Interview by J. Angelo Racoma
In this TNGlobal Q&A with Gaurav Keerthi, Head of Advisory and Emerging Business at Ensign InfoSecurity, we delve into the rapidly evolving landscape of Generative AI (GenAI) in the context of cybersecurity challenges and opportunities. With a unique perspective shaped by his experiences in both public and private sectors, Keerthi provides a nuanced understanding of GenAI’s dual role in cybersecurity. He highlights its transformative potential for enhancing defensive capabilities while simultaneously acknowledging the escalating threats posed by its misuse by attackers. Keerthi underscores the importance of understanding the technology at a fundamental level, including its inherent risks, to effectively harness its benefits and mitigate its dangers.
The conversation then shifts to the critical considerations organizations must address when integrating GenAI into their cybersecurity frameworks. Keerthi emphasizes the need for a balanced approach, where the benefits of GenAI are leveraged alongside a thorough understanding and mitigation of its associated risks. He advises organizations to carefully evaluate their GenAI usage strategies, particularly in relation to data privacy, ethical considerations, and the challenges of using cloud-based solutions.
Additionally, the discussion touches upon the unique vulnerabilities of sectors like healthcare and financial services in Singapore’s growing digital ecosystem. Keerthi also shares insights on the importance of understanding cybersecurity from an attacker’s viewpoint, which aids in developing more effective incident response strategies against advanced GenAI-based attacks.
Gaurav is the Head of Advisory and Emerging Business at Ensign InfoSecurity. His Advisory team helps organizations’
navigate complex cybersecurity risks in their digital transformation. In his Emerging Business role, he is exploring new transformative capabilities to serve a wider range of companies with cybersecurity protection.
Prior to joining Ensign, he was the Deputy Chief Executive of the Cyber Security Agency of Singapore and concurrently the Deputy Commissioner for Cybersecurity, where he led the development of national cyber defence capabilities, doctrines, concepts, and shaped key regulatory requirements. He also represented Singapore at the United Nations on cybersecurity matters.
Gaurav is a Brigadier General in the Republic of Singapore Air Force, and last served as the CIO and oversaw the cybersecurity of their warfighting systems and networks. Gaurav completed his undergraduate studies at Stanford University, and his graduate studies at Harvard University, where he was a recipient of the prestigious Littauer Award.
GenAI is undeniably one of the hottest emerging technologies right now, and it is not all hype. There is real substantive change happening. It is important to go beyond the beautiful pitch slides and understand the technology underlying it. I sometimes go as far as reading the research papers or patents that explain how the technology claims to work.
GenAI is helping the blue teams (the defenders) be better, but it is also helping the bad guys (the attackers) do more harm. GenAI is also a technology itself, and just like any technology, it has its own inherent risks and problems to grapple with.
For the defenders, GenAI is promising. Analysts are currently overwhelmed by information, and GenAI can augment them to be more efficient and effective in dealing with large volumes of data. GenAI tools are designed by cybersecurity solution providers to make their jobs easier, detecting threats better and responding rapidly to contain them. The exact nature of how GenAI is implemented to help defenders depends on the tool, the vendor, and the problem statement at hand.
Attackers are also using GenAI to gain the upper hand and do more harm. The most obvious example of this is in the generation of more realistic and tempting phishing attacks, whether through emails, fake websites or even sophisticated deep fake voice and video messages to trick unsuspecting victims. Given that phishing emails remain a significant way in which attackers gain access to systems, this trend represents a significant threat. Known attack codes can also be rewritten now to avoid detection. The threat from GenAI will only increase as threat groups start standardising their tactics and procedures, including self-evolving malware and attack variants.
Finally, GenAI itself is a tool, and has its own inherent risks, just like any other technology. There is also a high risk of data breach and identity theft, given all the personal and company information the generative AI tools have access to. The complex algorithms employed in generative AI apps make it difficult for developers to spot potential security risks, thereby introducing new vulnerabilities to the entire network. There have been numerous reports of individuals using “prompt injection” to get GenAI tools to perform actions that were supposedly disallowed.
GenAI is a double-edged sword. While it is important to introduce the productivity-enhancing opportunities of GenAI, it is equally critical to understand and mitigate the risks it will inevitably introduce. I generally advise organisations to take risks – but risks that they understand, have mitigated, and eventually accepted at the right level. Taking risks “blindly” is gambling with the organisation’s security.
