Security leaders worldwide are increasingly concerned about how the threat landscape will continue to evolve, particularly as technologies like AI lower the barrier to entry for expert and novice cybercriminals alike. That trepidation is no surprise, considering that 87% of organizations experienced one or more breaches in the past year.
In addition to cybercriminals advancing their tactics, security teams must also grapple with other challenges, ranging from changing compliance requirements to the ongoing cybersecurity talent shortage. While these hurdles aren't going away, there are numerous proactive steps security teams can take so that they feel as prepared and confident as possible for a potential breach.
One effective action security leaders should take is to host regular tabletop exercises to ensure everyone on the team, as well as key individuals in departments like legal and public relations who must be part of a crisis response, know who is responsible for taking what action when the inevitable occurs.
As security teams juggle an endless list of to-do items, activities like tabletop exercises (TTXs) can often take a backseat to more pressing priorities. However, TTXs are crucial tools for helping you find and close critical gaps in your incident response processes.
While many TTXs focus on the technical aspects of incident response, they also help your organization examine and plan for the nontechnical elements. For example, internal and external communication is typically required following a cyber incident, which is often an area enterprises overlook or don't plan adequately for.
TTXs can help businesses prepare for and think through processes to combat specific threats, such as those related to AI.
Last month, Fortinet participated in a TTX hosted by the Joint Cyber Defense Collaborative (JCDC), established by the Cybersecurity and Infrastructure Security Agency (CISA) to bring together cyber defenders from diverse organizations to gather, analyze, and share cyber risk information proactively. This recent two-day TTX focused specifically on an AI cybersecurity incident defined by CISA as "an occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of the AI system, any other system enabled or created by the AI system, or information stored on any of these systems, or the occurrence constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies." Participants engaged in a day-long exercise driving toward the following outcomes, per JCDC: "capturing information beyond conventional cybersecurity incidents to help identify information sharing opportunities, protocols for public-private engagement, and areas for operational collaboration on AI security incidents."
Attendees left with numerous lessons learned, all applicable to their incident response processes. For example, participants noted examples of helpful actions their teams can take ahead of time, including establishing clear protocols for incident reporting and escalation, incorporating AI-specific scenarios into regular TTXs, and enhancing collaboration between an enterprise's security practitioners and data scientists to help improve decision-making and response efforts during incidents involving AI.
As malicious actors evolve their efforts and the threat landscape grows more complex, organizations must be prepared to mitigate all types of risks. And while coordinating across departments within your organization is vital, defenders must also collaborate with and embrace public-private collaborations.
No single organization is completely aware of all the threats that exist. Threat intelligence often remains siloed. That's why collaborations like the recent JCDC AI TTX are so important: They offer public and private sector organizations the opportunity to come together and learn from one another, taking valuable insights back to their respective organizations to enhance cyber resiliency. Good vulnerability management and incident management are part of ensuring that software is secure by design.
At Fortinet, we regularly work across the public and private sectors to share knowledge and best practices across industries and enterprises. In addition to our broader work with JCDC, Fortinet contributes to NATO's annual Exercise Locked Shields, the world's largest and most complex international live-fire cyber-defense exercise. To support this effort, our FortiGuard Labs team provides guidance to ensure that the exercise's attack and defense scenarios represent situations that align with cyberattacks that organizations may encounter in real life. Fortinet is also an inaugural member of the World Economic Forum's AI and Cyber Initiative, where the FortiGuard Labs team offers insights on how attackers are using AI and how defenders can harness AI to guard against these emerging techniques.
We also partner with and contribute to efforts led by the MITRE Engenuity Center for Threat Informed Defense, NATO Industry Cyber Partnership, INTERPOL Gateway, the Cyber Threat Alliance, the World Economic Forum's Centre for Cybersecurity and its Partnership Against Cybercrime, and more.
Planning for the inevitable strengthens preparedness, particularly when we work across organizations and industries to deepen our understanding of all the existing and potential threats we may encounter. These collaborations help us gain a breadth of knowledge quickly, particularly as new technologies like AI evolve, which is vital to protecting every enterprise in today's fast-paced and ever-changing digital world.