日韩专区一中文字目一区二区,国产无遮挡色视频在线观看,日韩一区二区三区免费观看女同

生成式AI將顛覆網(wǎng)絡(luò)安全行業(yè)

SAGE LAZZARO

2023-12-31

Wipro首席技術(shù)官表示：“生成式AI使攻守雙方都變得更容易?！?

文本設(shè)置

小號(hào)

默認(rèn)

大號(hào)

Plus(0條)

在《財(cái)富》AI頭腦風(fēng)暴大會(huì)上，Wipro首席技術(shù)官蘇巴·塔塔瓦爾迪（左）和Check Point公司首席策略官伊泰·格林伯格談?wù)摿司W(wǎng)絡(luò)安全問題。圖片來源：DUY HO FOR FORTUNE

隨著網(wǎng)絡(luò)安全技術(shù)的發(fā)展，每一種新技術(shù)都會(huì)帶來新威脅，并創(chuàng)造出應(yīng)對(duì)這些威脅的工具。生成式人工智能也不例外。

近日，在舊金山召開的《財(cái)富》AI頭腦風(fēng)暴大會(huì)上，Wipro首席技術(shù)官蘇巴·塔塔瓦爾迪參加了專題討論會(huì)，主要探討了AI時(shí)代的網(wǎng)絡(luò)安全威脅。她表示：“生成式AI使攻守雙方都變得更容易?！?/p>

生成式AI讓網(wǎng)絡(luò)釣魚攻擊變得更加逼真，尤其是大語言模型創(chuàng)造了一個(gè)高度暴露的攻擊面。與此同時(shí)，有不法分子開始在暗網(wǎng)出售面向黑客的聊天機(jī)器人，類似于OpenAI旗下的ChatGPT，就像ChatGPT能快速回答問題或總結(jié)文本一樣，這些聊天機(jī)器人能快速發(fā)動(dòng)矢量攻擊。關(guān)于生成式AI對(duì)網(wǎng)絡(luò)安全的影響，尤其具有挑戰(zhàn)性的是，它能在極短的時(shí)間內(nèi)上市（包括黑市）。各行各業(yè)的公司現(xiàn)在都在爭相了解生成式AI支持的新型攻擊，并開發(fā)新防御工具，還要應(yīng)對(duì)這些工具的內(nèi)部應(yīng)用、政策以及合規(guī)等方面快速變化的挑戰(zhàn)。因此，首席信息安全官（CISO）這個(gè)職務(wù)正在發(fā)生翻天覆地的變化。

塔塔瓦爾迪表示：“我很同情現(xiàn)在的首席信息安全官。”她還表示，首席信息安全官職責(zé)的關(guān)鍵在于快速創(chuàng)新，包括要有自己的創(chuàng)新，而不只是使用市場上可用的技術(shù)。

與塔塔瓦爾迪同臺(tái)的還有Check Point首席策略官伊泰·格林伯格和安永（EY）全球AI創(chuàng)新負(fù)責(zé)人羅德里戈·曼德尼斯。他們?cè)谶@次戰(zhàn)略討論會(huì)上，共同探討了AI如何影響不斷變化的網(wǎng)絡(luò)安全環(huán)境。在談到生成式AI可能帶來的新威脅時(shí)，討論的熱點(diǎn)之一顯然是首席信息安全官的職責(zé)受到的影響，因?yàn)檫@會(huì)對(duì)網(wǎng)絡(luò)安全領(lǐng)域造成巨大沖擊。

曼德尼斯表示：“首席信息安全官的職責(zé)具有巨大的挑戰(zhàn)性，而且正在快速發(fā)生變化。我認(rèn)為，目前他們的職責(zé)是執(zhí)行現(xiàn)有的數(shù)據(jù)和保護(hù)政策，但如果他們要承擔(dān)起保護(hù)公司執(zhí)行的對(duì)話界面免受注入攻擊的責(zé)任，他們需要具備不同技能，要有一套尚未被開發(fā)出來的工具，而且這些工具大多數(shù)需要公司內(nèi)部自行開發(fā)?！?/p>

