Beating staff burnout, the GPT-4 exploit, and NIST rebalancing

Welcome to CISO Corner. Dark Reading's weekly article digest is tailored specifically for security operations readers and security his leaders. Each week we bring you stories from across News Operations, The Edge, DR Technology, DR Global, and our Commentary section. We are committed to providing diverse perspectives to support the operationalization of cybersecurity strategies for leaders in organizations of all shapes and sizes.

This issue's CISO corner:

GPT-4 can exploit most vulnerabilities by simply reading the threat advisory

By Nate Nelson, Contributing Writer, Dark Reading

So far, attackers have only been able to squeeze more sophisticated phishing scams and some basic malware out of artificial intelligence (AI) and large-scale language model (LLM) tools. But that's about to change, according to a team of academics.

Researchers at the University of Illinois at Urbana-Champaign have demonstrated that GPT-4 can be used to automate the process of collecting threat advisories and exploiting vulnerabilities as soon as they are disclosed. In fact, research shows that GPT-4 was able to exploit 87% of vulnerabilities tested. Other models were less effective.

Although, AI technology is newIn response, the report advises that organizations must strengthen proven security best practices, especially patching, to protect against automated exploits enabled by AI. In the future, as adversaries deploy more advanced AI and LLM tools, security teams may consider using the same technology to defend their systems, the researchers added. The report notes that automating malware analysis is a promising use case example.

read more: GPT-4 can exploit most vulnerabilities by simply reading the threat advisory

Related: The first step to securing your AI/ML tools is finding them

Beating Security Burnout: Combining Leadership and Neuroscience

By Elizabeth Montalbano, Contributing Writer, Dark Reading

The widely reported burnout among cybersecurity professionals is only getting worse. First, there is increasing pressure on his CISO from all sides, including regulators, boards of directors, shareholders, and customers, to assume full responsibility for security across the organization with little control over budgets or priorities. to start. Corporate cybersecurity teams are becoming exhausted, forced to work long, stressful hours to prevent seemingly inevitable cyberattacks.

While it is widely acknowledged that stress and strain are keeping talent away from the cybersecurity profession, workable solutions are elusive.

Now, two experts trying to break what they call the “security fatigue cycle” say relying on neuroscience can help. Peter Coroneros, founder of Cyber ​​mindz, and Kayla Williams, her CISO at Devo, are uniting to advocate for more empathetic leadership based on a deeper understanding of mental health, and this year she will be attending the RSA Conference We plan to present their ideas in more detail.

For example, we've found that tools like the iRest (Integrative Restoration) attention training technique can help people under chronic stress break out of a “flight or flight” state and relax. This tool has been used by the US and Australian militaries for 40 years. iRest can also be a useful tool for exhausted cybersecurity teams, they say.

read more: Beating Security Burnout: Combining Leadership and Neuroscience

World: Cyber ​​operations intensify in the Middle East, with Israel becoming the main target

Robert Lemos, Contributing Writer, Dark Reading

The unraveling of the Middle East crisis continues to generate historic volumes of cyberattacks in support of military operations.

According to experts, there are two categories of active enemy groups. One is a nation-state threat actor operating as part of a military operation, and the other is a hacktivist group that attacks haphazardly based on opportunity and the victim's perception of the group's enemies.

The head of Israel's National Cyber ​​Command said Iranian and Hezbollah-affiliated groups were working “around the clock” to take down the country's networks.

Cybersecurity experts have warned that Israel must continue to prepare for destructive cyberattacks. Iran-Israel cyber conflict Escalate.

read more: Cyber ​​operations intensify in the Middle East, with Israel the main target

Related: Iranian-backed hackers send mass threats to Israelis

Cisco's complicated path to delivering on the promise of HyperShield

Robert Lemos, Contributor

Cisco's much-hyped announcement of its AI-powered cloud security platform Hypershield hit the buzzword and left industry watchers wondering how the tool would perform on that pitch.

Automated patching, detection and blocking of anomalous behavior, AI agents that maintain real-time security controls on any workload, and a new “digital twin” approach are all touted features of Hypershield.

David Holmes, principal analyst at Forrester Research, said the modern approach would “hopefully” be a big step forward.

John Ortisk, analyst emeritus at Enterprise Strategy Group, likened HyperShield's ambitions to developing driver-assistance features in a car: “It's all about how it fits together.”

Cisco Hypershield is scheduled to be released in August.

read more: Cisco's complicated path to delivering on the promise of HyperShield

Related: First wave of vulnerability remediation AI available to developers

NIST rebalancing: Why “recovery” alone is not enough

Commentary from Alex Janas, Commvault Field Chief Technology Officer

While NIST's new guidance on data security is an important basic overview, it falls short of providing best practices on how to recover after a cyberattack occurs.

Organizations now need to assume that they have been or will be compromised and plan accordingly. That advice is probably even more important than other elements of the new version. NIST frameworkThis explanation argues.

Companies must immediately work to address gaps in their cybersecurity preparedness and response strategies.

read more: NIST rebalance: Why “recovery” doesn’t hold up alone

Related: NIST Cybersecurity Framework 2.0: Four steps to get started

Three steps executives and boards can take to ensure cyber readiness

Comments from Chris Crummey, Director and Director, Cyber ​​Services, Sygnia

Working to develop an effective, tested incident response plan is the best thing executives can do to prepare their organizations for cyber incidents. Most critical mistakes occur during the initial “prime time” of cyber incident response, the commentary explains. This means that every member of the team has a clearly defined role, can work quickly on finding the best path forward, and, importantly, avoids making remediation errors that can derail recovery schedules. must be.

read more: Three steps executives and boards can take to ensure cyber readiness

Related: 7 things your ransomware response handbook may be missing

Rethink how you treat detection and response metrics

By Jeffrey Schwartz, Contributing Writer, Dark Reading

At the recent Black Hat Asia conference, Allyn Stott, senior staff engineer at Airbnb, challenged all security professionals to rethink the role metrics play in their organizations' threat detection and response.

Metrics drive performance improvements and help cybersecurity managers demonstrate how investments in detection and response programs help executives reduce business risk.

The most important metrics for Security Operations Center are: alert volumeexplained Stott. He added that looking back on his past work, he regrets how dependent he was on society. MITER ATT&CK Framework. He recommends incorporating other frameworks such as the SANS SABER framework and the Hunting Maturity Model.

read more: Rethink how you treat detection and response metrics

Related: SANS Institute research shows what frameworks, benchmarks, and techniques organizations are using to move towards security maturity