We are talking about AI hackers automate attacks and I'm joined by cyber expert Lisa Ventura MBE who is going to join us to reveal the defense mechanisms that are in place and there's there's just there's just so much going on in the space right now lisa it's um it's lovely to be joined by you as usual um I mean there's so many myths right going on and so what's the what's the biggest myth executives believe about AI in cyber security right now let's hold on a minute sorry let let's back up uh where does this myth come from yeah so um firstly Nat um it's a pleasure to be um back with you um today and uh talking to you about this and for me I see that the um the biggest myth is that AI is some kind of almost silver bullet that you can just deploy and suddenly that's it you're you're all secure and I think this comes from the fact that many executives u will see you know various headlines in the press various vendor pitches and they think "Right we'll get an AI security tool in and that's it we're done we're sorted we're secure." And that's not how it um works at all and actually quite recently I've had many conversations with different organizations and they'll say "We need to um have AI we need to deploy AI." And I'll turn that around to them and I'll say "Yeah that's great but what business you know use case or or you what is it that you're looking to solve by the use of AI?" And then it's almost like well we don't know but everybody else has got it and is using it so we need to you know too and it's almost a bit like that um you know what do we want AI when do we want it now I've been chatting to a chat on LinkedIn who I believe you're connected to called Aaron Lax and he often writes about it he's the founder of Singularity Systems and he writes about the space where technology meets reality right uh in our context what does that mean for AI-driven cyber threats and how are organizations missing the reality part Lisa absolutely and for me this is actually where it gets quite serious because when we talk about where technology meets reality when it comes to cyber threats and for me you're right this is something that Aaron does um really well um we're talking about attackers that have already made that leap so they're not debating whether to use AI they're already embedding it into every stage um of the cyber attack um life sc um life cycle so um you know for example traditional hacking um was always human scale and an attacker would often spend hours days even weeks doing reconnaissance crafting those fishing emails probing for vulnerabilities but now AI is a massive force multiplier so they'll be using that machine scale reconnaissance they'll be using AI to scan millions if not billions of targets analyzing social media patterns and profiles and crucially generating personalized fishing content at volume that is much much harder to detect as being a spam or fishing um attempt and they'll actually be making real-time decisions about which exploitation path to take and where organizations miss the reality is that they're still defending at human scale while also being attacked at what I call machine scale so many will be thinking things like you know we have a security operations center team we have firewalls so it's okay we're all we're all good but adversaries just aren't human attackers anymore they're humans utilizing AI agents and those AI leg agents will often be doing the heavy lifting so I think we need to fundamentally look at shifting our mental model around this because the threat actor isn't just a person now sitting at a keyboard it's someone that has and things like automated reconnaissance tools AI generated content at their disposal and our algorithmic decision making about attack vendors and for me that's the reality now that we're defending against and you know let's be honest now most organizations haven't even caught up you know with the the first part let alone this part yet with AI in the mix yeah yeah i mean what you said there is is is absolutely on point right i mean I was talking to Aaron uh the other day on on a chat and he said to me you know that the utopia for him uh which is what I was what I was sort of talking a little bit about is getting the AI agents to actually act in your defense so his vision is three or 400 AI agents that are repelling the attacks yeah at scale at once right and I think I think that is that is particularly interesting but the but you're right the problem the problems aren't just the the AI the problem is actually the the volume of data that exists for people and actually AI is becoming more and more versed in intelligence uh and and it and it can actually personalize better than better than you would actually think a and it makes the um the the jobs of security people and also the people who are looking at their inboxes even harder because actually those fishing emails become even even even harder right to to spot yeah yeah um so there is an emphasis on these multi- aent architectures and scalable systems so what does a defender organization of the future look like i mean I Yeah I said I said two or 300,000 but I don't how many agents do they need how do they coordinate how do they respond sure in in real time yeah mentioned a bit about it but absolutely so for me the defender organization of the future looks quite different from today's security operations center or SOC so um we're looking at moving from a purely human operation to what I call multi-agent architecture and by agents I mean both human analysts and AI systems