同樣，格林伯格表示，首席信息安全官應(yīng)該考慮他們要使用哪些工具，要向這些工具尤其是公共工具上傳哪些數(shù)據(jù)。其中還包括仔細(xì)設(shè)置護(hù)欄，例如規(guī)定哪些人可以從系統(tǒng)中刪除數(shù)據(jù)。

對(duì)于許多人而言，這與首席信息安全官以前的職責(zé)截然不同。以往，首席信息安全官的職責(zé)主要專注于技術(shù)層面，如IT外包等，但并不參與重大的政策決策。這一點(diǎn)引起了參與者的討論。他們討論了作為首席信息安全官面臨的日益增多的風(fēng)險(xiǎn)，而且他們猜測這個(gè)職位可能被一分為二，其中一個(gè)職位的職責(zé)偏向于運(yùn)營，另外一個(gè)則專注于治理。

數(shù)據(jù)安全與保護(hù)公司Commvault的羅斯·坎普在會(huì)上提到了一個(gè)事實(shí)，那就是首席信息安全官要因?yàn)樗麄儗?duì)公司遭受攻擊的處理方式，承擔(dān)個(gè)人刑事責(zé)任，他提出了我們是否應(yīng)該擔(dān)心短期內(nèi)首席信息安全官不足的問題。上個(gè)月，SolarWinds前首席信息安全官提摩西·布朗被美國證券交易委員會(huì)（the Securities and Exchange Commission）指控，未能披露已知安全風(fēng)險(xiǎn)構(gòu)成欺詐投資者的罪名，這些安全風(fēng)險(xiǎn)導(dǎo)致該公司遭遇了一次大規(guī)模供應(yīng)鏈攻擊。分析師和法律專業(yè)人士認(rèn)為，這種情況會(huì)變得非常普遍。

至于如何使用生成式AI應(yīng)對(duì)生成式AI攻擊，這項(xiàng)工作任重道遠(yuǎn)。但曼德尼斯表示，在2024年，網(wǎng)絡(luò)安全行業(yè)將會(huì)掀起一場開發(fā)解決方案的競爭。

曼德尼斯稱：“我認(rèn)為我們才剛剛開始看到，人們意識(shí)到攻擊向量會(huì)如何攻擊暴露在外的代理，這些攻擊會(huì)是什么形態(tài)，以及他們需要采取什么樣的商業(yè)解決方案。但我認(rèn)為我們還沒有到那一步。我想，我們正在盡快開發(fā)商業(yè)解決方案，并進(jìn)行評(píng)估和部署?！?/p>

格林伯格曾發(fā)表了許多與新型攻擊有關(guān)的觀點(diǎn)，例如新型網(wǎng)絡(luò)釣魚欺詐，以及FraudGPT等應(yīng)用的可用性等。他強(qiáng)調(diào)了采用多重防線的重要性，并警告不要相信任何一個(gè)工具能保證網(wǎng)絡(luò)安全。

他說道：“我認(rèn)為，重要的是我們要理解，僅靠一個(gè)系統(tǒng)或一款產(chǎn)品無法解決這個(gè)問題?！?/p>

譯者：劉進(jìn)龍

審校：汪皓

他說道：“我認(rèn)為，重要的是我們要理解，僅靠一個(gè)系統(tǒng)或一款產(chǎn)品無法解決這個(gè)問題。”

譯者：劉進(jìn)龍

審校：汪皓

As goes the cycle of cybersecurity, every new technology creates both a new landscape of threats and tools to defend against them. Generative AI is no exception.

“Gen AI makes things easier for both the defenders and the attackers,” said Subha Tatavarti, chief technology officer for Wipro, at a panel discussion focused on cybersecurity threats in the AI age at the Fortune Brainstorm AI conference in San Francisco this week.

