The Dynamic Influence Of AI On Business Cybersecurity

Uploaded on 2024-04-02 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

AI has advanced rapidly in recent years. From a commercial standpoint, we're now witnessing  the influence generative AI is having on businesses, both positive and negative. While ChatGPT and Bard have proven to be useful tools for developers, marketers, and consumers, they also run the danger of mistakenly disclosing sensitive and confidential information.

As a result, from a security standpoint, it is always advantageous to plan ahead of time and anticipate what can happen next.

"Interactive AI" is one of the most recent advances in AI technology, and Mustafa Suleyman, co-founder of DeepMind, described it as "a huge shift in what technology can do." To put it simply, interactive AI is more than just data analysis and user instructions in the form of prompts. When engaging with humans and other technological tools, it is far more sensitive and adaptable.

As we continue to explore this new area of AI, it is critical that we keep in mind the security dangers and implications it poses for companies. As cybersecurity professionals, it is our responsibility to maintain control over the technology and to establish clear guidelines and constraints on its capabilities.

Interactive AI can be used for activities like geolocation and navigation or speech-to-text applications, ushering in the next generation of chatbots and digital assistants. While generative AI tools can write code, conduct computations, and engage in human-like discussions, interactive AI can also produce new material.

What We Have Learned From The GenAI Phase

When considering the security implications of advancements in AI technology, such as interactive AI, we must first address existing concerns about generative AI models and LLMs. These include ethical considerations, political and ideological biases, unfiltered models, and offline functionality.

Specifically, ethical considerations allude to the necessity of avoiding LLMs engaging in unethical or inappropriate behaviour.

Developers have been able to construct restrictions and guardrails that ensure AI systems refuse requests for dangerous or immoral content by going through a process of 'instruction tuning' to fine-tune their models. As interactive AI develops and gains more autonomy than generative AI models, we must make certain that these policies and safeguards stay in place to prevent AI from interacting with harmful, objectionable, or unlawful information. 

Moreover, unfiltered AI chatbots have posed a huge security concern since they operate outside of the limits imposed by closed models such as ChatGPT. One distinguishing element of these models is their offline functionality, which makes usage tracking challenging. The lack of control should raise red flags for security professionals, as users may engage in illegal activities without discovery.

Businesses that want to engage with interactive AI must learn from these worries about the generative wave as they implement the technology’s next generation.

Best Practice For Business Security

As with any new technology, organisations must collaborate with IT and security teams, as well as their workers, to create strong security measures to manage the related risks. 

This might include the following as best practice:

Adopting a data-first strategy:   This approach, especially within a Zero Trust framework, prioritises data security within the business. By identifying and understanding how data is stored, used, and moves across an organisation, and controlling who has access to that data, it ensures security teams can quickly respond to threats such as unauthorised access to sensitive data.

Strict access controls:   With hybrid and distributed workforces, this is crucial to preventing unauthorised users from interacting with and exploiting AI systems. Alongside continuous monitoring and intelligence gathering, limiting access helps security teams identify and respond to potential security breaches in a prompt manner. This is a more effective approach than outright blocking tools, which can lead to a shadow IT risk and productivity losses.

Collaborating with AI:    On the opposite end of the scale, AI and machine learning can also play a significant role in enhancing business security and productivity. It can aid security teams by simplifying security processes and improving their effectiveness so they can focus their time where it’s most needed. For employees, adequate training around the safe and secure use of AI tools is a must, while also recognising the inevitability of human error.

Establishing clear ethical guidelines:   Organisations should outline clear rules for the use of AI within their business. This includes addressing any biases and ensuring they have built-in policies and guardrails to prevent AI systems from producing or engaging with harmful content. This is now an ongoing process as businesses have created corporate policies for AI tools, including those leveraging existing GPTs and proprietary AI tools. These policies govern usage and data protection. Large enterprises should look to fine-tune their own Large Language Models (LLMs), requiring expanded AI corporate policies and security policies to protect proprietary company data.

While interactive AI  represents a huge advancement, companies must exercise caution in this new territory.

AI is here to stay - that’s a fact. A more moral and responsible AI-powered future can be achieved by using the advantages of new developments in AI while reducing the danger of exploitation by putting best practices and strong security measures, such as embracing a data-first policy, into effect. 

Jason Kemmerer is Solutions Architect - Data Security and Insider Risk at Forcepoint

Image: Shubham Dhage

You Might Also Read:

AI As A Standalone Cybersecurity Solution:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Prioritising Prevention Is Better Than Paying Ransom
Data Compliance When Using MS Copilot »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

CYBERSEC Forum

CYBERSEC Forum

CYBERSEC Forum is an annual European Public Policy Conference dedicated to strategic aspects of cybersecurity.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

CY4GATE

CY4GATE

CY4GATE was conceived to design, develop and produce technologies and products that are able to meet the most stringent and modern requirements of Cyber Intelligence & Cyber Security.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.