working together but in orchestrated um workflows so what might that look like practically so for example you've got AI agents that are handling tier one um triage pattern recognition and also anomaly detection but at scale now they're often going to be processing thousands and thousands of alerts filtering out all the noise but then escalating what they consider to be the real genuine threats then you've got the human experts um because as I mentioned earlier you must always always have the human in the loop with this and that's your tier two and tier three analysts and they're doing what we as humans do best they're looking at contextual reasoning creative problem solving and also understanding the business impact um but a critical piece here for me is orchestration because these agents well they can't work in silos you need workflow automations that connects them all so where an AI detection triggers an automated containment action which then alerts a human an analyst with full context that analyst can then make a strategic call about response so so let me just let me just so for an example for all the people that have gone what is she talking about because you know we're not a technical kind of channel here right as you so I thought I'd just dig into what that what that sort of means yeah so that could mean people are changing file permissions correct at scale absolutely or it could mean they are sending lots of emails from a server it could mean data is being leaked there are lots of different things right yeah but it's an anomaly so it's something that doesn't normally occur correct within the business technology architecture right the AI agent spots it but it needs to be connected to the remedial AI agent which will then in turn lock down that particular situation to ensure no more damage is occurring right that's correct yes okay okay cool absolutely at least I understand it yeah no you you got it um and then just touching on um you know how many agents well that would depend massively on your organization's scale um right but the ratio um I think will shift quite dramatically so um for example and I will try to put this as you know in easy to understand and succinct terms as possible you always do you always do Lisa i was just having a bit of fun today but for example instead of say needing 50 human analysts to monitor monitor your environment you might have then say 10 highly skilled analysts but supported by 20 different AI agents who are handling different aspects of threat detection analysis and response so I guess for a bit of an analogy here your your your the architecture around your data that becomes your your your central nervous system so to speak and every agent will need access to the right data but at the right time so if you treat your security infrastructure as a network of coordinated agents both human and AI rather than isolated tools that's when you'll get real defensive capability at machine scale okay cool yeah obviously it's it's uh it's going to be going to be suitable for you know much larger organizations but there will be there will be the other options right for small mediumsiz business as well of course like there always is so being being a group builder across technology fields is crucial um in cyber defense what role does the ecosystem play industry sharing trade associations alliances yeah um basically when when um looking at this absolutely so community and ecosystems wow they are absolutely critical and this is something that attackers already understand um better than defenders do because many cyber criminals actually don't work in silos or isolation they collaborate they share tools they'll share trade access and they'll pull their intelligence so they've actually effectively created their own ecosystem and I've only got to mention the dark web um in terms of that you know ecosystem i'd rather you didn't mention that on my channel thanks yeah but you know what I But you know what I mean they own ecosystem and the dark web's a big part of that so right while many organizations are still trying to defend in isolation so we'll often build our own capability we'll keep our intelligence internal and there's often a lot of competition rather than collaboration right you know and for me that's a losing strategy because your adversary is already you know well networked in that respect and and you might find that that you're not building collective intelligence structures so for me that's things like industry sharing forums trade associations threat intelligence alliances it's not just a nice to have it is an absolute strategic um imperative you know for example where one financial services firm gets hit with a novel you know type of cyber attack technique every other bank should know about it within you know hours and and not 100% it just doesn't make sense like why you would want more people to suffer like and this is exactly why I've been working on establishing the AI and cyber security association because we need that formal structure where organizations can share threat intelligence about AI enabled attacks discuss defensive techniques develop some frameworks and common standards at the intersection of AI and cyber security and collectively as a group and not in silos and isolation look at raising that security um baseline and you know for me the only way that defenders um can close the gap is to build those critical ecosystems and communities that match or even exceed the adversaries collaboration capability you know threat you know intelligence