The Dynamic Influence Of AI On Business Cybersecurity

Uploaded on 2024-04-02 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

AI has advanced rapidly in recent years. From a commercial standpoint, we're now witnessing  the influence generative AI is having on businesses, both positive and negative. While ChatGPT and Bard have proven to be useful tools for developers, marketers, and consumers, they also run the danger of mistakenly disclosing sensitive and confidential information.

As a result, from a security standpoint, it is always advantageous to plan ahead of time and anticipate what can happen next.

"Interactive AI" is one of the most recent advances in AI technology, and Mustafa Suleyman, co-founder of DeepMind, described it as "a huge shift in what technology can do." To put it simply, interactive AI is more than just data analysis and user instructions in the form of prompts. When engaging with humans and other technological tools, it is far more sensitive and adaptable.

As we continue to explore this new area of AI, it is critical that we keep in mind the security dangers and implications it poses for companies. As cybersecurity professionals, it is our responsibility to maintain control over the technology and to establish clear guidelines and constraints on its capabilities.

Interactive AI can be used for activities like geolocation and navigation or speech-to-text applications, ushering in the next generation of chatbots and digital assistants. While generative AI tools can write code, conduct computations, and engage in human-like discussions, interactive AI can also produce new material.

What We Have Learned From The GenAI Phase

When considering the security implications of advancements in AI technology, such as interactive AI, we must first address existing concerns about generative AI models and LLMs. These include ethical considerations, political and ideological biases, unfiltered models, and offline functionality.

Specifically, ethical considerations allude to the necessity of avoiding LLMs engaging in unethical or inappropriate behaviour.

Developers have been able to construct restrictions and guardrails that ensure AI systems refuse requests for dangerous or immoral content by going through a process of 'instruction tuning' to fine-tune their models. As interactive AI develops and gains more autonomy than generative AI models, we must make certain that these policies and safeguards stay in place to prevent AI from interacting with harmful, objectionable, or unlawful information. 

Moreover, unfiltered AI chatbots have posed a huge security concern since they operate outside of the limits imposed by closed models such as ChatGPT. One distinguishing element of these models is their offline functionality, which makes usage tracking challenging. The lack of control should raise red flags for security professionals, as users may engage in illegal activities without discovery.

Businesses that want to engage with interactive AI must learn from these worries about the generative wave as they implement the technology’s next generation.

Best Practice For Business Security

As with any new technology, organisations must collaborate with IT and security teams, as well as their workers, to create strong security measures to manage the related risks. 

This might include the following as best practice:

Adopting a data-first strategy:   This approach, especially within a Zero Trust framework, prioritises data security within the business. By identifying and understanding how data is stored, used, and moves across an organisation, and controlling who has access to that data, it ensures security teams can quickly respond to threats such as unauthorised access to sensitive data.

Strict access controls:   With hybrid and distributed workforces, this is crucial to preventing unauthorised users from interacting with and exploiting AI systems. Alongside continuous monitoring and intelligence gathering, limiting access helps security teams identify and respond to potential security breaches in a prompt manner. This is a more effective approach than outright blocking tools, which can lead to a shadow IT risk and productivity losses.

Collaborating with AI:    On the opposite end of the scale, AI and machine learning can also play a significant role in enhancing business security and productivity. It can aid security teams by simplifying security processes and improving their effectiveness so they can focus their time where it’s most needed. For employees, adequate training around the safe and secure use of AI tools is a must, while also recognising the inevitability of human error.

Establishing clear ethical guidelines:   Organisations should outline clear rules for the use of AI within their business. This includes addressing any biases and ensuring they have built-in policies and guardrails to prevent AI systems from producing or engaging with harmful content. This is now an ongoing process as businesses have created corporate policies for AI tools, including those leveraging existing GPTs and proprietary AI tools. These policies govern usage and data protection. Large enterprises should look to fine-tune their own Large Language Models (LLMs), requiring expanded AI corporate policies and security policies to protect proprietary company data.

While interactive AI  represents a huge advancement, companies must exercise caution in this new territory.

AI is here to stay - that’s a fact. A more moral and responsible AI-powered future can be achieved by using the advantages of new developments in AI while reducing the danger of exploitation by putting best practices and strong security measures, such as embracing a data-first policy, into effect. 

Jason Kemmerer is Solutions Architect - Data Security and Insider Risk at Forcepoint

Image: Shubham Dhage

You Might Also Read:

AI As A Standalone Cybersecurity Solution:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Prioritising Prevention Is Better Than Paying Ransom
Data Compliance When Using MS Copilot »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

DXC Technology

DXC Technology

DXC Technology helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability.

Trinexia

Trinexia

Trinexia (formerly Credence Security) is a specialty Value-added Distributor of Cyber Security, Digital Forensics, Security Awareness, Data Security & Governance solutions.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

Nonprofit Cyber

Nonprofit Cyber

Nonprofit Cyber is a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.