Ann Barron-DiCamillo: AI in Cybersecurity - Balancing Speed and Control

Generative AI (GenAI) is changing the cybersecurity landscape at a phenomenal pace, creating both new challenges and opportunities. As cyber attacks become increasingly sophisticated, preventing them requires information sharing. Ann Barron-DiCamillo, Managing Director and Global Head of Cyber Operations at Citi, talks about the difference between traditional attacks and AI-powered threats. Ann, also the current Chair of FS-ISAC's Board, discusses supply chain risks, the importance of information sharing and nurturing the cybersecurity talent pool.Notes from our Discussion with Ann(0:50) - GenAI in CybersecurityGenAI has helped accelerate time to market. The use of advanced technologies, especially in the financial sector, centers around acceleration. On the cybersecurity front, the opportunities are reversed. With acceleration, there’s a growing need to ensure we are not bypassing validation or losing control. There’s also the need to differentiate between traditional malware and AI-powered threats. ChatGPT has resulted in the merger between security tool capability and business logic, allowing security teams to reverse engineer the use of AI to find vulnerabilities quicker. (4:51) - Threat Actors Using AI95% of breaches begin with a phishing email and threat actors are adopting highly sophisticated phishing techniques. The emails no longer have obvious errors, making detection harder and they are combined with more sophisticated payload links. The threat actors pivot so quickly that your controls are unable to catch up before they move on to other things.(6:18) - Threat Vectors in FocusGeopolitical factors have infiltrated cybersecurity and hacktivists have become a key attack group. (8:10) – Recommendations for Firms with Less Sophisticated Defense Join and engage in a community like FS-ISAC. Information sharing helps institutions with less investment dollars get up to speed with the latest developments. It helps to close the gap between more sophisticated organizations and ones that are still evolving. (10:13) – Supply Chain RisksThe Cyber Risk Institute (CRI) Profile incorporates the NIST Framework for considering third-party partners. It’s important to have a framework to evaluate third-party providers and elevate their security depending on their criticality to an organization’s operations. It helps if you are sharing information in a community like FS-ISAC because partners, stakeholders and vendors can have open discussions. (14:39) – Bringing Partners on Board with CybersecurityOrganizations like Citi must lead by example. There is the need for partners to provide visibility into the state of their network, security practices and control, without violating privacy or creating additional vulnerabilities. Vendors need to be part of the conversation because they have a lot of information. The partnership must be furthered to enhance awareness. (20:27) – Stress and Burnout Among Senior ExecutivesOrganizations must collectively think about how to empower delegation and build teams that can share the load. This helps senior executives have a better work-life balance. Leveraging a hybrid model can also keep senior talent in the industry longer.(22:44) – Advice to Talent Aspiring for Senior PositionsIt’s important to vocalize that you need work-life balance. This also empowers others to create space for their families while pursuing a stressful career. People can also attend events and create a network. It’s a great way to create opportunities for yourself. Embrace ambition.(25:51) – Where is The Community Heading?While communities may have a regional component, it does not mean they will not benefit from a global perspective, especially because cyber has no borders. FS-ISAC has created such communities and is well positioned to be a great source of information.