Refreshing your Zero Trust strategy in the age of AI

Feb. 16, 2024
With the recent mass proliferation of AI technology, security concerns and threats have increased.

Artificial Intelligence is quickly transforming the way we work and create, across all industries – streamlining tasks from research, brainstorming, and reporting to kickstarting content creation. Employees across all sectors are now turning towards AI to get the job done – with a reported 61% of the workforce now leveraging Generative AI tools.

Beyond improving employees’ workflows, hackers and bad actors are also increasingly leveraging AI technology to carry out sophisticated attacks – with Google Cloud forecasting in their 2024 Cybersecurity Report that Generative AI and large language models (LLMs) will be increasingly used in phishing, SMS, and other social engineering operations to make the content and material (including voice and video) appear more legitimate.

With the recent mass proliferation of AI technology, security concerns and threats have increased, requiring the immediate action of CISOs, SecOps, and CTI teams. To ensure that their workspaces and devices are secure from AI threats, organizations should prioritize refreshing their Zero Trust strategy in 2024 – tightening access and data controls to mitigate potential vulnerabilities.

Below are a few tips for security and IT leaders, to rethink their Zero Trust model this year:

Carry Out a Detailed Risk Assessment: Before implementing a new Zero Trust strategy, it’s crucial that security teams gain a full understanding of their current data environment and potential vulnerabilities. Organizations should conduct a highly detailed risk assessment across their entire IT environment.

It is vital that the foundational principles of Zero Trust guide this assessment, including user verification, least privilege, access control to data and actions, and assume breach. This process will paint a clearer picture of where data is stored (including unused or ‘dark’ data such as employee records, activity logs, and deleted documents), who can access it, and how it is classified.

However, many security teams face road blocks in conducting in-depth risk assessments – citing time commitment and lack of internal expertise as some of their top challenges in carrying out this process. To complete this step as efficiently as possible, security teams can employ specialized risk assessment software designed for this process, so security analysts do not have to do this manually.

With a deeper understanding of current access controls and areas of risk, CISOs and security teams can use these insights to construct a more comprehensive and customized Zero Trust architecture to protect against AI-powered threats.

Gain a Full Range of Perspectives: Establishing a Zero Trust framework that protects all individuals from threats involves including a wide range of employees in the planning process. As building this strategy is often a C-Suite initiative, CISOs should consider how these policies will directly affect the workflows and security controls for all individuals. All levels of employee – from CISO to SOC analyst, engineer and IT specialist – should be involved in building an organization’s Zero Trust strategy.

Armed with this full range of perspectives – early on in the planning process – CISOs will be better prepared to meet the highly specific needs of their organization’s security environment, rather than applying a one size fits all strategy that may unintentionally create gaps in their data security.

Automate Threat Detection: When devising a Zero Trust strategy, upleveling threat intelligence should be a cornerstone. AI-powered tools can be employed to bolster Zero Trust security – automating threat intelligence, detection and response and delivering real time insights.

Remember, Zero Trust aligns with how modern digital enterprises operate. There is no fixed perimeter with the ‘enemy’ outside – the IT environment and users are flexible, hybrid, and dynamic, and attackers should be assumed to be already inside alongside legitimate users.

As one third of breaches go undetected by organizations – only identified down the line when the damage has already been done – employing AI to streamline threat detection is critical to enhancing Zero Trust architecture. These tools can monitor network traffic, user behavior, and security telemetry for signs of anomalous activity or matches to known indicators of attack. With the power to continuously scan the entire IT environment for risk – on a much larger scale – organizations can enhance their overall security posture more efficiently to support Zero Trust.

Automated threat intelligence tools – like Anomali’s ThreatStream – can equip organizations with accurate threat data for crafting proactive and responsive security strategies, drive preparedness and resilience, and continuously provide a wealth of data surrounding potential vulnerabilities within a network.

As all information flowing through the IT environment is considered threatening in a Zero Trust environment, automated intelligence tools not only remediate threat – but can also help upskill employees on how they should identify and respond to potential threats on an ongoing basis.

Cyberthreats continue to evolve every day and are increasingly fueled by AI. In response, organizations must act now to refresh their Zero trust strategy – automating threat intelligence, closely assessing risk, and considering all employees’ viewpoints to maximize effectiveness. In 2024, it’s no longer enough to manually manage access control and data security when implementing Zero Trust – organizations and CISOs across all sectors must adopt an AI-forward, comprehensive approach to this architecture, to stay one step ahead of evolving threats.

Steve Benton is Vice President of Threat Research and General Manager, Belfast, at Anomali – a leader in modernizing and scaling security operations. His experience in cybersecurity spans three decades including 18 years at BT, one of the world’s leading communications companies, where he served as Deputy CISO and CSO. An industry security expert, he’s a contributing member of the Cyber Defenders Council, Fellow of the Chartered Institute of Information Security and advisor to the i4 C level community.