CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST

Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we'll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.

In This Issue of CISO Corner:

GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories

By Nate Nelson, Contributing Writer, Dark Reading

A slicker phishing lure and some basic malware was about all threat actors have been able to squeeze out of artificial intelligence (AI) and large language model (LLM) tools so far — but that's about to change, according to a team of academics.

Researchers at the University of Illinois Urbana-Champaign have demonstrated that by using GPT-4 they can automate the process of gathering threat advisories and exploiting vulnerabilities as soon as they are made public. In fact, GPT-4 was able to exploit 87% of vulnerabilities it was tested against, according to the research. Other models weren't as effective.

Although the AI technology is new, the report advises that in response, organizations should tighten up tried-and-true best security practices, particularly patching, to defend against automated exploits enabled by AI. Moving forward, as adversaries adopt more sophisticated AI and LLM tools, security teams might consider using the same technologies to defend their systems, the researchers added. The report pointed to automating malware analysis a promising use-case example.

Read more: GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories

Related: First Step in Securing AI/ML Tools Is Locating Them

Break Security Burnout: Combining Leadership With Neuroscience

By Elizabeth Montalbano, Contributing Writer, Dark Reading

Widely reported burnout among cybersecurity professionals is only getting worse. It starts at the top with pressure on CISOs mounting from all sides — regulators, boards, shareholders, and customers — to assume all the responsibility for an entire organization's security, without much control of budgeting or priorities. Wider enterprise cybersecurity teams are wearing down too under the weight of putting in long, stressful hours to prevent seemingly inevitable cyberattacks.

Certainly awareness of the stress and strain driving talent away from the cybersecurity profession is widely acknowledged, but workable solutions have been elusive.

Now two professionals looking to break what they call the "security fatigue cycle" say leaning on neuroscience can help. Peter Coroneros, founder of Cybermindz and Kayla Williams, CISO of Devo, have come together to advocate for more empathetic leadership informed by a better understanding of mental health, and will be presenting their ideas in more detail at this year's RSA Conference.

For example, they found tools like iRest (Integrative Restoration) attention training techniques, which have been used for 40 years by US and Australian militaries help people under chronic stress get out of the "flight-or-flight" state and relax. iRest could also be a useful tool for frazzled cybersecurity teams, they said.

Read more: Break Security Burnout: Combining Leadership With Neuroscience

Global: Cyber Operations Intensify in Middle East, With Israel the Main Target

By Robert Lemos, Contributing Writer, Dark Reading

The unraveling crisis in the Middle East continues to produce historic volumes of cyberattacks to support military operations.

There are two categories of adversary groups at work, according to experts — nation-state threat actors working as an arm of a military operation and hacktivist groups attacking willy-nilly based on opportunity and a victim's perceived proximity to the group's enemies.

Israel's National Cyber Directive boss said Iranian- and Hezbollah-affiliated groups have been trying to take down the country's networks "around the clock."

Cybersecurity experts warns Israel should prepare for destructive cyberattacks to continue as the Iran-Israel cyber conflict escalates.

Read more: Cyber Operations Intensify in Middle East, With Israel the Main Target

Related: Iran-Backed Hackers Blast Out Threatening Texts to Israelis

Cisco's Complex Road to Deliver on Its Hypershield Promise

By Robert Lemos, Contributing Writer

Cisco's big reveal of its AI-powered cloud security platform Hypershield was big on buzzwords and left industry watchers with questions about how the tool is going to deliver on its pitch.

Automated patching, anomalous behavior detection and blocking, AI-agents maintaining real-time security controls around every workload, and a new "digital twin" approach are all touted as Hypershield features.

The modern approach would be a major step forward "If they pull it off," David Holmes, a principal analyst with Forrester Research said.

Jon Oltisk, analyst emeritus at Enterprise Strategy Group, compared Hypershield's ambitions to the development of driver-assist features in cars, "The trick is how it comes together."

Cisco Hypershield is scheduled for release in August.

Read more: Cisco's Complex Road to Deliver on Its Hypershield Promise

Related: First Wave of Vulnerability-Fixing AIs Available for Developers

Rebalancing NIST: Why 'Recovery' Can't Stand Alone

Commentary By Alex Janas, Field Chief Technology Officer, Commvault

Although NIST's new guidance on data security is an important basic overview, but falls short on offering best practices for how to recover from a cyberattack once it's already happened.

Today, organizations need to assume they have been, or will be, breached and plan accordingly. That advice is perhaps even more important than the other elements of the new NIST framework, this commentary argues.

Companies should immediately work to address any gaps in cybersecurity preparedness and response playbooks.

Read more: Rebalancing NIST: Why 'Recovery' Can't Stand Alone

Related: NIST Cybersecurity Framework 2.0: 4 Steps to Get Started

3 Steps Executives and Boards Should Take to Ensure Cyber Readiness

Commentary By Chris Crummey, Director, Executive & Board Cyber Services, Sygnia

Working to develop an effective and tested incident response plan is the best thing executives can do to prepare their organization for a cyber incident. Most major mistakes happen in the first "golden hour" of a cyber incident response, the commentary explains. That means ensuring every member of the team has a well-defined role and can get to work quickly on finding the best path forward, and crucially, not making remediation errors that can upend recovery timelines.

Read more: 3 Steps Executives and Boards Should Take to Ensure Cyber Readiness

Related: 7 Things Your Ransomware Response Playbook Is Likely Missing

Rethinking How You Work With Detection and Response Metrics

By Jeffrey Schwartz, Contributing Writer, Dark Reading

During the recent Black Hat Asia conference Allyn Stott, senior staff engineer with Airbnb challenged every security professional to rethink the role metrics play in their organization's threat detection and response.

Metrics drive better performance and help cybersecurity managers demonstrate how detection and response program investment translates into less business risk to leadership.

The single most important security operations center metric: alert volume, Stott explained. He added looking back over his past work, he regrets how much he leaned on the MITRE ATT&CK framework. He recommends incorporating others including SANS SABRE framework and Hunting Maturity Model.

Read more: Rethinking How You Work With Detection and Response Metrics

Related: SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity