SANS Institute - Experts & Thought Leaders

HackerOne, the pioneer in human-powered security, revealed data that found 48% of security professionals believe AI is the most significant security risk to their organisation. Ahead of the launch of its annual Hacker-Powered Security Report, HackerOne revealed early findings, which include data from a survey of 500 security professionals. Review of AI implementations AI red teaming offers this type of external review through the global security researcher community When it comes to AI, respondents were most concerned with the leaking of training data (35%), unauthorised usage of AI within their organisations (33%), and the hacking of AI models by outsiders (32%).  When asked about handling the challenges that AI safety and security issues present, 68% said that an external and unbiased review of AI implementations is the most effective way to identify AI safety and security issues. AI red teaming offers this type of external review through the global security researcher community, who help to safeguard AI models from risks, biases, malicious exploits, and harmful outputs. AI security and safety best practices “While we’re still reaching industry consensus around AI security and safety best practices, there are some clear tactics where organisations have found success,” said Michiel Prins, co-founder at HackerOne. “Anthropic, Adobe, Snap, and other pioneering organisations all trust the global security researcher community to give expert third-party perspective on their AI deployments.” Impact of AI on cybersecurity Further research from a HackerOne-sponsored SANS Institute report studied the impact of AI Further research from a HackerOne-sponsored SANS Institute report explored the impact of AI on cybersecurity and found that over half (58%) of respondents predict AI may contribute to an “arms race” between the tactics and techniques used by security teams and cyber criminals.  The research also found optimism around the use of AI for security team productivity, with 71% reporting satisfaction from implementing AI to automate tedious tasks. However, respondents believed AI productivity gains have benefitted adversaries and were most concerned with AI-powered phishing campaigns (79%) and automated vulnerability exploitation (74%). Best applications for AI “Security teams must find the best applications for AI to keep up with adversaries while also considering its existing limitations — or risk creating more work for themselves,” said Matt Bromiley, Analyst at The SANS Institute. “Our research suggests AI should be viewed as an enabler, rather than a threat to jobs. Automating routine tasks empowers security teams to focus on more strategic activities.” Deeper vulnerability insights HackerOne’s AI-powered co-pilot Hai continues to free up time for security teams by automating tasks HackerOne’s AI-powered co-pilot Hai continues to free up time for security teams by automating tasks and offering deeper vulnerability insights. These benefits drive Hai’s adoption, which has grown 150% since launch and saves security teams an average of five hours of work per week. AI-focused products also continue to drive HackerOne’s business, with AI Red Teaming growing 200% quarter over quarter in Q2 and a 171% increase in security programs adding AI assets into scope. Survey of security professionals Test the AI risk readiness with this interactive quiz and read the full SANS AI 2024 Survey and methodology. The full Hacker-Powered Security Report will be released this fall. The survey of security professionals was conducted by Opinion Matters and surveyed 500 security professionals across the US and Europe. The survey was conducted between July 31, 2024, and August 6th, 2024.

The National Cyber Security Centre (NCSC) and The SANS Institute have announced details of the fourth edition of CyberThreat, a technical and interactive Summit which will be hosted in-person at the Novotel London West, Hammersmith, London, and available virtually on Monday 20th and Tuesday 21st November 2023.  CyberThreat 2023 One of the largest cyber security conferences in the UK, CyberThreat 2023 will bring together the global cybersecurity community for exclusive keynotes and talks from pioneering industry experts, challenges to test and hone skills including a Capture the Flag (CTF) and hackathons, and opportunities for knowledge and experience sharing with industry peers. The event is a vital chance for participants to collaborate and network with some of the best minds in cyber security. CyberThreat 2022 CyberThreat has also been host to presentations by Google Cloud, Bank of England, PwC, MITRE, and Microsoft The previous CyberThreat conference featured industry-pioneering keynote speakers, which included Yevheniia Volivnyk and Yevhen Bryksin, Chief and Deputy Chief respectively of the Computer Emergency Response Team of Ukraine (CERT-UA), Viktor Zhora, Deputy Chairman and Chief Digital Transformation Officer for The State Service of Special Communication and Information Protection of Ukraine, and Gordon Corera, Security Correspondent, BBC News. CyberThreat has also been host to presentations by many major organisations including Google Cloud, Bank of England, PwC, MITRE, and Microsoft. Event registration Through the partnership with NCSC, several delegate places will be made available to public sector employees free of charge. The conference is also an opportunity for UK schools to attend and experience what CyberThreat has to offer. Sign up for the event on the SANS website. Complimentary and discounted tickets are also up for grabs for the winners of unique pre-registration online challenges and, at the event, there will be further opportunities to win, including a free SANS course for the CTF winners.  Cyber security event By sharing cutting-edge techniques and new solutions to ongoing problems, we will be best equipped" James Lyne, CTO at SANS, said, "CyberThreat is the pioneering UK cyber security event for both public and private worlds, providing a unique opportunity for professionals and practitioners to share their experiences, acquire new technical skills and learn from world-class experts."   “As technology advances and becomes even more embedded into our lives, the threat landscape scales to the same degree. Cybercriminals are employing novel and intuitive techniques, often creating truly sophisticated and impressive schemes. By sharing cutting-edge techniques and new solutions to ongoing problems, we will be best equipped to tackle these threats together as a community."  Discuss, debate, and demonstrate innovation Paul Chichester, Director of Operations, NCSC said, “This year’s CyberThreat promises to be a great occasion which will see global pioneers in cyber security come together to discuss, debate, and demonstrate innovative solutions to overcome challenges facing the online world." “We’re looking forward to partnering with SANS to build on the successes of previous summits to ensure that the UK remains a world leader in cyber security innovation.”

