3 Ways to Stop Unauthorized Code From Running in Your Network
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
COMMENTARY
It's no surprise that the evolution of artificial intelligence (AI) — and its risks and benefits — dominated headlines coming out of Black Hat in August. According to Deloitte, more than 50% of organizations plan to incorporate AI and automation technologies in 2023. One thing that needs to be watched very closely, however, is the development of code using AI tools. Many organizations are turning to AI-developed code as the new frontier, but they must put a checks-and-balances system in place to prevent unauthorized code from running in their networks.
Malicious code is evolving quickly and wreaking havoc on organizations. Without the right precautionary guardrails in place, major cybersecurity risks related to malicious code developed by AI tools will continue to rise. There are three actionable steps that CISOs and business leaders need to take to prevent unauthorized code from running in their networks.
Secure Code-Signing Certificates Are Required, Not a "Nice to Have"
Code signing has protected businesses for decades, but cybercriminals are increasingly stealing, forging, or leveraging vulnerabilities through insecure code-signing processes. Without precautions in place, network data and infrastructures can be compromised. Traditional code signing is no longer sufficient to protect an organization's tools, especially when AI is involved.
Coders are no longer developing and releasing code only in the CI/CD pipeline. Code is coming from outside the organization, and it is increasingly developed in generative AI tools. Organizations must prevent any code from running that has not been vouched for with a secure code-signing certificate to guarantee its legitimacy. Doing so removes a giant piece of the attack surface and makes it an implementable and scalable process for the future.
Security Architectures Must Be Self-Replicating
In the cloud-native world we're living in, the pieces of an organization's security puzzle that used to run in data centers are now running everywhere from the cloud to containers and within customers' networks. That security architecture needs to be built in a self-replicating way to keep up with the speed of change in the threat landscape. Organizations need to have visibility into their networks so they can see — and control — all activity, permissions, and usage habits efficiently. When this is the case, security teams have visibility into all this activity and can have appropriate policies in place for the code to be safely used and observed locally.
Even if your organization isn't specifically building and deploying software to customers, you probably have internal coders delivering scripts to automate critical IT operations, which involves sensitive code. Ask the following questions to ensure all code used in your organization is safe and authorized:
Who in your organization is signing code?
Where are private code-signing keys stored?
What software is being signed?
Align on the Owner of Safe Code Deployment
For the most part, the software's author signs the code to ensure it is authorized and not developed by unauthorized AI tools. Historically, information security teams were the keepers of code signing, but since the inception of DevOps teams, it's nearly impossible for one central group to keep up with the demand from hundreds or thousands of developers within a company. It's important that organizations align on who the owner of safe code deployment is — between security, IT, and developer teams — so that there is no confusion.
A lack of visibility and ownership can leave organizations at risk of cybercriminals manipulating code. As security and business leaders plan for 2024, consider the necessary precautions and tools to ensure only authorized code is running in your networks to avoid major cyber-risks next year.
About the Author
You May Also Like