sharing the rapid you know dissemination of um of sock etc joint research on emerging AI and cyber security threats for me that's how we level the playing field and that's a big piece of work the AI and cyber security association is going to be doing yeah well it's it's it's so it's so highly relevant to the world that we live in now you know when you've got when you've got loads of drones that can actually become swarms of drones and fight against targets right it's exactly the same like there's no there's no real difference yeah i mean obviously scale but but it's just in the principle of it that's kind of how how I see it um so when the unsung layer in tech operations is called out what unsung or overlooked layers exist in AI cyber today and where are the gaps in process data orchestration that attackers exploit absolutely so for me it's definitely the operational layer where AI actually meets enterprise reality and everyone focuses on the AI model itself in terms of asking questions like is it accurate you know what's the false positive rate what's the hallucination rate um but for me yeah that's only part of it and the real question is how does that AI model integrate with your security operations center workflow how does it hand off to your analysts what happens for example when it flags you know something suspicious at 2:00 a.m on a Sunday how do you retrain it when an when attack patterns evolve so for me that operational layer the people the processes and the workflows around the AI that's where most implementations fall apart so you know and I and I see you know this all the time organizations will buy sophisticated AI security tools they'll deploy them and then nothing really changes operationally the AI generates alerts and that drowns out the same you know overwhelmed um security operations team there's no real workflow redesign no processes for handling AI generated insights differently from traditional alerts and crucially no feedback loop to improve the model and that's where I would like to see some change huh that's interesting that's interesting i mean you you know just talking about the entire AI implementations and how many fail it's actually it's unbelievable and unless we get this right there is going to basically be the most almighty crash in AI models yeah uh and the market for AI is going to shrink i mean when you've when you've got kids who are like basically completely against AI a whole generation is like I can't use AI i'm not allowed to at school right yeah and they're and they're basically terrified it's going to replace them so you think about that right um it we we're we're in a place which I've got an interview coming up with Catz Keley who I I think you might know her but but but yeah we're talking about a lot to do with AI implementations and and she basically thinks a massive crash is coming and I think she probably is right so look out for that uh that interview it'll be it'll be good so onto the blending of workflow automation and multi- aent systems it is key right as as we've said how should organizations redesign the workflows around data AI response to keep pace with AI enabled bad actors lisa absolutely so this for me is quite an existential question for cyber defense at the moment um mainly because we're moving towards a future where autonomous agents that is attack bots versus defense bots they're engaging at machine speed so traditional human sees the alert human investigates human responds model it simply can't keep um pace with these you know attack bots that are are coming our way so workflow redesign for me this needs to start with um good data architecture and I think your AI agents need that real time access to security telemetry to threat intelligence to asset data you know and business context and you know all of it it needs to needs to consider um so if your data is siloed in different systems with different formats your automations then can't work um effectively and you also need to think in terms of agent choreography and by that I mean map out your security workflows in terms of detection triage investigation containment and remediation and what parts of that workflow can be autom automated where do you need that human judgment and how crucially do they hand off to each other so an example here is that an AI agent may detect an anominous sort of lateral movement um you know something that doesn't look quite sort of right so it it picks that up it then automates the containment and isolates the affected um segment then an enrichment agent will gather context um about the user assets and any recent activities from that affected segment but a human analyst will receive a complete investigation package and make the strategic decision about whether this is an insider threat whether it could be compromised user credentials or whether it's actually a false positive and the critical shift with this is from linear human-driven workflows to parallel multi-agent workflows where multiple AI systems are working simultaneously but on different aspects of the same threat and that can be orchestrated by automation platforms with humans always in the loop at decision points that require that human oversight and judgment and I can't stress that enough because I'm seeing a lot of these um you know workflows with AI being deployed and people thinking oh we we we don't need the people now a bit like what you were saying about is AI coming for our jobs and and so on right and no you absolutely need that human level of oversight um in this