The buzzwords today are ChatGPT and Cyber-Security, but how IT Directors interpret the threat from Cyber-Security is the focus of this blog. Is it the general thought that having the latest solution resolves all threats?
We have all heard about viruses, malware, and even ransomware for a long time and have stories about how someone knows someone or has been affected by some malicious software.
So, with the advancement of the latest tooling, should we still be concerned about the threats of a cyber-security attack? Including if we should rely on AI to fend off a malicious attack.
Let us say AI can fend off an attack
and I know people already think that AI can beat off a malicious attack; Bad Actors have access to the same AI, so how does this scenario work? Is it then like a game of chess with an uncertain outcome?
A Bad Actor is better than most IT professionals at hacking simply because hacking is their focus. For example, if you focus on SQL Servers for a period, you will become good with SQL Servers. A Bad Actor also has the Dark Web to learn from, ask questions and use ransomware as a service tool.
It is still not a level playing field; the Bad Actor is often more prepared, stealing the advantage, as most IT departments are inundated with work, firefighting, and playing catch-up.
On the receiving end of attacks, the less experienced can panic and make bad choices, often not thinking quickly enough. OK, before you question your IT team, the chances are they have not been on the receiving end of many attacks, and they may not even be able to spot the recon stage of an attack. But, again, it is all about the experience.
Scanning the Dark Web is critical; pen-testing and a good understanding of the MITRE ATT@CK process, even an ethical hacker, is essential to understand your weak points and what a hacker could exploit.
Process and strategy are vital to your company’s survival, especially when the network parameters are stretched daily.
Is 24/7/365 Cyber-Monitoring the best defense to complement the most modern tools, with an entire Active Directory security solution looking for any signs of change which do not marry up to ‘normal?’
This is the introduction of a series of weekly blog posts where I will explain companies’ options and why they should be considered.