Constraining the 'learning surface' is not merely about blocking resource access for invasive malware; it's also about intelligent resource allocation. The channel should support and guide its customers in auditing which assets need to be completely shielded from the AI lens, thereby further reducing the available surface for offensive AI to learn and adapt. This goes hand in hand with Zero Trust's tenet of 'least privilege access,' which emphasises allowing only the necessary permissions for each asset based on its role in the organisation.

Embracing Zero Trust

The best way of achieving a reduced attack and learning surface is by implementing microsegmentation solutions aligned with a Zero Trust framework - or better yet, Zero Trust Segmentation. Such solutions provide a level of granular control that isn't just about stopping an attack, but rather about understanding the 'why' and the 'how' of an attack pathway. By giving customers the tools to track how an intruder navigates, channel partners can help businesses stop an attack in its tracks and gain invaluable insights into attack methodologies. These insights are critical for pre-emptive actions in the future.

Zero Trust Segmentation's agile approach also enables businesses to flip the security paradigm. It replaces static security directives with dynamic guidelines that can adapt in real-time to an evolving threat landscape. This level of adaptability is crucial when combating AI threats that continuously learn and adapt.

Integrating regulatory directives

We are also starting to see an evolving regulatory landscape around AI that the channel must be aware of. To-date most of the discussions are about protecting AI from attacks, not protecting organisations from AI. Partners have an opportunity to bridge this gap and help organisations boost resilience by offering solutions that are seamlessly integrated with regulatory directives and frameworks, such as the NCSC's Cyber Assessment Framework (CAF). The CAF already outlines the critical elements of network segmentation and system communication, but it needs the agility that ZTS brings. By combining the

foundational guidelines of the CAF with the dynamic capabilities of ZTS, the channel can offer customers a robust, sustainable, and future-proof security strategy.

Don’t forget education

Finally, let's not forget the importance of educating our customers about these layered security strategies. It's one thing to implement them, but it's another to ensure they're being utilised to their maximum potential. Regular training sessions, webinars, and workshops can go a long way in ensuring that the workforce is equipped to manage and respond to AI-induced threats effectively. In the age of AI, the channel’s responsibility is significantly increasing. It’s not just about equipping the customers with the right defensive tools, but rather it's about educating them, supporting them to develop a robust policy, and helping them consistently throughout their cyber resilience journey.

Given the buzz around AI, it is understandable that businesses will increasingly ask for AI-driven defensive solutions. So, the channel must increase awareness among its customer base that defensive AI is not a silver bullet. Rather, a balanced approach incorporating Zero Trust Segmentation and asset-based security can offer a more robust security infrastructure and make businesses more resilient.