Cyber IT Supervisory Forum eBook

Internal Use Only

Summary

 AI probably won’t fundamentally change the game, but… ‒ Need to get smart on how AI is embedded in your org (and your products) ‒ Keep tabs on developments ‒ Probe claims about use of AI/ML in cyber products/services  Ransomware is still a serious risk, apply best practices as appropriate  Nation state actors are a wild card ‒ Not clear if targeting financial sector, but don’t assume you’re off the hook ‒ Follow best practices and keep up on emerging tradecraft ‒ Focus on resiliency measures  You will need to make decisions about QC risks: not deciding is a decision!

29

© 2024 THE MITRE CORPORATION. ALL RIGHTS RESERVED. APPROVED FOR PUBLIC RELEASE. DISTRIBUTION UNLIMITED 23-01698-01.

Internal Use Only

References (1)  [1] NIST Identifies Types of Cyberattacks That Manipulate Behavior of AI Systems | NIST  [2] https://www.crowdstrike.com/cybersecurity-101/cyberattacks/ai-powered-cyberattacks/  [3] https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat  [4] https://www.fbi.gov/contact-us/field-offices/sanfrancisco/news/fbi-warns-of-increasing-threat-of-cyber criminals-utilizing-artificial-intelligence  [5] https://www.microsoft.com/en-us/security/business/security-101/what-is-ai-for-cybersecurity  [6] https://www.cybernx.com/b-the-role-of-ai-in-cybersecurity-benefits-and-limitations  [7] https://www.ncsc.gov.uk/guidance/ai-and-cyber-security-what-you-need-to-know#section_4  [8] https://www.techtarget.com/searchsecurity/feature/Top-10-ransomware-targets-in-2021-and-beyond  [9] https://www.sophos.com/en-us/content/state-of-ransomware  [10] https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2023/3676-2023 annual-threat-assessment-of-the-u-s-intelligence-community  [11] https://www.cisa.gov/news-events/news/opening-statement-cisa-director-jen-easterly

30

© 2024 THE MITRE CORPORATION. ALL RIGHTS RESERVED. APPROVED FOR PUBLIC RELEASE. DISTRIBUTION UNLIMITED 23-01698-01.