Risky Business Risky Biz Soap Box: Why AI shouldn't really change your security controls
Jun 28, 2024
Abhishek Agrawal, CEO of Material Security, discusses the importance of securing cloud email data and the limitations of MFA. They explore the impact of AI on security controls, evolving email security solutions, and the challenges of implementing retention policies. The conversation highlights the necessity for robust detection technologies and extending security measures to cover entire productivity suites like Google Workspace and Microsoft 365.
AI Snips
Chapters
Transcript
Episode notes
Controls Should Be Attack-Method Agnostic
- Security controls should be agnostic to how attacks are generated, whether by AI or humans.
- If you can detect a single sophisticated attack, controls should scale to detect many automated copies.
Replace Codes With Phishing-Resistant MFA
- Move away from code-based MFA and adopt phishing-resistant methods like FIDO2 or passkeys.
- Expect attackers to shift to bypassing authentication, so implement layered controls beyond auth.
Detection-Only Is An Arms Race
- Relying solely on detection is an arms race that scales with attacker automation like Gen AI.
- Build controls beyond detection so defender posture isn't constantly chasing attacker tooling.