Companies need to determine what they intend to allow their staff to use GenAI for. If employees are using it to process or write official documents, then the organisation must also be comfortable for this data to be made public, making the privacy of this information unimportant. If companies want to use GenAI but not rely on cloud-based public options, then the costs and technical challenges involved will be significantly higher. Are there security and data loss monitoring tools in place to prevent confidential data from being sent out? Are there personal data privacy concerns to take note of? If GenAI is being used to support certain decisions, are there ethical or business considerations to take note of? Every organisation needs a strategy that answers these questions (and more) before they embark on using GenAI internally.
It was once said “Why do people rob banks? Because that is where the money is.” In the digital context, hackers target large and lucrative data sources. FSIs (Financial Services, Insurance) have access to vast amounts of data, and are thus typically bigger targets. Our annual Cyber Threat Landscape Report shows that FSIs are at the top of the vulnerability tree consistently. Threat groups are continually interested in acquiring data and sensitive information from the sector for financial gain.
Healthcare also broke into the top five target sectors last year. Healthcare also has access to vast amounts of data and have large-scale technology estates constituting Internet of Things (IoT) and Operational Technology (OT), both of which have inherent challenges in cybersecurity risk management. Threat actors may be more inclined to target healthcare organisations because these organisations may be under tremendous pressure to pay off the ransom quickly to resume their life-saving business operations immediately.
Cybersecurity is perhaps the only domain where you have both competitors and adversaries – and that dynamic competition (not just against other cybersecurity vendors, but more importantly against the attacker) is something that keeps us on our toes. As such, it is critical to know who you are up against. Ensign InfoSecurity prides ourselves on taking a Threat-Informed Defence approach to cybersecurity. Cyber threat groups are ever-evolving and keeping tabs with their attack patterns can help organisations secure defences and develop response plans.
We believe that we are serving a public mission, and thus we publish our Cyber Threat Landscape Report annually, where we unveil detailed analysis of sectors, geographies, attackers, and data insights that are important for companies to know. We look at five major territories in APAC – Hong Kong, Singapore, South Korea, Indonesia, and Malaysia to determine which sectors are the most vulnerable and the types of attacks they face. This information is crucial in preparation of adequate measures and eventually combatting cyber threats.
I believe that good cybersecurity advisors operate like the Formula 1 racing team engineers – our goal is to help you win the race, and the objective of the safety systems of the car is to give the driver the confidence to drive faster, turn sharper, and ultimately win. The safety systems should not be the reason you lose the race. Likewise, our goal is to help customers make the most of digital technology – with the confidence that they will be able to do so securely and navigate those risks with our support.
While every organisation is different, there are some practical and simple steps that can be taken to dramatically reduce the risks of a cyber breach. Very broadly, you should start by knowing your own assets – what are the software, hardware, and data that your organisation needs to protect most? Simple cyber hygiene measures like enforcing multi-factor authentication, patching software in a timely fashion, using some form of malware protection, and backing up your data are all practical steps that can immediately help protect the company against most threats. Finally, train your people on how to use their systems securely, and how to respond to incidents – because people are your first and last line of defence.
Cyber threats, especially those powered by GenAI, transcend national borders. Attackers can originate from one country, target assets in another, and route their attacks through multiple jurisdictions. There is a definite need for international collaboration. Sharing of threat intelligence can lead to early detection and mitigation of threats. We are still at the early stages of this conversation for GenAI, but increasingly I am seeing this topic at conferences. I recently hosted a conversation with policy and business leaders at GovWare 2023 on this.
Different countries also have access to different levels of resources and competencies. Sharing resources and technologies can help boost individual national capabilities. A developing nation could always use help from developed ones and could thus respond to threats immediately. International cooperation can help build capacity by sharing knowledge and providing technical assistance. International cooperation can help build capacity by sharing knowledge and providing technical assistance. Collaboration on AI research and its applications, including GenAI, can help ensure that the technology is developed responsibly and with security in mind.
Every company employs emerging technologies in unique ways to achieve different benefits. In my personal perspectives, our team must invest time with the customer to understand their needs, their challenges, and their goals before we start to propose strategies and ways which they can manage the cyber risks. The best outcomes have always been where our team and theirs are aligned, allowing us to support them to “win the race” analogy, much like in Formula 1.
It will be a cat-and-mouse game between defenders and attackers in the use of GenAI. Vigilant and agile organisations should, however, be able to stay ahead.
This interview was first published on TNGlobal. You may find it here: https://technode.global/2023/11/24/ensign-infosecuritys-gaurav-keerthi-on-the-future-of-cyber-defense-and-offense-in-the-genai-era-qa/