CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST

  /     /     /  
Publicated : 23/11/2024   Category : security


CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST


SecOps highlights this week include the executive role in cyber readiness; Ciscos Hypershield promise; and Middle East cyber ops heat up.



Welcome to CISO Corner, Dark Readings weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, well offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. Were committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.
GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories
Break Security Burnout: Combining Leadership With Neuroscience
Global: Cyber Operations Intensify in Middle East, With Israel the Main Target
Ciscos Complex Road to Deliver on Its Hypershield Promise
Rebalancing NIST: Why Recovery Cant Stand Alone
3 Steps Executives and Boards Should Take to Ensure Cyber Readiness
Rethinking How You Work With Detection and Response Metrics
By Nate Nelson, Contributing Writer, Dark Reading
A slicker phishing lure and some basic malware was about all threat actors have been able to squeeze out of artificial intelligence (AI) and large language model (LLM) tools so far — but thats about to change, according to a team of academics.
Researchers at the University of Illinois Urbana-Champaign have demonstrated that by using GPT-4 they can automate the process of gathering threat advisories and exploiting vulnerabilities as soon as they are made public. In fact, GPT-4 was able to exploit 87% of vulnerabilities it was tested against, according to the research. Other models werent as effective.
Although the
AI technology is new
, the report advises that in response, organizations should tighten up tried-and-true best security practices, particularly patching, to defend against automated exploits enabled by AI. Moving forward, as adversaries adopt more sophisticated AI and LLM tools, security teams might consider using the same technologies to defend their systems, the researchers added. The report pointed to automating malware analysis a promising use-case example.
Read more:
GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories
Related:
First Step in Securing AI/ML Tools Is Locating Them
By Elizabeth Montalbano, Contributing Writer, Dark Reading
Widely reported burnout among cybersecurity professionals is only getting worse. It starts at the top with pressure on CISOs mounting from all sides — regulators, boards, shareholders, and customers — to assume all the responsibility for an entire organizations security, without much control of budgeting or priorities. Wider enterprise cybersecurity teams are wearing down too under the weight of putting in long, stressful hours to prevent seemingly inevitable cyberattacks.
Certainly awareness of the stress and strain driving talent away from the cybersecurity profession is widely acknowledged, but workable solutions have been elusive.
Now two professionals looking to break what they call the security fatigue cycle say leaning on neuroscience can help. Peter Coroneros, founder of Cybermindz and Kayla Williams, CISO of Devo, have come together to advocate for more empathetic leadership informed by a better understanding of mental health, and will be presenting their ideas in more detail at this years RSA Conference.
For example, they found tools like iRest (Integrative Restoration) attention training techniques, which have been used for 40 years by US and Australian militaries help people under chronic stress get out of the flight-or-flight state and relax. iRest could also be a useful tool for frazzled cybersecurity teams, they said.
Read more:
Break Security Burnout: Combining Leadership With Neuroscience
By Robert Lemos, Contributing Writer, Dark Reading
The unraveling crisis in the Middle East continues to produce historic volumes of cyberattacks to support military operations.
There are two categories of adversary groups at work, according to experts — nation-state threat actors working as an arm of a military operation and hacktivist groups attacking willy-nilly based on opportunity and a victims perceived proximity to the groups enemies.
Israels National Cyber Directive boss said Iranian- and Hezbollah-affiliated groups have been trying to take down the countrys networks around the clock.
Cybersecurity experts warns Israel should prepare for destructive cyberattacks to continue as the
Iran-Israel cyber conflict
escalates.
Read more:
Cyber Operations Intensify in Middle East, With Israel the Main Target
Related:
Iran-Backed Hackers Blast Out Threatening Texts to Israelis
By Robert Lemos, Contributing Writer
Ciscos big reveal of its AI-powered cloud security platform Hypershield was big on buzzwords and left industry watchers with questions about how the tool is going to deliver on its pitch.
Automated patching, anomalous behavior detection and blocking, AI-agents maintaining real-time security controls around every workload, and a new digital twin approach are all touted as Hypershield features.
The modern approach would be a major step forward If they pull it off, David Holmes, a principal analyst with Forrester Research said.
Jon Oltisk, analyst emeritus at Enterprise Strategy Group, compared Hypershields ambitions to the development of driver-assist features in cars, The trick is how it comes together.
Cisco Hypershield is scheduled for release in August.
Read more:
Ciscos Complex Road to Deliver on Its Hypershield Promise
Related:
First Wave of Vulnerability-Fixing AIs Available for Developers
Commentary By Alex Janas, Field Chief Technology Officer, Commvault
Although NISTs new guidance on data security is an important basic overview, but falls short on offering best practices for how to recover from a cyberattack once its already happened.
Today, organizations need to assume they have been, or will be, breached and plan accordingly. That advice is perhaps even more important than the other elements of the new
NIST framework
, this commentary argues.
Companies should immediately work to address any gaps in cybersecurity preparedness and response playbooks.
Read more:
Rebalancing NIST: Why Recovery Cant Stand

Alone
Related:
NIST Cybersecurity Framework 2.0: 4 Steps to Get Started
Commentary By Chris Crummey, Director, Executive & Board Cyber Services, Sygnia
Working to develop an effective and tested incident response plan is the best thing executives can do to prepare their organization for a cyber incident. Most major mistakes happen in the first golden hour of a cyber incident response, the commentary explains. That means ensuring every member of the team has a well-defined role and can get to work quickly on finding the best path forward, and crucially, not making remediation errors that can upend recovery timelines.
Read more:
3 Steps Executives and Boards Should Take to Ensure Cyber Readiness
Related:
7 Things Your Ransomware Response Playbook Is Likely Missing
By Jeffrey Schwartz, Contributing Writer, Dark Reading
During the recent Black Hat Asia conference Allyn Stott, senior staff engineer with Airbnb challenged every security professional to rethink the role metrics play in their organizations threat detection and response.
Metrics drive better performance and help cybersecurity managers demonstrate how detection and response program investment translates into less business risk to leadership.
The single most important security operations center metric:
alert volume
, Stott explained. He added looking back over his past work, he regrets how much he leaned on the
MITRE ATT&CK framework
. He recommends incorporating others including SANS SABRE framework and Hunting Maturity Model.
Read more:

Rethinking How You Work With Detection and Response Metrics
Related:
SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST