Similar to what it did with .NET years ago, Microsoft announced last week that it will incorporate generative AI into all areas of life, including security.
I used to quip that Microsoft went so far with .Net during the .NET era that the restrooms were renamed Men . net and Women . net. Many of those attempts made little sense. However, it makes more sense for the company to do this now than it did back then given that generative AI impacts the majority of what Microsoft does (aside from the bathrooms).
Let’s examine how security will be impacted by generative AI. We’ll finish up with my Product of the Week, a custom-built track car that is street legal: the BAC Mono.
The Greatest Security Risk
We frequently get carried away with all the technology available to us to reduce breaches. The most frequent cause of a breach, however, is a person. This is true despite layer upon layer of security software to identify and fix breaches. The majority of problems, including identity theft, ransomware attacks, data theft, and a number of other problems, can be linked to someone who was tricked into giving information. that was used against them.
The industry talks about ongoing employee training, security drills and audits, and severe penalties, but none of these have had much of an impact because businesses don’t consistently and effectively put them into practice. I count security firms, especially their executives, in that category because they frequently act as though the regulations they helped draft don’t concern them.
I once performed security audits on a CEO who frequently boasted he knew more about security than anyone else in my division (at a company known for security). In just 10 minutes, I was able to access his most private documents, which were locked in a safe. By looking in his secretary’s unlocked drawer, which contained all the keys, rather than by using some top-secret James Bond hacking technology.
Since many years ago, human error has been the main and most frequent cause of some of our most painful security issues.
PC Security Solutions from HP
As HP’s security solution has just been launched, I’m writing this at the Amplify partner event. The best PC security program currently available is probably HP’s Wolf Security.
HP emphasized that the $8 trillion in revenue generated by the security sector is a small portion of the assets it guards. However, if you can’t stop a worker from acting foolishly, all of this technology is useless.
The HP technology includes VMs, BIOs, protection, and some of the most impressive security solutions I’ve ever seen, but that only addresses someone who accidentally misplaces or loses a pc\.; it doesn’t address an employee who voluntarily or accidentally violates their own protection.
One exception is HP Sure Click, which helps users avoid clicking on links they shouldn’t. Risky actions are contained in a virtual environment by Sure Click so that harm cannot be done if the damage escapes into another isolated VM. This work is very effective. But even though HP goes above and beyond what most do, it still falls short.
Examples of Why AI Security is Required
A CIO who was fired via email was one of the biggest issues I’ve ever covered. He was so furious that he used his credentials to reformat every hard drive belonging to his former company, effectively forcing them out of business. He was sued into poverty and spent time in jail, but those things didn’t help the business he shut down.
An attacker created a global email that was sent to every non-management employee in a different significant breach informing them that the company had been sold and that everything was in order. to receive their final checks, employees needed to provide their banking information. The attacker used stolen credentials with unchallenged access to the HR system of the company.
Before anyone thought to ask a manager about it, nearly all of the employees provided their information. The intruding servers were offline and the thieves had left by the time the effort was terminated.
Examples of successful exploits that would have gotten around HP’s Wolf Security are shown in these examples. One because there was no laptop involved in the physical breach, and the other because a phishing attack gave people access to and control over an HR system that Wolf Security was unable to protect.
I’m not picking on HP here because no tech company, including HP, has yet to resolve an employee-sourced issue successfully. However, the “yet” is where AI may come into play.
Rescue by AI: BlackBerry to Microsoft
Microsoft’s Security Copilot is initially focused on giving security professionals real-time information on existing and potential breaches so they can be quickly mitigated. It should contribute to resolving the ongoing issue of inadequate staffing and funding for security. Most of these generative AI initiatives initially have this goal in mind: to boost productivity and lighten the workload of employees.
However, the real promise of generative AI lies in its ability to learn from employee behavior and, by doing so, to mitigate it. BlackBerry’s Cylance division is the only business that has taken a decisive action against this employee exposure using older AI technology.
BlackBerry’s technology keeps an eye on staff members and will take action to block anyone behaving strangely, such as a service professional who suddenly starts downloading the company’s employee or product development files — a sign that an attacker was using their credentials.
The potential for growth and speed of generative AI is enormous. Massive models are used by generative AI to predict future behavior, identify employees who frequently break company rules (indicating they are more likely to act improperly), and recommend corrective action, such as recurrent automated training or termination, for those employees who are most likely to be the cause of a breach, removing potential issues before an event.
Now, before you get upset about the “termination” part, understand that if these employees do cause a breach, the remedies include not only termination but also financial costs to the employee or even jail time depending on the type and severity of the breach. Therefore, even for the fired employee, this remedy is preferable to what would have most likely happened in the absence of it.
Generative AI and the Future of Security: Final Thoughts
With BlackBerry as the pioneer and Microsoft’s most recent effort as the capstone, AI is being applied to security. As a result, our greatest security exposure people might be permanently removed. We will finally have the chance to reduce the one security issue that keeps biting us in the behind: ourselves, as generative AI and other future forms of AI advance into security.
As with other technologies, I anticipate IT will take some time to adopt these tools, and the preventable breaches that result will drastically alter many of our career opportunities and financial security.
AI will help protect not only our businesses but also the people we care about, including ourselves. Keep in mind that the elderly, who are the group most in need of this protection because of breaches like these, are frequently duped by criminals into giving up their retirement savings.
Only time will tell if AI security is implemented before this technology is turned against us. The use of AI is a tool; it is neither good nor evil. Regrettably, new technologies in cybersecurity are frequently used more quickly against us than for us.
Custom-built, street-legal track car named BAC Mono
Since we are discussing AI this week, two weeks ago, Nvidia held its GTC conference, where I saw Nvidia’s vision of a car that would be built to order based on your preferences and needs after being first created virtually.
A precursor to how the rest of the auto industry will develop is the BAC Mono car. BAC has developed a procedure that is similar to what Nvidia described using cutting-edge workstation tools from HP.
I miss my track car that I sold a few years ago. However, a track car is typically an old sports car or hot hatch that you drive on the track. These vehicles aren’t the best for the track because they are made for daily driving, and track-only vehicles need to be trailered.
Dedicated track vehicles that are also road-legal are uncommon, expensive, and have little room for customization. This last point can be altered by utilizing metaverse and VR technologies. The car can be more individually designed, built more quickly, virtual tested, and better equipped to pass the evolving rules for operating on public roads.
The BAC Mono isn’t cheap at $151,000, but on the track it will outperform supercars that cost much more. It is made to make cornering easier for you, and at a fraction of the cost, it will attract a crowd similar to what a supercar can.
Given that it only has one seat, it may not impress your date, but in most supercars, your date will lose interest as soon as she tries to get in without creating an unintended photo opportunity.
In addition, since this is a track car, you won’t be as inclined to act foolishly, which frequently seem to characterize supercar drivers (YouTube has thousands of videos of supercar drivers acting extravagantly foolish).
The BAC Mono is my Product of the Week because it not only represents how we’ll purchase automobiles in the future but also because I lust after one.