scenario because the reality is that attackers are already developing and deploying automated multi-stage attacks um at machine scale and if us as defenders if we don't redesign those workflows to defend at the same scale with the same level of automation and the same agentto agent capability it's almost for want of an analogy like bringing a knife to a gunfight because the gap isn't going to close by itself it requires deliberate redesign of how we fundamentally work yeah yeah it ma it makes absolute sense to me i've learned a lot about this in the past few weeks and um you know knowing some of the best programmers in the world has been is really quite eye openening to be honest and it and it helps you to get a big picture kind of thing and you know understanding this for executives is absolutely critical and because otherwise how are they going to explain to the CEO that they need to spend x amount of money on on cyber security right I mean basically cyber security needs to become a two trillion investment is what I heard i was reading something about that earlier and we're at a point now where you know you hear of new hacks every week don't you pretty It's horrendous isn't it it's It's literally horrendous and I know you're on the news quite a bit sort of talking about these and and the fallout from them is just is just horrendous isn't it i mean ju not just for the not just for the the teams right absolutely i mean you've only got to look at Jaguar Land Rover that happened in September and you're absolutely right when you said I've been on the um on the BBC talking about it when it first happened in the early part of September I said clearly then this is going to take them weeks if not months to recover from lo and behold that's exactly um where we are so what what what exactly what exactly happened there then so what in terms of the the attack itself or Yeah the attack and then and then how did it how how come it took so long to to fix it um so the attack was um undertaken by the scattered spider group which was the same group that targeted Marks and Spencers and the co-op and the others and they'd found a vulnerability and exploited it and got hold of a lot of key data and information um but in terms of why it's taken Jaguar Land Rover um so long they had to completely shut down all their production to deal with it and they couldn't just turn it back on and off they go again overnight it had to be a very careful very rolled out very phased return to production as they got back up and running again um from it and they're not fully there now I don't think i think it's still going to take a while for them to get back up to that full capacity um so much so that the UK government did and this is another myth that's doing the the rounds at the moment um the UK government did step in with some funding for them um it wasn't a government bailout a lot of people think it was what it actually um is is a bridging what they call a bridging loan that they've given to Jaguar Land Rover um and that was designed to stop not just what happened to Jaguar Land Rover but the impact on the supply chain um that makes sense yeah for for example um you might you might think what is a a business that has got some coaches that ferry people back and forth how might they be impacted by Jaguar Land Rover well they had a contract with them to actually ferry a lot of the workers to the production plant and back and forth in in Sully Hall and they'd actually invested in a whole new fleet of brand new state-of-the-art coaches um because they had a lot more people they were taking back and forth and um the contract was was quite lucrative for them and they suddenly went from doing all of that to not having anybody to take back and forth to the production line because of course the production line isn't working and it's almost put them out of business as a result so it's that impact as well on the supply chain that's also also immense not you know notwithstanding what happens to the actual company that suffers the cyber attack but it's the knock-on effect to the smaller businesses and the supply chain that are involved um with that even my husband's organization um he works for a holage company and even they supply some parts to Jaguar Land Rover and suddenly they weren't able to supply those those parts and even they were partially impacted um you know by that so yeah crazy crazy well that's been that's been really interesting looking forward to hearing more about your uh your new organization that you're launching and uh I'll be keeping my ear to the ground for that yeah and I really appreciate your time and uh thank you everyone for listening thank you N pleasure if you value the insights on influential visions you'll be pleased to know that that is just the public version inside Monday influencer the indispensable weekly guide to success in business career life you get a weekly email which also has an audio version narrated personally by us you get early access to uncut interviews behindthescenes footage and intel you get critical insights unlocking AI and technology for your success you can download cheat sheets checklists and many many audios which will help you to become a better executive and a business person your risk is $1 join us the link is in the description thank you.
We recommend upgrading to the latest Chrome, Firefox, Safari, or Edge.
Please check your internet connection and refresh the page. You might also try disabling any ad blockers.
You can visit our support center if you're having problems.