Page 202 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 202

With the world’s first major act to regulate AI passed by the European Union in March 2024, as well as
            ongoing discussions between governments and global cybersecurity institutions about how to mitigate
            the risks of AI, organizations will need to respond and adapt to these changes or risk being left behind.

            This article aims to help cybersecurity professionals embrace AI to reshape the cybersecurity picture in
            their own organizations and stay one step ahead of cyber threats.



            The ever-evolving cyber landscape.

            Over the past year, a vast amount of new regulation has been published around cybersecurity, as well
            as guidance for organizations on how they can protect themselves against cyber attacks and threats.
            Most notably, the White House’s National Cyber Security Strategy from March 2023 developed legislation
            to make software developers liable for security. This was followed by an Implementation Plan to drive the
            development and adoption of software that is secure-by-design.

            From a global standpoint, the QUAD nations (Australia, India, Japan and the United States) introduced
            the  “Joint  Principles  for  Secure  Software”,  promoting  and  strengthening  a  culture  where  software  is
            secure by design and default.

            With the emergence of new technologies, such as machine learning and artificial intelligence, which are
            already having a significant impact on the cyber threat landscape, it is becoming increasingly important
            in every industry to ensure security is prioritized from the start of the development process.
            In the UK – following the first global AI Safety Summit in November 2023 – the National Cyber Security
            Centre  published  guidelines  to  mitigate  risks  in  AI  from  the  development  process  through  to  its
            deployment and operation, with an emphasis on secure design. This follows closely the publication of
            CISA’s secure-by-design principles last October.

            As greater significance is put on developing and designing secure software, it is crucial that companies
            take steps to create more secure and resilient systems through secure design and threat modeling. But
            what does this mean?



            Implementing AI and secure design

            To  combat  the  threat  posed  by  AI,  businesses  must  take  a  proactive  approach  in  how  they  create
            software. This means adopting a security-by-design approach, which involves identifying vulnerabilities
            in  code  and  assessing  and  mitigating  the  risks before  building  the  software.  In  this  way,  security  is
            integrated into a businesses’ capability from the get-go.

            This process should include adding steps like threat modeling when systems are designed, which will
            make a company far more resilient against a cyber threat. Threat modeling is the process of analyzing
            software for potential risks and determining the most effective ways to mitigate them and is fundamental
            to secure design.







                                                                                                            202
   197   198   199   200   201   202   203   204   205   206   207