PRINTABLE VERSION HERE

The IADS joined cybersecurity professionals from various retail businesses at the RH-ISAC conference hosted by Nestlé in Barcelona in April ‘23. RH-ISAC provides a trusted forum for its members in the retail, hospitality, and related industries to share cybersecurity threat intelligence, best practices, and mitigation strategies. IADS attended on behalf of its members in order to get a better understanding of what is happening in the space.

The two-day workshop was an occasion for industry leaders to share the latest information and challenges around the cybersecurity landscape. Retail experts discussed the latest cybersecurity trends and threats especially in regard to advancements in ChatGPT, AI, Machine Learning, as well as the importance of implementing fusion centres.

ChatGPT: Cybersecurity risks vs business opportunities

To kick off the workshop, an icebreaker question was raised: How will ChatGPT impact cybersecurity? The answers varied from opportunities to warnings. First of all, ChatGPT offers opportunities for the task force of a company, especially lower-level employees, that want to learn new skills and received AI assistance. However, its performance is not always perfect and has even been proven to adopt biases based on its training. And as ChatGPT is susceptible to the information it is fed; it can also be taught to be bad. Therefore, attackers have even more opportunities to automate or expand their attacks.

One cybersecurity expert brought up the point that ChatGPT is technically the new-gen Google or Facebook because when these platforms came around, users were openly sharing their private and sensitive information. Without thinking people share their location, post photos of themselves, and search for information that should be treated privately. ChatGPT users are doing the exact same thing, but now also including private company information. For example, a software engineer might copy and paste code into ChatGPT to ask it to fix any problems with it. But within the code, there could be proprietary or sensitive information.

The more the workforce relies on AI to complete their work, the harder it is for companies to control and ban its use. ChatGPT is not the only AI tool, as now there are various iterations of ChatGPT’s power thanks to the APIs that have been released by OpenAI. Banning all of these tools would be impossible for companies. Therefore, reactive organizations will need to create policies and promote best practices, while also reviewing NDAs (Non-disclosure agreements) with the teams to ensure there are no risks with the AI tools being used in terms of data breaches.

Despite the red flags, ChatGPT and generative AI technology should be seen as exciting opportunities that can be harnessed for the good of a company. There are ways that organizations can use these solutions to scale and automatize their business to create more efficient operations.

Maximizing cyber resilience with AI and Machine Learning

Ignasi Paredes-Oliva, Data Science Project Manager at Nestlé shared how he is using AI and Machine Learning (ML) to automate the company’s threat detection and response. ChatGPT is integrating itself in almost every business unit thanks to various solutions harnessing its technology. For example, Microsoft has introduced Security Copilot to respond to incidents faster using AI. AI is becoming so advanced that tools such as AutoGPT are even allowing users to give an objective to a machine that then runs fully autonomously to complete a task.

As such technology advances, it is important for companies to keep in mind that threat actors will increase as tech barriers decrease. Attackers will be better overall, especially in terms of effectiveness, automation, and scale. But from a defense perspective, companies can also use the same type of technology to empower themselves to better counterattacks.

Historically, threat detection has been set by static rules, past incidents, and user behaviour. So currently, companies are protected against known attacks, but AI can help defend against future types of attacks that have not been seen before.

Nestlé is experimenting with AI to be able to anticipate threats while also automating processes. One solution that has come up with is a machine that automatically categorizes incidents into low, medium, and high risk and then, therefore, assigns a task to it. For example, all low-risk incidents are closed automatically, medium-risk ones are sent to the 24/7 incident response team, and high-risk incidents are escalated to the right people. Another AI machine can detect phishing emails based on language used within the text and warn the user. A third example is a machine that can detect brand impersonation of Nestlé’s logo across other sites so they are aware of any trademark infringement or impersonations that could negatively impact the brand.

Nestlé has already developed 10 to 15 AI solutions within their security business. So far, these solutions have resulted in increased threat detection and better operational efficiency. This suggests there are massive opportunities to boost cyber resilience with AI. Nestlé found that in this domain, the focus should be on building software products that actually bring real ROI to the business. Finally, in order to push such solutions through the business, there will need to be clear alignment with the management team as well as constant communication across all stakeholders.

Fusion centres: Bringing efficiency and communication to cybersecurity teams

Ahold Delhaize shared the process they undertook with Booz Allen Hamilton to build their Cyber fusion roadmap which is a framework that outlines the process of integrating and coordinating cybersecurity operations across the organization. Cyber fusion is the unification of all security and related functions—such as orchestration/automation, data analysis, incident response, and threat intelligence—into one operational group in order to better integrate threat detection, management, and response processes, and facilitate security collaboration between people, teams, and devices. For example, the September 11th terrorist attacks in NYC could have been prevented if the right information had been uncovered in the data and shared. Therefore, governments are now creating fusion centres to anticipate and prevent major issues such as attacks on the country from occurring.

The same can be said about retail. The 2013 Target data breach where hackers stole credit card information from millions of customers also could have been prevented if they had a better grasp on their network security environment. These tragic and damaging instances have led to the importance of getting fusion centres implemented across every business type to be able to respond, escalate, and communicate during incidents.

Implementing a fusion centre takes a lot of planning and evaluation. In order for a fusion centre roadmap to be built out, there needs to be a complete understanding of who needs to do what and when. A very detailed blueprint of the fusion centre maps out the organization of people, processes, technology, and governance. Implementing the fusion centre typically takes 3 years to build out the core functions, enhance and expand the opportunities to other areas and to deploy proactive measures.

Each company's fusion centre will be unique but aims to make headcount more efficient while eliminating redundant work or gaps between silos. Transforming operations can be challenging, but convincing employees to abandon inefficient practices is crucial for success. Ultimately, fusion centres allow staff members to have more bandwidth for tasks they are passionate about but previously lacked time for.

Conclusion: Cybersecurity teams are transitioning from defense to offense

According to ENISA (European Union Agency for Cybersecurity), which was created to enhance the EU’s cybersecurity capabilities and assist member states in addressing cyber threat vulnerabilities, the Commerce and Retail sector faces major threats that are targeting monetization services. For example, such threats can impact booking and payment capabilities, which are key components of the core business.

Retail businesses are also being hit with data leakage, ransomware, and malware which can occur through website infections, skims or stolen payment card information, among other things. For example, in 2020, South Korean conglomerate and retail giant E-Land suffered a ransomware attack causing 23 of its retail stores to suspend operations while they dealt with the attack. As retail businesses rely more and more on technology, the opportunity for threats increases, but so do the opportunities for advancement.

Specifically, the cybersecurity space has been hit by major technological advancements thanks to progress made in AI and ML solutions that are bringing new challenges to businesses. As technology advances, so do the techniques and capabilities of attackers. But the ‘bad guys’ are not the only ones that are becoming more empowered, cybersecurity teams can now leverage advanced AI tools to be able to build machines that can anticipate future attacks and automate processes to better manage, categorize, and escalate the various threats.

As such technologies advance, the human side of the business remains key. Cyber-attacks can be prevented through the implementation of proper communication channels.  Therefore, fusion centres are being built out to create a unified security team that addresses gaps and removes redundancies, thus making each position more efficient and reactive.

Historically, cybersecurity teams have played defense – addressing threats and incidents as they occurred, and responses were based on past events. But now, thanks to generative AI and ML and efficient communication hubs, a company’s cybersecurity team is able to anticipate future issues in order to put out a flame rather than face a fire.

Credits: IADS (Mary Jane Shea)