Cyber-risk management: Key takeaways from Black Hat 2024

1. The emergence of AI-related risk

With the recent popularity of artificial intelligence, organizations are aggressively exploring or adopting AI -- including machine learning and generative AI (GenAI) -- for a potential competitive advantage to their business. In fact, recent research from TechTarget's Enterprise Strategy Group showed GenAI initiatives are one of the top IT investments for 2024. Like cloud computing, this wave of new technology is coming at us fast and is being embraced broadly by organizations.

While GenAI and specifically the use of large language models (LLMs) can provide tremendous efficiencies for organizations -- such as supercharging previously manual, mundane back-office tasks, increasing developer productivity and automating externally facing customer interactions -- the technology comes with its own set of risks that need to be addressed immediately.

Similar to the disruption with cloud environments a number of years ago, GenAI adoption and the use of LLMs is poised to spur innovation. However, this creates an additional attack surface that requires continuous visibility and security controls to provide protection against unauthorized use, tampering and attacks. Without this protection, this new attack surface can rapidly proliferate, exposing organizations to attack.

When implementing any new technology, security teams need to consider the implications of potential risk exposure these additional attack surfaces present. Ensuring all attack surfaces are secure and compliant is a no-brainer but should be paramount, particularly in industries like financial services and healthcare.

Fortunately, a number of security vendors, including Apiiro, Cequence Security, Orca Security, Qualys and Wiz, announced AI-related security capabilities just prior to and during the Black Hat conference that will enable security teams to address and protect this emerging attack surface. These include the following:

• Discovery capabilities that provide visibility of GenAI and LLMs workloads in the environment.
• Acting as guardrails by ensuring developers use organization-approved and vetted LLMs.
• Posture enforcement ensuring LLMs adhere to compliance and data protection standards.
• Evaluating LLM models for attacks such as prompt injection, sensitive information disclosure and model theft.

2. Advancements enabling security teams to more easily address security fundamentals

Despite often having a myriad of security tools and processes in place, security teams continue to struggle with security fundamentals. Our research indicated that security teams are challenged with having an accurate view of assets and attack surfaces, continuous vulnerability assessments, more frequent pen-testing/red-teaming exercises and effectively managing cyber-risk posture. The research showed almost two-thirds (62%) of organizations said their attack surfaces have expanded over the past two years. This growth is fueled by the adoption of newer technologies, such as cloud-native environments, which has led to asset sprawl across organizations.

According to the research, security teams still use a combination of spreadsheets and data stored across multiple siloed systems. For most organizations, this comes down to a data problem where asset inventory data, visibility of attack surfaces, vulnerability scan results, exploitable vulnerabilities and business context of assets and applications are not up to date. Also, the data might be inconsistent, not deduplicated and not integrated. This leaves security teams with an incomplete and outdated view of which assets to patch first and which vulnerabilities to prioritize.

The good news is that security vendors, including GreyNoise Intelligence, Orca Security, Rapid7, Sevco Security and Splunk, have recently announced new capabilities and integrations that address these pain points:

Some of the security and compliance updates include the following:

• Real-time vulnerability exploit insights for more effective vulnerability prioritization.
• Enhanced cloud detection and response capabilities that include risk prioritization.
• Integrated asset and attack surface management capabilities.

While these features might not be as exciting as learning about the latest hacking methods, they help arm teams to protect their organizations. These product updates also represent valuable progress on behalf of security vendors by bridging previously siloed data and making it easier for security teams to better manage constantly changing assets and attack surfaces, mitigate vulnerability remediation and address overall risk exposure.

The updates should come as welcome news to security teams trying to accomplish security fundamentals more effectively and to address their organization's overall risk exposure.

David Vance is a senior analyst covering risk and vulnerability management for TechTarget's Enterprise Strategy Group. He has more than 25 years of IT and cybersecurity experience helping clients be more successful in the market.

Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.