Generative AI is making phishing attacks more convincing, and large language models in particular have created a massively exposed attack surface. At the same time, malicious actors are now selling hacker-targeted ChatGPT-like chatbots on the dark web that will spin up vector attacks as quickly as OpenAI’s product will answer questions or summarize text. But what’s especially challenging about the impact of generative AI on cybersecurity is the whiplash speed at which it’s hit the market (including the black market). Companies across sectors are now scrambling to not only understand emerging generative AI–enabled attacks and build new defense tools, but deal with fast-moving challenges regarding internal usage of these tools, policy, and compliance. As a result, the CISO (chief information security officer) role is being turned on its head.

“I feel for the CISOs of today,” said Tatavarti, adding that it’s going to be critical for CISOs to innovate quickly, including doing their own innovation beyond just what’s available on the market.

Tatavarti spoke alongside Check Point chief strategy officer Itai Greenberg and Rodrigo Madanes, global AI innovation leader at EY, during a strategy session exploring how AI is impacting the evolving cybersecurity landscape. Amid the discussion about new kinds of threats being made possible by generative AI, the impact on the CISO role was a clear touchpoint that’s having a massive impact.

“The CISO’s role is incredibly challenging and evolving quickly,” said Madanes. “I think right now what’s happening is that they have been enforcing existing policies on data and protection, but as they move into the realm of shouldering the responsibility of protecting injection against the conversational interfaces that are being deployed, that requires a different skill set, a different set of tools that haven’t even been developed, that are mostly homegrown right now.”

Similarly, Greenberg said CISOs should be thinking about what tools they’re using and what data they’re uploading to those tools, especially public tools. This also includes carefully laying out guardrails, including for who can remove data from these systems.

To many, this looks like a different kind of role from the CISOs of yesterday, which narrowed in more on the technical aspects, such as IT outsourcing, rather than making major policy decisions. This point inspired a lively discussion among the participants, who commented on the growing risks of being a CISO and speculation that the role may actually split into two—one more operational role, and one that’s more governance-oriented.

Pointing to the fact that CISOs are now being held personally criminally liable regarding their handling of attacks on their companies, one participant, Ross Camp from data security and protection firm Commvault, asked if we should be worried about a shortage of CISOs in the near future. Just last month, former SolarWinds CISO Timothy Brown was charged by the Securities and Exchange Commission for defrauding investors by failing to disclose known security risks that led to a massive supply-chain attack on the company—and analysts and law professionals believe this will become much more common.

In terms of how to fight generative AI attacks with generative AI, this is still a work in progress. But in 2024, Madanes said the industry will be off to the races to build solutions.

“I think we’re only starting to see people realize how the attack vectors that are going to come into agents that are exposed to the outside world—what shape those are going to have, and what are going to be the commercial solutions they need to put in place. But I don’t think we’re there yet,” Madanes said. “I think we’re rushing to build commercial solutions, assess them, and deploy them.”

Greenberg, who provided much of the insight into the new types of attacks forming, such as next-level phishing and the availability of applications like FraudGPT, advocated for the importance of multiple lines of defense and cautioned against believing any one tool can do the job.

“I think it’s important for us to understand that it’s not one system, not one product that can deal with this,” he said.

財(cái)富中文網(wǎng)所刊載內(nèi)容之知識(shí)產(chǎn)權(quán)為財(cái)富媒體知識(shí)產(chǎn)權(quán)有限公司及/或相關(guān)權(quán)利人專屬所有或持有。未經(jīng)許可，禁止進(jìn)行轉(zhuǎn)載、摘編、復(fù)制及建立鏡像等任何使用。

0條Plus

精彩評(píng)論

評(píng)論

撰寫或查看更多評(píng)論

請(qǐng)打開財(cái)富Plus APP

前往打開

熱讀文章

關(guān)注我們

生成式AI將顛覆網(wǎng)絡(luò)安全行業(yè)

撰寫或查看更多評(píng)論