Will Cloud AI Create Your Next Security Crisis?
The infrastructure that underpins today’s businesses is unrecognisable from even a few months ago. Underpinning this evolution is Cloud and AI with the development team running at full speed creating and deploying new applications that reshape operations, enhancing scalability, flexibility, and scraping cost savings where it can. For security professionals working to secure these shifting environments, it’s like trying to catch smoke. What is secure today may move, morph or even disappear entirely.
Will cloud AI create a security crisis in your organisation?
The marriage of Cloud and AI
Let’s not kid ourselves – every organisation, planned or unplanned, has migrated to the cloud with AI intertwined as each enhances the others capabilities. For some, it has left those tasked with securing this infrastructure out of the loop.
A recent commissioned report with Tenable Cloud Security and Osterman Research found that 80% of organisations don’t have a security team dedicated to protecting the cloud and most, 84%, are only at an entry-level with cloud capabilities, meaning they’re taking ad-hoc or opportunistic reactive approaches to cloud security.
According to recent Tenable Research, during a 75-day period between late June and early September (2024), Tenable found over 9 million instances of AI applications on more than 1 million hosts. If history has taught us anything, it’s that stopping individuals using technology that helps with productivity and efficiency is a losing battle.
Cloud and AI are undeniable game changers for businesses, however both introduce complex cyber risks when combined.
AI powered cyberthreats
Attackers are actively seeking to compromise AI models, manipulating their input data and the outputs they produce, exposing sensitive information and causing models to behave in undesirable ways. Taking advantage of overprivileged identities, exposed storage buckets, lack of auditing and lack of encryption are just some of the misconfigurations that open the door to such compromise. In addition, training and testing data is an attractive target for misuse and exploitation, as they may contain real information such as intellectual property, personal information (PI), personally identifiable information (PII) or customer data related to the nature of the AI project.
Threat actors are not just targeting AI but also harnessing it. Reports confirm that they have a number of powerful tools at their disposal, including AI-driven virtual assistants that can streamline and amplify their attacks. So far this year, there have been reports of threat actors harnessing AI to write malware for ransomware attacks. In fact FunkSec, according to CheckPoint, is one such group that is believed to use AI-assisted malware development. The danger is that this could see inexperienced actors able to spin up and refine tools quickly to launch their own criminal escapades.
AI powered defences
AI can be used to search for patterns, for the team to inspect what is happening within the organisation’s infrastructure and explain results in the simplest language possible. This can help the security team know what is important, the attack paths that could be travelled should a threat actor gain access, and where to best prioritise efforts to shut off these paths to reduce
cyber risk. Solutions such as data security posture management (DSPM) and AI security posture management (AI-SPM) are becoming integral to many organisations.
In order to gain robust protection, organisations need DSPM and AI-SPM to pinpoint their valuable data and AI resources and cloud security solutions to build a secure vault around them.
Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organisations to achieve responsible AI innovation.
Security leaders have the mandate and power to enable AI for their organisations, at minimal risk. It’s a perfect time, at this early stage, to implement solutions and security best practices that turn AI aspirations into secure business benefits.