Each year at RSA Conference, the SANS Institute provides an authoritative briefing on the most dangerous new attack techniques leveraged by modern-day attackers, including cyber criminals, nation-state actors, and more. The annual briefing brings together some of the best and brightest minds shaping SANS core curricula to discuss emerging threat actor Tactics, Techniques, and Procedures (TTPs), assess what they mean for the future, and guide organisations on how to prepare for them. 2023 keynote session The RSAC 2023 session, titled “The Five Most Dangerous New Attack Techniques” and moderated by SANS Technology Institute College President Ed Skoudis, featured four prominent SANS panelists to provide actionable insights that can help security leaders get (and stay) ahead of evolving threats.   Stephen Sims, SANS Fellow & Offensive Cyber Operations Curriculum Lead Attack Technique: Adversarial AI Attacks Organisations need to deploy an integrated defense-in-depth security model that provides layered protections This portion of the session highlighted how threat actors were manipulating AI tools to amplify the velocity of ransomware campaigns and identify zero-day vulnerabilities within complex software. From streamlining the malware coding process to democratising social engineering, adversarial AI has changed the game for attackers. In response, organisations need to deploy an integrated defense-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident-handling processes. Heather Mahalik, SANS Fellow, DFIR Curriculum Lead, and Senior Director of Digital Intelligence, Cellebrite Attack Technique: ChatGPT-Powered Social Engineering Attacks This portion of the session highlighted how AI-driven social engineering campaigns are hitting close to home. With the rise of ChatGPT, threat actors are now leveraging generative AI to exploit human risk targeting the vulnerabilities of individual employees to breach their wide organisation’s network, including their families.  This development means that everyone is now more easily attackable than ever, and all it takes is one wrong click on a malicious file to put not only an entire company at immediate risk but the victim’s livelihood as well. This widened attack surface requires organisations to foster a culture of cyber vigilance across every fabric of their enterprise to ensure employees are cognizant of ChatGPT-related attacks. Dr. Johannes Ullrich, SANS Technology Institute College Dean of Research, Internet Storm Center (ISC) Founder Attack Technique: Third-party Developer Attacks For organisations, the attack underscored the criticality of effectively working in tandem with software developers This portion of the session highlighted the rise of targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain. It references the December 2022 LastPass breach, where a threat actor exploited third-party software vulnerabilities to bypass existing controls and access privileged environments. For organisations across sectors, the attack underscored the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence, and navigate evolving attack techniques. Katie Nickels, SANS Certified Instructor and Director of Intelligence, Red Canary Attack Technique: SEO Attacks & Paid Advertising Attacks This portion of the session highlighted the emergence of new Search Engine Optimisation (SEO) and advertising attacks leveraging fundamental marketing strategies to gain initial access to enterprise networks. In these instances, threat actors are exploiting SEO keywords and paid advertisements to trick victims into engaging spoofed websites, downloading malicious files, and allowing remote user access. These attacks signify proactiveness on behalf of malicious attackers, who are increasingly pivoting away from traditional attack techniques that have become easier to defend against. These two attack vectors heighten the importance of incorporating scalable user awareness training programmes tailored to new threats.