Organizational Cyber Security in times of Global Crisis: The AI Factor

Sometimes our organization has to lock up because of an external Global Crisis. It can be a Pandemic, extreme weather conditions like Hurricanes or Typhoons or Wars. Our IT maintenance, Cyber Security and Cyber Risk Management teams can not arrive at the offices, and must work from home.

Processes that are dependent on team work, structuring and maintenance of the physical environment and Face-to-Face meetings must be done differently. It can be SOC team monitoring and response, OT and Hardware hardening, distribution of physical identity means, inspection of 3rd party IT environment, Know Your Customer (KYC) and the more recent challenge of Know Your Employee (KYE), etc.

The Attackers exploit these circumstances to advance their malign activities and goals. During the first months and closures of COVID-19 we have seen them utilizing remote work for phishing of customers for fraudulent activities, spearphishing of workers identities to infiltrate organizational networks, impersonating to new employees, spoofing of Wi-Fi and VPN connections and much more.

Ransomware attacks have surged during the years to come. The attackers did not spare even health institutions. It took time until a significant improvement of remote connection capabilities and enhanced multi-national law enforcement efforts lowered the extent and success of the attackers.

Wars and natural disasters are a playground for state actors. In times of conflict, offensive cyber is a supportive effort to kinetic fighting. It is used to disrupt, delay and degrade capabilities and national infrastructure. Natural disasters are a 'fruitful' environment for cyber sabotage, malign influence and extraction of vital data.

Add to that the new conduct of kinetic targeting of IT infrastructure, and you find yourself in a very demanding riskful working environment. During Operation Epic Fury the Iranian made physical threats against data centers and offices of the major IT companies like Apple, Microsoft, Meta, Google, CISCO, HP, Oracle, Intel, etc. and carried out missile and drone attacks against some of these assets.

AI-based cyber security applications like the RESCANA tools can help organizations 'Mind the Gap' between less much needed real human interaction and physical presence in the defensive side and exploitation by the offensive one. It can be a major enabler to a remote risk-based security and holistic defence of IT assets. It is even more important to physically dependent OT industries like Telocos, Electricity companies, Manufacturing and Retail. This enabling of AI-based security applications may include:

1. Improved ability to flawlessly switch security services and support between different centers or subsidiaries of the organization.
2. Improved automation that supports reduction of manual activity in the Identification and Mitigation efforts.
3. Better scanning and remote support of hardware reduces the need for physical maintenance or improves guidance and problem solving of local technicians.
4. Much robust KYC and KYE background checks and reduction of false negative identification.
5. Better scanning of remote connections, for example home routers anomalies, to reduce threats to connectivity.
6. Improved security assurance, cyber hygiene and posture scanning processes like attack surface analysis, vulnerability management, ongoing security assessments and governance integration, that reduces the need for physical human interaction.
7. Advanced onboarding and engagement with Third Parties, which is a major vulnerability in times of forced remote activity.
8. Improved compliance scanning, identification of anomalies and reporting.

Bottom line, in times of a major physical crisis AI-based security solutions can support and advance solutions to the still much needed physical human interaction.