When it comes to designing a cybersecurity strategy for your own company, it's worth looking at those who have a lot to lose.
One of Dario Amodei's few public appearances recently appeared as part of a podcast worth watching. Amodei is CEO and co-founder of Anthropic, one of the leading developers of so-called AI Foundation models, which recently made waves in the industry with Claude 2. It's fair to say that your company's cybersecurity plays a special role in your strategic decisions and has certainly caused you a sleepless night or two. This is hardly surprising considering the fact that the overwhelming majority of Anthropic's monetary value is located in their AI models. The geopolitical desires surrounding cutting-edge AI research also suggest that many nation states have an irresistible interest in its data and are trying to capture it with great effort. So far, however, without success. How can that be?
In the podcast in question, Amodei provides rare insights into Anthropic's cybersecurity strategy. Of course, he holds back from divulging specific details so as not to challenge or inspire attackers to put the security measures in place to the test. And yet one of his statements remains succinct in the minds of expert listeners: “One of our goals is to make it more expensive to attack Anthropic than to train your own AI model.” The fine art of implementing such a security mantra is to protect everyone to multiply the protective effect of the euro invested. Some techniques are particularly suitable as security multipliers.
Complete access control and 24/7 visibility
As already mentioned, Amodei is stingy with details, but cites an uncompromising compartmentalization of the valuable research results as the secret of success. Not everyone in the company needs to have access to everything or know all the company secrets. If only a handful of employees know the secret recipe, it is much easier to prevent a data leak than if every employee knows about it. The same logic can be applied to any company size and information asset. Only certain employees should have access to certain data - namely those who really need it for their day-to-day business. To ensure this, you should invest in a system that is specialized in the management and control of digital identities as the primary component of your cybersecurity
can monitor these in real time. This not only reduces unauthorized access within your own workforce, but also allows you to immediately identify malicious intruders and prevent them from making lateral movements in the company network.
If you combine these technical measures with regular employee training on IT security, you will close the overwhelming majority of the gateways most commonly used by hackers. What's left are the really hard nuts to crack, like exploiting zero-day exploits that only exist very rarely and for a short time. Alternatively, you can pull out all the stops and use highly complex social engineering techniques that usually only secret services are capable of or have the appropriate resources and time to prepare. If a CISO covers the cybersecurity basics with well-thought-out and widely effective security tools, an attack on your own company is made unprofitable. Every euro intelligently invested in cybersecurity costs the attacker many times more time and money to try to crack it. This prospect almost always forces them to give up their endeavor. And that has to be the goal. (Zac Warren, Chief Security Advisor EMEA at Tanium)
More at Tanium.com
About Tanium Tanium, the industry's only Converged Endpoint Management (XEM) provider, is leading the paradigm shift in traditional approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, compliance, security, and risk into a single platform. The Tanium platform provides comprehensive visibility across all devices, a unified set of controls, and a common taxonomy.
Matching articles on the topic